Impairments caused by multipath fading on reliability of received signal propagation

The multipath fading is variation of the attenuation of a signal with various variables. These vari-
ables include time, geographical position and radio frequency. In wireless systems, fading may either
be due to multipath propagation, referred to as multipath-induced fading, weather (for example is
raining), or shadowing from obstacles affecting the wave propagation, and also diffraction, scattering
and reflection. Due to these “problems”, the receiver could receive multiple copies of the transmitted
signal, each traversing a different path. Each signal copy will experience differences in attenuation
and delay while travelling from the transmitter to the receiver.This can result in either constructive
or destructive interference, amplifying or attenuating the signal power seen at the receiver.

What is the tail energy effect? How can it be reduced?

The tail energy is the energy wasted in high-power states after the completion of a typical transfer.
We can reduce the tail energy through the TailEnder, that is an energy efficient protocol for schedul-
ing data transfers. This protocol considers two classes of applications: the first one are delay-tolerant
applications such as email and RSS feeds, and the second one are applications such as web search
and web browsing that can benefit from aggressive prefetching. In GSM, the TailEnder schedules
outgoing transfers so as to minimize the overall time spent in high energy states after completing
transfers, while respecting user-specified delay-tolerance deadlines. For applications that can benefit
from prefetching, TailEnder determines what data to prefetch so as to minimize the overall energy
consumed.

What does cross factor refer to? How does it change the energy model? Comment how
introduction of cross factor in the energy model can affect design of wireless system.
The cross-factor is a substantial fraction of energy consumption that may be ascribed to each
individual frame while it crosses the protocol/implementation stack. In some radio settings the
cross-factor may become the dominant source of energy consumption, and it is primarily associated
to the frame processing itself, rather than to the amount of bytes handled. So, in the energy
model we have that the power consumed by a device consists of the following components: the
idle consumption ρid , the cross-factor, Pxg , the power required to transmit them Ptx , the power
consumed in retransmissions Pretx , the power spent in receiving frames Prx , and the power spent
oon sending and receiving ACK frames Prx,Ack and Ptx,Ack :

P = ρid + Pxg + Pretx + Prx + Pxr + Prx,Ack + Ptx,Ack

Task of BTS and BSC in cell system (2G) and which is the role of the two entities.
A base station is done by two logical components: BTS, that is the base transceiver station (arrays
of transceiver) and BSC that is the base station controller. The main task of BTS is to provide
radio coverage on the cell and the BSC monitors and manages groups of BTS. The BSC tells to
the BTS when initiate a call or perform an handover and reserves/release radio channels. The BTS
transmits and receives signals from MS and does frequency hopping and encryption, it performs
quality measurement of physical channels and send them to BSC, who will decide whether perform
an handover or not and the BTS has also the task to locate users using paging messages. The BSC
has to configure each cell in terms of traffic control and control channels, manages handovers, the
paging messages and performs analysis on quality measurements of BTS and MS.

With reference to cell system 2G, explain RACH and AGCH logic channels. Are they
type of logical channels? Are these channels shared among users? How are these
mapped to the physical channel? What is the burst (packet format) used to transmit

1
information over these channels?
The RACH is the Random Access Channel and the AGCH is the Access Grant Channel. They are
common control channels and they multiplex information flows which refers to different users over
the same logical channels. The AGCH is a downlink channel while the RACH is an uplink channel
and it is subjected to collision and for this reason it uses the slotted-ALOHA protocol. The burst
used to transmit information is the access burst packet. It is used by the MS when it is not yet
registered and it is requesting access (asynchronously) to the network. The structure of this burst
is the following: 0 − 2 bits are “tail bits”, 8 − 48 bits is a synchronization sequence, 49 − 84 bits
are encrypting and contain information, 85 − 87 bits are “tail bits”, 88 − 156, 25 bits are “guard
time”. They are channels shared among users. The transmission over these channels is done by using
multiframes: each slot of a frame is reserved to signaling and every x frames the same allocation
will be replicated.

