Wednesday, October 29, 2014

GPRS EDGE 3G HSPA HSPA+ LTE

We often get different kinds of indicators in the status bar (on top) when you browse data through your mobile internet. I listed down the different possible types of indicators.

Starting from first-born to recent trending service 

GSM 
  • Global System for Mobile Communications
  • 1G, first generation of mobiles
  • Primarily used for voice but can be used for accessing internet via GPRS
  • Majority of networks work on 900 MHz and 1800 MHz 

G


  • Network Type – GPRS (General Packet Radio Service)
  • 2G, second generation of mobiles
  • We can get maximum speed of 160 Kbps
  • It is slow but doesn't consume much of battery

E


  • Network Type – EDGE (Enhanced Data Rates for GSM Evolution)
  • It is developed based on GPRS (coding schemes are changed i.e., CS1 to CS4 = MCS1 to MCS9) but it was not famous due to the modulation scheme that was used (8-PSK instead of GMSK) 
  • We can get maximum speed of 473.6 Kbps which is more similar to that we get in 3G

3G 


  • Network Type – UMTS (Universal Mobile Telecommunications System)
  • 3G, third generation of mobiles came into existence mainly for the purpose of video calling
  • Can get max speed similar to that in EDGE

H


  • Network Type – HSPA (High Speed Packet Access) 
  • Precisely HSDPA (downlink only)
  • Developed on basis of 3G network and can support up to 7.2 Mbps
  • HSUPA (uplink only) derives speed up to 5 Mbps 

H+


  • Network Type – HSPAP (HSPA Plus/ HSPA+)
  • Evolution of HSPA that allows speed up to 21 Mbps 
  • It is start to the fourth generation network, 4G devices are compatible to use H+

4G LTE


  • Network Type – LTE (Long Term Evolution)
  • It is an upgrade to HSPAP (P for Plus), starting phase of 4G technology. 
  • It is mostly observed in foreign countries and in limited cities in India. 
  • With LTE, we can get speeds varying from 100 Mbps to 1 Gbps. But in reality we acquire speed in between 50 Mbps to 100 Mbps (that is a lot what else do u expect). 
  • For LTE, devices has to be compatible and changes has to be made in the network setup

With the increasing speeds day by day reaching to the max speed that LAN can provide, we can’t predict what’s coming next. Newer technologies LTE-Advanced, Mobile WiMax are arising. 

To conclude I wish to recommend using the data speed that serves your purpose well in order to get better battery life and also cost effective. 

P.S. Getting 'G' become difficult, collected '4G LTE' from my friend at San Jose

Addon - Check out the list of data bit rates here

--
Satya Sravan


Saturday, October 25, 2014

Rx Level - Why is it negative ??

Before i tell you why Rx level is negative, you must know about 'dBm'

dbm : decibel-milliwatt
  • It is measured power referenced to one milliwatt (mW).
  • Its value is 10 * log[ P(W) / 1mW ]
Rx level is the strength of the signal that our mobile receives from a BTS (mobile tower). Here Rx level stands for Receiver Level

Mathematical formula to calculate the Rx level is 
RxLev (dBm) = EIRP (dBm) - Path Loss (dB)

EIRP - Equivalent/Effective Isotropically Radiated Power is the amount of power that an antenna which evenly distributes power in all directions would emit to produce the peak power density observed in the direction of maximum antenna gain.
EIRP (dBm) = Pt (dBm) + Ga (dBi)
i - antenna gain in reference to isotropic antenna
t - output power transmitted 

Path Loss - For a given antenna, the received power is inversely proportional to distance between the transmit and receive antennas & also to the square of frequency.

Ls ~ d^2 f^2
Path loss - Ls(dB) = 32.4(dB) + 20*log [ f (MHz) ] + 20*log [ d (km)]
where 32.4 is a constant of proportionality

The value of Path loss is always greater than EIRP, hence Rx level is negative

Example:

If we take power as 2 W i.e., maximum output from a UMTS/3G mobile phone of Power class 1
Pt will be 33 dbm (calculated using dbm formula).
Let gain Ga be 9 dBi => EIRP = 33 + 9 = 42 dBm

Frequency be 1800 MHz; Distance be 2 Km
Path loss = 32.4 + 65.1 + 6 = 103.5 (calculated using path loss formula)

Rx level = 42 - 103.5 = - 62 dBm ** negative value **

RX level Range 
In few websites, i found Rx level mentioned in a range of 0 to 63 (positive value). Just subtract it from 110 dBm to get the value of Rx level. 0 to 63 equals  -110 dBm to -47 dBm.
  • Upto - 65 dbm : Excellent  
  • -65 to -75         : Good 
  • -75 to -95         : Normal
  • < -95                : Weak 
Addon -  Check the table in the Unit conversions of this link

--
Satya Sravan




Thursday, October 9, 2014

GPRS Coding Schemes

In the present data speeds (3G) discussing about GPRS sounds low, but i wish to write about the four coding schemes that are used in GPRS

The channel encoding process in GPRS consists of two steps: first, a cyclic code is used to add parity bits, followed by coding with a possibly punctured convolution code. Here, the Coding Schemes CS-1 to CS-4 specifies the number of parity bits generated by the cyclic code and the puncturing rate of the convolution code.

