Mobile Computing Notes PDF

LECTURE NOTES ON MOBILE COMPUTING Introduction to Mobile Computing The rapidly expanding technology of cellular communication, wireless LANs, and satellite services will make information accessible anywhere and at any time. Regardless of size, most mobile computers will be equipped with a wireless connection to the fixed part of the network, and, perhaps, to other mobile computers. The resulting computing environment, which is often referred to as mobile or nomadic computing, no longer requires users to maintain a fixed and universally known position in the network and enables almost unrestricted mobility. Mobility and portability will create an entire new class of applications and, possibly, new massive markets combining personal computing and consumer electronics. Mobile Computing is an umbrella term used to describe technologies that enable people to access network services anyplace, anytime, and anywhere. A communication device can exhibit any one of the following characteristics:  Fixed and wired: This configuration describes the typical desktop computer in an office. Neither weight nor power consumption of the devices  allow for mobile usage. The  devices use fixed networks for performance reasons.   Mobile and wired: Many of today’s laptops fall into this category; users carry the laptop from one hotel to the  next, reconnecting to the company’s network via the telephone  network and a modem.   Fixed and wireless: This mode is used for installing networks, e.g., in historical buildings   to avoid damage by installing wires, or at trade shows to ensure fast network setup.   Mobile and wireless: This is the most interesting case. No cable restricts the user, who can roam between different wireless networks. Most technologies discussed in this book deal with this type of device and the networks supporting them. Today’s  most successful example for this category is GSM with more than 800 million users. 1 APPLICATIONS OF MOBILE COMPUTING In many fields of work, the ability to keep on the move is vital in order to utilise time efficiently. The importance of Mobile Computers has been highlighted in many fields of which a few are described below: a. Vehicles: Music, news, road conditions, weather reports, and other broadcast information are received via digital audio broadcasting (DAB) with 1.5 Mbit/s. For personal communication, a universal mobile telecommunications system (UMTS) phone might be available offering voice and data connectivity with 384 kbit/s. The current position of the car is determined via the global positioning system (GPS). Cars driving in the same area build a local ad-hoc network for the fast exchange of information in emergency situations or to help each other keep a safe distance. In case of an accident, not only will the airbag be triggered, but the police and ambulance service will be informed via an emergency call to a service provider. Buses, trucks, and trains are already transmitting maintenance and logistic information to their home base, which helps to improve organization (fleet management), and saves time and money. b. Emergencies: An ambulance with a high-quality wireless connection to a hospital can carry vital information about injured persons to the hospital from the scene of the accident. All the necessary steps for this particular type of accident can be prepared and specialists can be consulted for an early diagnosis. Wireless networks are the only means of communication in the case of natural disasters such as hurricanes or earthquakes. In the worst cases, only decentralized, wireless ad-hoc networks survive. c. Business: Managers can use mobile computers say, critical presentations to major customers. They can access the latest market share information. At a small recess, they can revise the presentation to take advantage of this information. They can communicate with the office about possible new offers and call meetings for discussing responds to the new proposals. Therefore, mobile computers can leverage competitive advantages. A travelling salesman today needs instant access to the company’s database: to ensure that files on his or her laptop reflect the current situation, to enable the company to keep track of all activities of their travelling employees, to keep databases consistent etc. With wireless access, the laptop can be turned into a true mobile office, but efficient and powerful synchronization mechanisms are needed to ensure data consistency. 2 d. Credit Card Verification: At Point of Sale (POS) terminals in shops and supermarkets, when customers use credit cards for transactions, the intercommunication required between the bank central computer and the POS terminal, in order to effect verification of the card usage, can take place quickly and securely over cellular channels using a mobile computer unit. This can speed up the transaction process and relieve congestion at the POS terminals. e. Replacement of Wired Networks: wireless networks can also be used to replace wired networks, e.g., remote sensors, for tradeshows, or in historic buildings. Due to economic reasons, it is often impossible to wire remote sensors for weather forecasts, earthquake detection, or to provide environmental information. Wireless connections, e.g., via satellite, can help in this situation. Other examples for wireless networks are computers, sensors, or information displays in historical buildings, where excess cabling may destroy valuable walls or floors. f. Infotainment: wireless networks can provide up-to-date information at any appropriate location. The travel guide might tell you something about the history of a building (knowing via GPS, contact to a local base station, or triangulation where you are) downloading information about a concert in the building at the same evening via a local wireless network. Another growing field of wireless network applications lies in entertainment and games to enable, e.g., ad-hoc gaming networks as soon as people meet to play together. Limitations of Mobile Computing    Resource constraints: Battery  Interference: Radio transmission cannot be protected against interference using result in higher loss rates for transmitted data or higher bit error rates shielding and  respectively  Bandwidth: Although they are continuously increasing, transmission rates are still  very low for wireless devices compared to desktop systems. Researchers look for more efficient communication protocols with low overhead.   