How data rate has been increasing moving from GSM to GPRS?
We had the need to transfer not only voice over the network, but also data. So we added packet
switching systems to perform this transfer and consequently the data rates and data encoding had
to increase. About the data rates, they enhanced through improvements of physical layer and
allocation of multiple slot to the same MS. Improvements on the radio interface have increased the
MS achievable data rate without changing the mobile cellular system architecture. In particular,
EDGE is a radio access technology with: 3/8 shifted 8PSK modulation (not GMSK modulation), we
achieve a gross data rate of 59,2 Kbit/s and we have some features like: carrier bandwidth 200kHz,
timeslots per frame: 8, radio interface symbol rate 270ksymbols/s (vs 270kbits/s in GSM), normal
burst 384 payload bits (in GSM 116). In addition, a dynamic selection of channel is implemented,
which is based on the SNR (signal to noise ratio) of the radio channel

How can you express received power as a function of distance from transmitter in free
space?
The formula to express the received power is:
λ 2 1
Pr = PT ∗ gT ∗ gR ∗ ( ) ∗
4πd L
where PT is the transmitter radiated power, gT and gR are the gains of transmitter and receiver
antennas,λ is the wavelength and d is the distance between the transmitter and the receiver. The
parameter L accounts for hardware losses.

Discuss what we mean with delay spread and how does it affect wireless communication
performance.
We incur in delay spread when we are facing with the multipath fading. In this case, the signal
is received in spread over the time, so different delays experienced by the different signal repli-
cas. The impact of this delay spread can be quantified by computing the root mean square (RMS
Delay Spread). It can cause, for example, collisions between the different signals (interference be-
tween users, increasing the burst collision probability). The delay spread affects the Inter Symbol
Interference (ISI).

Which are the advantages and drawback of decreasing the cell size in a cellular system?
In very populated areas, to be very efficient, there are a lot of small cells so the traffic capacity is
stable. Larger cells must be used to coverage large but low-density areas. Many cell concentrated

2
in a small area are an advantage because in this way the same frequency can be used by many
users without interfering with each others. Small cells are also faster to deploy and easy to operate.
They are also cheaper than conventional Base Stations and they make best use of the available
frequency spectrum by re-using same frequencies within geographical area and also consume low
power compare to conventional BSs. About the drawbacks, they serve shorter coverage range, they
handle fewer simultaneous sessions of voice/data calls and internet browsing,

Why cellular systems allocate the lower frequency band for uplink communication?
Because a mobile station cannot afford to transmit at high power, it must transmit on a lower
frequency as a lower frequency presents less free space path loss. In this way, the MS can also save
power consumption.

Explain what we mean with timing advance, why it is needed and how it is implemented
in GSM network.
The timing advance, in GSM network, is a value that corresponds to the length of time a signal
takes to reach the base station from a mobile phone. Timing Advance is significant for privacy
and communications security, as its combination with other variables can allow GSM localization to
find the device’s position and track the mobile phone user. Timing advance is also used to adjust
transmission power in space-division multiple access systems. GSM uses TDMA technology to share
a single frequency between several users. Each user transmits periodically for less than one-eighth
of the time within one of the eight timeslots. Since the users are at various distances from the base
station and radio waves travel at the finite speed of light, the precise arrival-time within the slot
can be used by the base station to determine the distance to the mobile phone. The time at which
the phone is allowed to transmit a burst of traffic within a timeslot must be adjusted accordingly to
prevent collisions with adjacent users. Timing Advance is the variable controlling this adjustment.

