GSM Numbers

GSM Numbers
International mobile station equipment identity (IMEI). IMEI= TAC + FAC + SNR + SP TAC = Type Approval Code, 6 decimals FAC = Final Assembly Code, 6 decimals, assigned by manufacturer SNR = Serial Number, 6 decimals, assigned by manufacturer SP = Spare, 1 decimal place EIR has white, black and optionally grey list

GSM Numbers
International mobile Subscriber Identity (IMSI). Stored on the SIM (Subscriber Identity Module) card. IMSI is obtained at the time of subscription. IMSI is not made public. IMSI = MCC + MNC + MSIN MCC = Mobile Country Code, 3 decimals MNC = Mobile Network Code, 2 decimals MSIN = Mobile Subscriber Identification Number, maximum 10 decimal digits

GSM Numbers
Mobile Station ISDN number (MSISDN), is the real phone number of the subscriber. Stored in HLR and on SIM card MSISDN = CC + NDC + SN CC = Country Code, up to 3 decimals NDC = National Destination Code, typically 2-3 decimals SN = Subscriber Number, maximum 10 decimals. Mobile Station Roaming Number (MSRN), same format as MSISDN. A temporary location dependent ISDN number. Is assigned in two cases, at registration or at call set up.

GSM Numbers
Location Area Identity (LAI). Regularly sent on BCCH LAI = CC + MNC + LAC LAC = Location Area Code, max 5 decimals (<FFFFhex) Temporary Mobile Subscriber Identity (TMSI). Stored only in the VLR and SIM card. Consists of 4*8 bits excluding value FFFF FFFFhex TMSI has only local meaning and can be defined according to operators specifications. LAI + TMSI uniquely identifies the user, i.e. IMSI is no longer needed for ongoing communication

GSM Network Service Areas

SA5 LA2
BTS BTS BTS BSC BSC BTS BTS BTS

LA3 SA4
BTS BTS BTS BSC

LA1

MSC/ VLR-1
BSC

BTS BTS BTS

SA1 SA2

SA3

SA1 (MSC/VLR-1) = LA1+LA2+LA3 LA: Location Area SA: Service Area Cell < LA < SA

GSM Numbers
Local Mobile Subscriber Identity (LMSI). Created in VLR and stored in HLR. Like TMSI is operator defined. Used in communication with VLR to speed the search for mobile records. Speed is essential to achieve short call setup times.

GSM Numbers
Global Cell Id = LAI + CI CI = Cell id, unique id within the LAI. Maximum 2*8 bits Base Transceiver Station Identity Code (BSIC) = NCC + BCC BSIC is broadcast periodically by the base station on the synchronization channel. NCC = Network Color Code, 3 bits BCC = Base Station Color Code, 3 bits

GSM Roaming From Another PLMN

VLR registers users roaming in its area Recognizes mobile station is from another PLMN If roaming is allowed, VLR finds the mobiles HLR in its home PLMN VLR constructs a global title from IMSI to allow signaling from VLR to mobiles HLR via public telephone network

GSM Roaming From Another PLMN

VLR registers users roaming in its area VLR generates a mobile subscriber roaming number (MSRN) used to route incoming calls to mobile station MSRN is sent to mobiles HLR

GSM Roaming From Another PLMN VLR contains

MSRN TMSI Location area where mobile station has registered Info for supplementary services (if any) IMSI HLR or global title Local identity for mobile station (if any)

Call from mobile unit

Call from mobile unit Subscriber unit transmits an origination message on the RCC Origination message contains
- MIN - Electronic Serial Number - Station Class Mark - Destination phone number

If BTS receives it correctly then it is passed on to MSC MSC validates the information and connects the call

Station Class Mark

Station Class Mark

8 0 7 6 5 4 3 2 1 Bit Byte 1 Byte 2 Byte3 Byte 3bis 0 Byte N to 14

Mobile station classmark Length of mobile station classmark contents

Band Band Band A5/7 A5/6 A5/5 3 2 1 Cipher algorithm Associated radio capability 1

A5/4

Associated radio capability 2 0 Spare 0 0

Station Class Mark

GSM D 900 Power Class 1 2 PL2 3 PL3 4 PL4 5 PL5 GSM D 1800 Power Class 1 PL0 2 PL3 3 PL29 Max. Power Level 30 dBm 24 dBm 36 dBm Max. Output Power 1W 250 mW 4W Max. Power Level 39 dBm 37 dBm 33 dBm 29 dBm Max. Output Power 8W 5W 2W 800 mW

GSM Security
3 Security Problems: unauthorized access, privacy from eavesdropping, protection of subscriber identity/location Unauthorized (fraudulent) access GSM handsets must be presented with a subscriber identity module (SIM) SIM must be validated identification number (PIN) with personal

GSM Security

Unauthorized (fraudulent) access SIM also stores subscriber authentication key, authentication algorithm, cipher key generation algorithm, encryption algorithm During registration (when roaming), mobile station receives challenge and uses authentication key and authentication algorithm to generate challenge response to verify users identity

GSM Security

Privacy from eavesdropping Temporary encryption key is used for privacy of data, signaling, and voice Info is encrypted before transmission

GSM Security
Anonymity of users Supported by temporary subscriber ID (TMSI) mobile

When registered, mobile station sends globally-unique international mobile subscriber ID (IMSI) to network Network assigns TMSI for use during call - IMSI is not sent over radio link

GSM Security

Anonymity of users Only network and mobile station know true identity New TMSI is assigned when roaming into new area