Dynamic changes in communication environment: variations in signal power within a region,  thus link delays and connection losses    Network Issues: discovery of the connection-service to destination and connection stability   Interoperability issues: the varying protocol standards 3  Security constraints: Not only can portable devices be stolen more easily, but the radio interface is also prone to the dangers of eavesdropping. Wireless access must  always include encryption, authentication, and other security mechanisms that must be efficient and simple to use. A simplified reference model The figure shows the protocol stack implemented in the system according to the reference model. End-systems, such as the PDA and computer in the example, need a full protocol stack comprising the application layer, transport layer, network layer, data link layer, and physical layer. Applications on the end-systems communicate with each other using the lower layer services. Intermediate systems, such as the interworking unit, do not necessarily need all of the layers. A Simplified Reference Model Physical layer: This is the lowest layer in a communication system and is responsible for the conversion of a stream of bits into signals that can be transmitted on the sender side. The physical layer of the receiver then transforms the signals back into a bit stream. For wireless communication, the physical layer is responsible for frequency selection, generation of the carrier frequency, signal detection (although heavy interference may disturb the signal), modulation of data onto a carrier frequency and (depending on the transmission scheme) encryption. Data link layer: The main tasks of this layer include accessing the medium, multiplexing of different data streams, correction of transmission errors, and synchronization (i.e., detection of a data frame). Altogether, the data link layer is responsible for a reliable point-to-point 4 connection between two devices or a point-to-multipoint connection between one sender and several receivers. Network layer: This third layer is responsible for routing packets through a network or establishing a connection between two entities over many other intermediate systems. Important functions are addressing, routing, device location, and handover between different networks. Transport layer: This layer is used in the reference model to establish an end-to-end connection Application layer: Finally, the applications (complemented by additional layers that can support applications) are situated on top of all transmission oriented layers. Functions are service location, support for multimedia applications, adaptive applications that can handle the large variations in transmission characteristics, and wireless access to the world-wide web using a portable device. GSM : Mobile services, System architecture, Radio interface, Protocols, Localization and calling, Handover, Security, and New data services. GSM Services GSM is the most successful digital mobile telecommunication system in the world today. It is used by over 800 million people in more than 190 countries. GSM permits the integration of different voice and data services and the interworking with existing networks. Services make a network interesting for customers. GSM has defined three different categories of services: bearer, tele and supplementary services. Bearer services: GSM specifies different mechanisms for data transmission, the original GSM allowing for data rates of up to 9600 bit/s for non-voice services. Bearer services permit transparent and non-transparent, synchronous or asynchronous data transmission. Transparent bearer services only use the functions of the physical layer (layer 1) to transmit data. Data transmission has a constant delay and throughput if no transmission errors occur. Transmission quality can be improved with the use of forward error correction (FEC), which codes redundancy into the data stream and helps to reconstruct the original data in case of transmission errors. Transparent bearer services do not try to recover lost data in case of, for example, shadowing or interruptions due to handover. Non-transparent bearer services use protocols of layers two and three to implement error correction and flow control. These services use the transparent bearer services, adding a radio link protocol (RLP). This protocol comprises mechanisms of high-level data link control (HDLC), and special selective-reject mechanisms to trigger retransmission of erroneous data. 5 Using transparent and non-transparent services, GSM specifies several bearer services for interworking with PSTN, ISDN, and packet switched public data networks (PSPDN) like X.25, which is available worldwide. Data transmission can be full-duplex, synchronous with data rates of 1.2, 2.4, 4.8, and 9.6 kbit/s or