Describe what are the subsystems in the GSM architecture, what is their role, the
network involved in each of them and for each of such network elements describe the
information they maintain, the task they perform, the other network elements they are
interfaced/interconnected to.
In the GSM architecture, in general, we have a device (mobile equipment, ME) from which we
access the service. This ME plus SIM is the user equipment (UE). Then, we have an access network
that allows to access the service and the core network (like routers). Then we have the external
network (telephone network or internet). The access network is called also base station subsystem
which interface the mobile users with the cellular system operator network. This base station will
provide the wireless access to the mobile users. The base station is done by 2 logical components: the
BTS and the BSC. The core network is made by many components that form the network switching
subsystem. Switching because it is made of mobile switching centers that are really kind of relaying
the information in the network until the GMSC (gateway mobile station controller) which is the
connection with the external network. It is made also of databases: VLR (visitor location register)
will provide information about users that are resident in some of the cells controlled by a specific
MSC, HLR (home location register) will maintain information of all cellular users that had contact
with this cellular system operator, the Authentication Center (for the authentication and encryption
in GSM) and also the Equipment Identity Register (EIR) that will maintain some information that
are able to check if the ME that we use to access the services is a good one. We have also an OMSS
(operation and maintenance subsystem) that will monitor the whole system.

3
How is security enforced (authentication, encryption) in GSM?
The GSM network authenticates the identity of the client through the use of a challenge-response
mechanism. A 128-bit Random Number (RAND) is sent to the MS. The MS computes the 32-bit
Signed Response (SRES) based on the encryption of the RAND with the authentication algorithm
(A3) using the individual subscriber authentication key (Ki ). Upon receiving the SRES from the
client, the GSM network repeats the calculation to verify the identity of the client. The subscriber
key (Ki ) is never sent over the radio channel, as it is present in the SIM, as well as the AuC,
HLR and VLR databases. If the received SRES agrees with the calculated value, the MS has
been successfully authenticated and may continue otherwise the connection is terminated and an
authentication failure is indicated to MS. In the SIM there is, also, the ciphering key generating
algorithm (A8) that is used to produce the 64-bit ciphering key (Kc ). This key is computed by
applying the same random number used in the auth process to ciphering key generating algorithm
with the individual subscriber authentication key (Ki ). In addition, the ciphering key may be
changed at regular intervals as required. Encrypted voice and data communications between the MS
and the network is accomplished by using the ciphering algorithm A5. Encrypted communication
is initiated by a ciphering mode request command from the GSM network. Upon receipt of this
command, the mobile station begins encryption and decryption of data using the ciphering algorithm
and the ciphering key.

Explain how an authentication is performed in 2G cellular systems (draw a scheme,

labelling network elements and protocols involved, clarifying messages exchanged and
steps performed at the involved network elements)

A 128-bit Random Number (RAND) is sent to the MS. The MS computes the 32-bit Signed Response
(SRES) based on the encryption of the RAND with the authentication algorithm (A3) using the
individual subscriber authentication key (Ki ). Upon receiving the SRES from the client, the GSM
network repeats the calculation to verify the identity of the client. The subscriber key (Ki ) is never
sent over the radio channel, as it is present in the SIM, as well as the AuC, HLR and VLR databases.
If the received SRES agrees with the calculated value, the MS has been successfully authenticated
and may continue otherwise the connection is terminated and an authentication failure is indicated
to MS. The IMSI is the International Mobile Subscriber Identity that uniquely identifies the user in
the network.

4
What is the physical and MAC layer technology used in 3G systems? What is their
key feature?
Physical layer: we have the UTRAN (UMTS Terrestrial Radio Access Network) that represents
the set of NodeB and RNC (Radio Network Controller). It includes algorithms for power control,
handover, packet scheduling, call admission control and load control. It does also the encryption of
the radio channel, it also manages the congestion control to handle situations of network overload.
We have also the macrodiversity that allows us to send the same data over different physical channels.
MAC Layer: we have the CDMA, code division multiple access. All users share same frequency, but
each user has own “chipping” sequence to encode data. The encoded signal will be given in this way:
encoded signal = (original data) * (chipping sequence). The decoding will be the inner-product of
encoded signal and chipping sequence. In addition to this, CDMA allows multiple users to coexist
and transmit simultaneously with minimal interference, if codes are orthogonal.