In Coding Schemes CS-1 through CS-3, the convolution code is of rate 1/2, i.e. each input bit is converted into two coded bits. In Coding Schemes CS-2 and CS-3, the output of the convolution code is punctured to achieve the desired code rate i.e., 1/2. In Coding Scheme CS-4, no convolution coding is applied. Modulation technique used in these coding schemes is GMSK. 
  


Overview of all the four coding schemes

Channel Coding Scheme
CS-1
CS-2
CS-3
CS-4
Pre-cod. USF
3
6
6
12
Info bits without USF
181
268
312
428
Parity bits BC
40
16
16
16
Tail bits
4
4
4
-
Output convolution encoder
456
588
676
456
Punctured bits
0
132
220
-
Code rate
1/2
~2/3
~3/4
1
Data rate kbit/s
9.05
13.4
15.6
21.4
Maximum data speed with 8 time-slots
72.4 kb/s
107.2 kb/s
124.8 kb/s
171.2 kb/s


Utilization
  • CS - 4 which is fastest is used near a BTS while CS - 1 is used when the MS is far away from BTS. 
  • CS - 4 can achieve a user speed of 20.0 Kbit/s per time slot, but has 25% of normal cell coverage whereas CS - 1 gives 98% of normal cell coverage with 8 kbps speed.
Which coding scheme to choose ?
  • The choice of coding scheme depends on the condition of the channel provided by the mobile network.
  • If the channel is very noisy, the network may use CS-1 with only 8 kbps speed to ensure higher reliability while if the channel is providing a good condition, the network could use CS-3 or CS-4 to obtain optimum speed.

--
Satya Sravan

Wednesday, October 1, 2014

GSM Security - Authentication & Confidentiality

In general, the two common weakness in a mobile network are false usage of service and interception of voice and data. This post briefs you how secure is your mobile network & what plays major role in making it so.

Before i write, i will introduce to the terms that are needed to known

Ki, RAND, SRES, Kc

Ki
  • Authentication/Secret Key
  • It is stored in SIM and AuC 
  • It is based on IMSI
  • 128 bit
RAND
  • Random Number
  • It is generated by AuC
  • 128 bit
SRES
  • Signed Response
  • calculated at AuC and SIM
  • generated from RAND and Ki using A3 algorithm
  • 32 bit
Kc
  • Cipher/Session Key
  • generated from RAND and Ki using A8 algorithm
  • 64 bit
RAND, SRES & Kc are known to be triplets

A3, A5 & A8 Security Algorithms
  • A3
    • authentication algorithm
    • used to generate SRES 
    • operator specific
    • stored in SIM and AuC of HLR
  • A8
    • key generation algorithm
    • used to generate Kc
    • operator specific
    • stored in SIM and AuC of HLR
  • A5
    • ciphering/encryption algorithm
    • stored in the mobile device itself
    • common to all network providers
    • defined for data encryption and decryption over air interface
    • types - A5/0(no encryption), A5/1 & A5/2

AuC - Authentication Center
HLR - Home Location Register
MS - Mobile Station - Mobile phone + SIM
VLR - Visitor Location Register
BSS - Base Station Subsystem - BTS + BSC 
BTS -  Base Trans-receiver Station
BSC - Base Station Controller
MSC - Mobile Switching Center


Authentication

They say picture speaks it better, here this flowchart & illustration will describe how authentication procedure is done.





Sending SRES through air interface between MS to BSS is not encrypted. Encryption is not necessary too because Ki is never transmitted over the radio channel, two copies of the value are stored in SIM and AuC. Moreover if eavesdroppers attack using the SRES & RAND, they will get infinite combinations of RAND for a particular noted SRES.

Authentication is referred to as challenge-response process.

Authentication process takes place for the first time when a subscriber attempts to make a call or location update. Later, it may not be necessary as the data generated earlier is available for a certain time span.



Now what about the cipher key Kc that is generated through A8 algorithm ??


Confidentiality

Encryption and decryption of voice and data between the MS and the network is accomplished by the use of the A5 algorithm, Kc and the GSM hyper-frame number.

In order to discuss further, a little background is necessary. 

GSM uses time division multiplexing i.e., each subscriber takes turns to use the common radio channel for sending and receiving information only during one of the eight available time slots. (a channel can be shared by 8 users). Each time slot lasts for only 4.6 milliseconds and is identified by a frame number. A GSM conversation uses two such frames, one BSS to MS and another from MS back to BSS. Each of these frames contains 114 bits of user information. So, every 4.6 milliseconds, MS receives 114 bits of information from BSS and transmits another 114 bits to BSS. It is these 228 bits that require encryption to protect them from getting attacked.

Using the RAND and Ki, the SIM produces Kc through A8 algorithm. This Kc together with the current frame number generates a key stream of 228 bits through A5 algorithm. These 228 bits are transferred on air interface implying increased confidentiality.

Notes:

  • A5 generates new 228 bits every 4.6 milliseconds
  • COMP 128 is combined A3/A8 algorithm which is used.


We reviewed about the data and signalling confidentiality in the above discussion but what about the subscriber data confidentiality ? To ensure this, the Temporary Mobile Subscriber Identity (TMSI) is used. It is a temporary number that is MS after the authentication and encryption procedures have taken place. It is allocated after certain intervals to make it more secured.

Here i discussed about GSM security, for GPRS there is no much difference; you can read this link for reference. 

--
Satya Sravan