full-duplex, asynchronous from 300 to 9,600 bit/s. Tele services: GSM mainly focuses on voice-oriented tele services. These comprise encrypted voice transmission, message services, and basic data communication with terminals as known from the PSTN or ISDN (e.g., fax). The primary goal of GSM was the provision of high-quality digital voice transmission. Special codecs (coder/decoder) are used for voice transmission, while other codecs are used for the transmission of analog data for communication with traditional computer modems used in, e.g., fax machines. Another service offered by GSM is the emergency number (eg 911, 999). This service is mandatory for all providers and free of charge. This connection also has the highest priority, possibly pre-empting other connections, and will automatically be set up with the closest emergency center. A useful service for very simple message transfer is the short message service (SMS), which offers transmission of messages of up to 160 characters. Sending and receiving of SMS is possible during data or voice transmission. It can be used for “serious” applications such as displaying road conditions, e-mail headers or stock quotes, but it can also transfer logos, ring tones, horoscopes and love letters. The successor of SMS, the enhanced message service (EMS), offers a larger message size, formatted text, and the transmission of animated pictures, small images and ring tones in a standardized way. But with MMS, EMS was hardly used. MMS offers the transmission of larger pictures (GIF, JPG, WBMP), short video clips etc. and comes with mobile phones that integrate small cameras. Another non-voice tele service is group 3 fax, which is available worldwide. In this service, fax data is transmitted as digital data over the analog telephone network according to the ITU-T standards T.4 and T.30 using modems. Supplementary services: In addition to tele and bearer services, GSM providers can offer supplementary services. these services offer various enhancements for the standard telephony service, and may vary from provider to provider. Typical services are user identification, call redirection, or forwarding of ongoing calls, barring of incoming/outgoing calls, Advice of Charge (AoC) etc. Standard ISDN features such as closed user groups and multiparty communication may be available. GSM Architecture A GSM system consists of three subsystems, the radio sub system (RSS), the network and switching subsystem (NSS), and the operation subsystem (OSS). Functional Architecture of a GSM System Network Switching Subsystem: The NSS is responsible for performing call processing and subscriber related functions. The switching system includes the following functional units:  Home location register (HLR): It is a database used for storage and management of subscriptions. HLR stores permanent data about subscribers, including a subscribers service profile, location information and activity status. When an individual buys a  subscription from the PCS provider, he or she is registered in the HLR of that operator.  Visitor location register (VLR): It is a database that contains temporary information about subscribers that is needed by the MSC in order to service visiting subscribers.VLR is always integrated with the MSC. When a MS roams into a new MSC area, the VLR connected to that MSC will request data about the mobile station from the HLR. Later if the mobile station needs to make a call, VLR will be having all the information needed for call setup.  Authentication center (AUC): A unit called the AUC provides authentication and  encryptionparameters that verify the users identity and ensure the confidentiality of each call.  Equipment identity register (EIR): It is a database that contains information about the  equipment that prevents calls from stolen, unauthorized or defective identity of mobile mobile stations.  Mobile switching center (MSC): The MSC performs the telephony switching functions of the system. It controls calls to and from other telephone and data systems. Radio Subsystem (RSS): the radio subsystem (RSS) comprises all radio specific entities, i.e., the mobile stations (MS) and the base station subsystem (BSS). The figure shows the connection between the RSS and the NSS via the A interface (solid lines) and the connection to the OSS via the O interface (dashed lines).  Base station subsystem (BSS): A GSM network comprises many BSSs, each controlled by a base station controller (BSC). The BSS performs all functions necessary to maintain radio connections to an MS, coding/decoding of voice, and rate adaptation  to/from the  wireless network part. Besides a BSC, the BSS contains several BTSs.  Base station controllers (BSC): The BSC provides all the control functions and physical links between the MSC and BTS. It is a high capacity switch that provides functions such  as handover, cell configuration data, and control of radio frequency (RF) power levels in BTS. A number of BSC’s are served by and MSC.  Base transceiver station (BTS): The BTS handles the radio interface to the mobile station. A BTS can form a radio cell or, using sectorized antennas, several and is connected to MS via the Um interface, and to the BSC via the Abis interface. The Um interface contains all the mechanisms necessary for wireless transmission (TDMA, FDMA etc.)The BTS is the radio equipment (transceivers and antennas) needed to service each cell in the network. A group of BTS’s are controlled by an BSC. Operation and Support system: The operations and maintenance center (OMC) is connected to all equipment in the switching system and to the BSC. Implementation of OMC is called operation and support system (OSS). The OSS is the functional entity from which the network operator monitors and controls the system. The purpose of OSS is to offer the customer cost-effective support for centralized, regional and local operational and maintenance activities that are required for a GSM network. OSS provides a network overview and allows engineers to monitor, diagnose and troubleshoot every aspect of the GSM network. 