List the common control channel used in 2G systems, with one line each explaining for
which reason they are used.
We have three common control channels and they carry information for initiating a connection
and these channels are share among users. They are: PCH (Paging Channel), RACH (Random
Access Channel) and AGCH (Access Grant Channel). PCH and AGCH are downlink channels,
while RACH is an uplink channel. The PCH is used by the BTS to notify an incoming call to a MS,
broadcasted over a LA (location area); the AGCH carries reply to RACH requests; RACH is used
by a MS to request access to the network and it is subject to collisions.

Provide a few example of energy efficient techniques to adopt at the MAC layer
At the MAC layer we have some energy efficient techniques: awake/asleep schedule where nodes
alternate between high energy consuming states in which the transceiver is ON and packets can
be transmitted/received and states in which the transceiver is OFF, packets cannot be received or
transmitted but the energy consumption is much lower. The nodes that are not involved in commu-
nication should go to sleep till current information exchange completes, nodes should also minimize
collisions. We can perform also header compression and limit control information exchanged, aggre-
gate redundant information in order to reduce transmission energy.

Explain when an handover is triggered, the different types of handover, which elements
are involved, and which is the information flow and which are the messages exchanged
to implement the handover in 2G.
During a call, the MS and network have to do operations that may involve an exchange of signaling
messages. So, each traffic channel (TCH) has two control logic channel: SACCH (slow associated
control channel) and FACCH (fast associated control channel). All this is necessary as the MS,
moving while a call is in progress, can pass from one cell to another cell. This “passage” is called
handover. We have different types of handover: intra-cell handover, handover between two BTS
under the same BSC and so internal to a BSS (Base Station Subsystem), handover between BTS
under different BSCs but under the same MSC/VLR, and a last type of handover that is between
BTS under BSCs controlled by different MSC/VLR.
Intra-cell handover: in this case we have a change of the traffic channel, but not in the BTS. This
may be necessary when the traffic channel used has a low quality, while the reception level is suffi-
cient, but there is no other BTS that can better serve the MS.
Handover between cells under the same BSC: in this case the handover is under the total and ex-
clusive control of the BSC. The MSC/VLR are simply informed that the handover has taken place.

5
The BSC decides a handover, identifying the BTS and the traffic channel that can best serve the
MS, then the BSC initialize a connection with the new BTS and reserve the traffic channel that is
chosen for the handover, then the BSC instructs the MS to tune to the new frequency and the new
TCH (over the FACCH). At this point the MS changes the traffic channel, the BSC drops the old
connection and informs the MSC/VLR about the handover.
Handover between BTS under different BSCs on the same MSC/VLR: the old BSC decides a han-
dover, identifying the BTS and the traffic channel for the MS. The old BSC requests the intervention
of the MSC/VLR as the chosen BTS is controlled by another BSC. The MSC/VLR prepares a con-
nection with the new BSC that forward (the connection) to the BTS (where is also reserved the
TCH). On the FACCH the MS is ordered to move to the new channel and thus tunes to the new
TCH. At the same time the MSC / VLR switches the connection, routing the call to the new BSC.
After the handover, the MS must receive new information about adjacent cells (SACCH). Further-
more, if the change of cell also involved a change of Location Area, a location updating must also
take place.
Handover between BTS under BSCs controlled by different MSC/VLRs (Inter-MSC Handover):
this is the more complex case. The old BSC decides to carry out the handover to the BTS of a
cell belonging to another MSC/VLR service area. The old BSC forwards the request to its VLR
that request to do the handover to the new VLR. The new VLR allocates a handover number and
provides it to the old VLR. Subsequently the new VLR prepares a connection to the new BSC and
the new BTS. The old VLR sends on the FACCH an handover command to the MS which tunes to
the new frequency. After the handover the MS must receive new information on the adjacent cells
and the handover certainly requires a location updating.

What is multi-path fading? Can you explain the communication impairments multi-
path fading can cause?
The multipath fading is variation of the attenuation of a signal with various variables. These vari-
ables include time, geographical position and radio frequency. In wireless systems, fading may either
be due to multipath propagation, referred to as multipath-induced fading, weather (for example is
raining), or shadowing from obstacles affecting the wave propagation, and also diffraction, scattering
and reflection. Due to these “problems”, the receiver could receive multiple copies of the transmitted
signal, each traversing a different path. Each signal copy will experience differences in attenuation
and delay while travelling from the transmitter to the receiver.This can result in either constructive
or destructive interference, amplifying or attenuating the signal power seen at the receiver.