8 The mobile station (MS) consists of the mobile equipment (the terminal) and a smart card called the Subscriber Identity Module (SIM). The SIM provides personal mobility, so that the user can have access to subscribed services irrespective of a specific terminal. By inserting the SIM card into another GSM terminal, the user is able to receive calls at that terminal, make calls from that terminal, and receive other subscribed services. The mobile equipment is uniquely identified by the International Mobile Equipment Identity (IMEI). The SIM card contains the International Mobile Subscriber Identity (IMSI) used to identify the subscriber to the system, a secret key for authentication, and other information. The IMEI and the IMSI are independent, thereby allowing personal mobility. The SIM card may be protected against unauthorized use by a password or personal identity number. Radio Interface The most interesting interface in a GSM system is Um, the radio interface, as it comprises various multiplexing and media access mechanisms. GSM implements SDMA using cells with BTS and assigns an MS to a BTS. GSM TDMA Frame, Slots and Bursts Each of the 248 channels is additionally separated in time via a GSM TDMA frame, i.e., each 200 kHz carrier is subdivided into frames that are repeated continuously. The duration of a frame is 4.615 ms. A frame is again subdivided into 8 GSM time slots, where each slot represents a physical TDM channel and lasts for 577 μs. Each TDM channel occupies the 200 kHz carrier for 577 μs every 4.615 ms. Data is transmitted in small portions, called bursts. The following figure shows a so called normal burst as used for data transmission inside a time slot. As shown, the burst is only 546.5 μs long and contains 148 bits. The remaining 30.5 μs are used as guard space to avoid overlapping with other bursts due to different path delays and to give the transmitter time to turn on and off. The first and last three bits of a normal burst (tail) are all set to 0 and can be used to enhance the receiver performance. The training sequence in the middle of a slot is used to adapt the parameters of the receiver to the current path propagation characteristics and to select the strongest signal in case of multi-path propagation. A flag S indicates whether the data field contains user or network control data. Apart from the normal burst, ETSI (1993a) defines four more bursts for data transmission: a frequency correction burst allows the MS to correct the local oscillator to avoid interference with neighbouring channels, a synchronization burst with an extended training sequence synchronizes the MS with the BTS in time, an access burst is used for the initial connection setup between MS and BTS, and finally a dummy burst is used if no data is available for a slot. Logical channels and frame hierarchy Two types of channels, namely physical channels and logical channels are present. Physical channel: channel defined by specifying both, a carrier frequency and a TDMA timeslot number. Logic channel: logical channels are multiplexed into the physical channels. Each logic channel performs a specific task. Consequently the data of a logical channel is transmitted in the corresponding timeslots of the physical channel. During this process, logical channels can occupy a part of the physical channel or even the entire channel. Each of the frequency carriers is divided into frames of 8 timeslots of approximately 577s (15/26 s) duration with 156.25 bits per timeslot. The duration of a TDMA frame is 4.615ms (577s x 8 = 4.615 ms). The bits per timeslot and frame duration yield a gross bit rate of about 271kbps per TDMA frame. TDMA frames are grouped into two types of multiframes:  26-frame multiframe (4.615ms x 26 = 120 ms) comprising of 26 TDMA frames. This multiframe is used to carry traffic channels and their associated control channels. 10  51-frame multiframe (4.615ms x 51 235.4 ms) comprising 51 TDMA frames. This multiframe is exclusively used for control channels. The multiframe structure is further multiplexed into a single superframe of duration of 6.12sec. This means a superframe consists of  51 multiframes of 26 frames.   26 multiframes of 51 frames. The last multiplexing level of the frame hierarchy, consisting of 2048 superframes (2715648 TDMA frames), is a hyperframe. This long time period is needed to support the GSM data encryption mechanisms. The frame hierarchy is shown below: GSM Frame Hierarchy There are two different types of logical channel within the GSM system: Traffic channels (TCHs), Control channels (CCHs). Traffic Channels: Traffic channels carry user information such as encoded speech or user data. Traffic channels are defined by using a 26-frame multiframe. Two general forms are defined: i. Full rate traffic channels (TCH/F), at a gross bit rate of 22.8 kbps (456bits / 20ms) ii. Half rate traffic channels (TCH/H), at a gross bit rate of 11.4 kbps. Uplink and downlink are separated by three slots (bursts) in the 26-multiframe structure. This simplifies the duplexing function in mobile terminals design, as mobiles will not need to transmit and receive at the same time. The 26-frame multiframe structure, shown below multiplexes two types of logical channels, a TCH and a Slow Associated Control CHannel (SACCH). However, if required, a Fast Associated Control CHannel (FACCH) can steal TCH in order to transmit control information at a higher bit rate. This is usually the case during the handover process. In total 24 TCH/F are transmitted and one SACCH. Control Channels: Control channels carry system signalling and synchronisation data for control procedures such as location registration, mobile station synchronisation, paging, random access etc. between base station and mobile station. Three categories of control channel are defined: Broadcast, Common and Dedicated. Control channels are multiplexed into the 51-frame multiframe. 