Describe what is the virtual carrier sensing scheme in CSMA/CA and explain how it
works (with a drawing). Why is it used (explain the advantage it can bring). Provide
examples of technologies we have seen for IoT that use CSMA/CA.

6
 Virtual carrier sense is a mechanism to predict future traffic in wireless networks that uses carrier
sense multiple access with collision avoidance (CSMA/CA). It is implemented in wireless network
protocols and operates in the MAC layer. A timer mechanism is used that is based upon information
of durations of previous frame transmission in order to predict future traffic in the channel. It uses
network allocation vector (NAV), which can be considered as a counter that counts down to zero.
The maximum NAV duration is the transmission time required by frame, which is the time for
which the channel will be busy. At the start of transmission of a frame, the NAV value is set to its
maximum. A non-zero value indicates that the channel is busy, and so no station contends for it.
When the NAV value decrements to 0, it indicates that the channel is free and the other stations
can contend for it. So, the transmitting station waits for a time equal to a distributed inter-frame
space (DIFS) and issues a request to send (RTS) if the channel is clear. After sending RTS, a NAV
is initialized. The receiving station waits for a shrt inter-frame space (SIFS) and issues a clear to
send (CTS). With the CTS, a NAV is initialized. The sender waits for a SIFS and transmits its
data frame. On receiving the data frame, the receiver waits for a SIFS and sends an ACK. Both the
NAV values decrements to 0 during this time period. The stations wait for a SIFS and a backoff
period before contending the channel.

Discuss the different techniques that you can exploit to save power when communicat-
ing over a low power wireless system.
The energy consumption has two components: computing (data processing, data fusion and ag-
gregation, protocol operations), communications (wireless transceiver consumes energy either to
transmit/receive data and control packets, or when it is idle, ready to receive). We need a trade-off
between this two components. At physical layer: we can significantly decrease overall energy con-
sumption in case of long range communication by applying power control (minimizing transmission
energy). Wireless technologies can dynamically change the modulation scheme used over time. Use
of high data rate modulations reduce the time needed to transmit packets, thus the associated trans-
mission energy consumption. Hardware optimization also. Wireless transceiver should be switched
to a low power “sleep state” (where it cannot receive/transmit packets but the energy consumption
is orders of magnitude lower) whenever a packet not addressed to the node or whenever information
exchanged during an handshake make the node aware that the channel will be busy for the next
future for transmitting packets not addressed to it. The transceiver should switch to low power
mode for the whole time interval when it knows it will not be involved in communications.

7
What are the tasks of MSC, VLR, HLR in a cellular systems and which is the different
role of these entities?
MSC is a switching element which additionally performs mobility management. It is normally
associated with a VLR that stores data of those users currently located under its area. It can
perform the GMSC. It is a mobile switching center that connect the core network with the external
network. The VLR is a database (Visitor Location Register) and contains important data for serving
the MS currently under the jurisdiction of the MSC to which the VLR is associated. In this case
the IMSI is mapped on a TMSI (Temporary Mobile Subscriber Identity) to avoid transmitting the
IMSI in clear and protect the user from intrusions. The HLR is another database (Home Location
Register). It is a permanent database uniquely associate to a GMSC. It stores information about all
MS whose default location is at the consider GMSC. HLR stores permanent information such as the
IMSI, the identifier of SIM card and its associated authentication key. The main task are managing
localization, sending routing information to the GMSC, registration/cancellation and de/activation
of additional services.

With reference to 2G cellular systems please explain: which information are transmit-
ted over the TCCH and SACCH logical channels, which is the type of these logical
channels (to which class of logical channels they belong), are these channels shared
among users (and if yes how is access by multiple users managed), how are these chan-
nels mapped to physical channels, what is the burst (packet format) used to transmit
information over these channels.
The traffic channels are those that carry both the coded voice and any data. There are two types
of traffic channel: Full rate traffic channel (22,8kbit/s) and Half rate traffic channel (11,4kbit/s).
The half rate traffic channels are multiplexed in two by two in the same time interval but in al-
ternating frames. The SACCH is a dedicated control channel and they carry signaling information
specific for a single connection. The SACCH is bidirectional and it is multiplexed with user traffic.
We refer to the normal burst that transports information and traffic.

Explain how network architecture has changed when moving from 2G to GPRS to 3G,
4G and 5G systems.
From 2G to GPRS we added nodes to support packet switching data communication. GSN (GPRS
Support node) are IP routers supporting mobility management: SGSN (Serving GPRS support
note) route IP packets from/to a set of MS under their area. GGSN (Gateway GPRS Support
Node) interfaces the cellular network with external packet data networks. SGSNs and GGSN are
interconnected through an IP backbone. At the BSC level is added a PCU (Packet Control Unit) to
manage data transmission over the radio links. Now we have 3G. In this case we want also full support
of a variety of services and of multimedia applications: different classes of traffic, heterogeneous QoS
demands and QoS support. In 3G we have an hierarchical organization: macrocell, microcell and
picocell. The bandwidth, for the 3G, is: 1885-2025Mhz and 2110-220Mhz (155Mhz for terrestrial
and 75Mhz for satellite networks). In the architecture there is the UTRAN (UMTS Terrestrial
Radio Access Network) that controls cell capacity and interference in order to provide an optimal
utilization of the wireless interface resources. It includes algorithms for power control, handover,
packet scheduling, call admission control and load control. It does also the encryption of the radio
channel, it also manages the congestion control to handle situations of network overload. In 4G
we have several requirements: we have to operate in a wide range of frequency bands and sizes of
spectrum allocations, fast connection, increased peak rate. In 4G architecture we have three main
components: the user equipment (UE), the evolved UMTS and the evolved packet core (EPC). In
the E-UMTS we have the HSS (Home Subscriber SServer), P-GW (ip address allocation to UE+

8
QoS enforcement in downlink+interworking with non 3GPP technologies, S-GW transports the IP
data traffice between UE and the external networks and MME (mobility management entity) that
refers to the connection set up including paging within a tracking area. LTE is based on OFDMA.

According to Friis equation how does the received power depend on transmission power
and traversed distance?
The formula to express the received power is:
λ 2 1
Pr = PT ∗ gT ∗ gR ∗ ( ) ∗
4πd L
where PT is the transmitter radiated power, gT and gR are the gains of transmitter and receiver
antennas,λ is the wavelength and d is the distance between the transmitter and the receiver. The
parameter L accounts for hardware losses.

Describe how authentication is performed in GSM (AuC).

The GSM network authenticates the identity of the client through the use of a challenge-response
mechanism. A 128-bit Random Number (RAND) is sent to the MS. The MS computes the 32-bit
Signed Response (SRES) based on the encryption of the RAND with the authentication algorithm
(A3) using the individual subscriber authentication key (Ki ). Upon receiving the SRES from the
client, the GSM network repeats the calculation to verify the identity of the client. The subscriber
key (Ki ) is never sent over the radio channel, as it is present in the SIM, as well as the AuC, HLR and
VLR databases. If the received SRES agrees with the calculated value, the MS has been successfully
authenticated and may continue otherwise the connection is terminated and an authentication failure
is indicated to MS.

Which are the common control channels in GSM and what roles they serve?
We have three common control channels and they carry information for initiating a connection
and these channels are share among users. They are: PCH (Paging Channel), RACH (Random
Access Channel) and AGCH (Access Grant Channel). PCH and AGCH are downlink channels,
while RACH is an uplink channel. The PCH is used by the BTS to notify an incoming call to a MS,
broadcasted over a LA (location area); the AGCH carries reply to RACH requests; RACH is used
by a MS to request access to the network and it is subject to collisions.