12  Broadcast control channel (BCCH): A BTS uses this channel to signal information to all MSs within a cell. Information transmitted in this channel is, e.g., the cell identifier, options available within this cell (frequency hopping), and frequencies available inside the cell and in neighboring cells. The BTS sends information for frequency correction via the frequency correction channel (FCCH) and information about time synchronization via the synchronization channel (SCH),  where both channels are subchannels of the BCCH.   Common control channel (CCCH): All information regarding connection setup between MS and BS is exchanged via the CCCH. For calls toward an MS, the BTS uses the paging channel (PCH) for paging the appropriate MS. If an MS wants to set up a call, it uses the random access channel (RACH) to send data to the BTS. The RACH implements multiple access (all MSs within a cell may access this channel) using slotted Aloha. This is where a collision may occur with other MSs in a GSM system. The BTS uses the access grant channel (AGCH) to signal an MS that it can use a TCH or SDCCH for further connection setup.  Dedicated control channel (DCCH): While the previous channels have all been unidirectional, the following channels are bidirectional. As long as an MS has not established a TCH with the BTS, it uses the stand-alone dedicated control channel (SDCCH) with a low data rate (782 bit/s) for signaling. This can comprise authentication, registration or other data needed for setting up a TCH. Each TCH and SDCCH has a slow associated dedicated control channel (SACCH) associated with it, which is used to exchange system information, such as the channel quality and signal power level. Finally, if more signaling information needs to be transmitted and a TCH already exists, GSM uses a fast associated dedicated control channel (FACCH). The FACCH uses the time slots which are otherwise used by the TCH. This is necessary in the case of handovers where BTS and MS have to exchange larger  amounts of data in less time. GSM Protocols The signalling protocol in GSM is structured into three general layers depending on the interface, as shown below. Layer 1 is the physical layer that handles all radio-specific functions. This includes the creation of bursts according to the five different formats, multiplexing of bursts into a TDMA frame, synchronization with the BTS, detection of idle channels, and measurement of the channel quality on the downlink. The physical layer at Um uses GMSK for digital modulation and performs encryption/decryption of data, i.e., encryption is not performed end-to-end, but only between MS and BSS over the air interface. 13 Protocol architecture for Signaling The main tasks of the physical layer comprise channel coding and error detection/correction, which is directly combined with the coding mechanisms. Channel coding makes extensive use of different forward error correction (FEC) schemes. Signaling between entities in a GSM network requires higher layers. For this purpose, the LAPDm protocol has been defined at the Um interface for layer two. LAPDm has been derived from link access procedure for the D-channel (LAPD) in ISDN systems, which is a version of HDLC. LAPDm is a lightweight LAPD because it does not need synchronization flags or checksumming for error detection. LAPDm offers reliable data transfer over connections, re- sequencing of data frames, and flow control. The network layer in GSM, layer three, comprises several sublayers. The lowest sublayer is the radio resource management (RR). Only a part of this layer, RR’, is implemented in the BTS, the remainder is situated in the BSC. The functions of RR’ are supported by the BSC via the BTS management (BTSM). The main tasks of RR are setup, maintenance, and release of radio channels. Mobility management (MM) contains functions for registration, authentication, identification, location updating, and the provision of a temporary mobile subscriber identity (TMSI). Finally, the call management (CM) layer contains three entities: call control (CC), short message service (SMS), and supplementary service (SS). SMS allows for message transfer using the control channels SDCCH and SACCH, while SS offers the services like user identification, call redirection, or forwarding of ongoing calls. CC provides a point-to-point connection between two terminals and is used by higher layers for call establishment, call clearing and change of call parameters. This layer also provides functions to send in-band tones, called dual tone multiple frequency (DTMF), over the GSM network. These tones are used, e.g., for the remote control of answering machines or the entry of PINs in electronic banking and are, also used for dialing in traditional analog telephone systems. Additional protocols are used at the Abis and A interfaces. Data transmission at the physical layer typically uses pulse code modulation (PCM) systems. LAPD is used for layer two at Abis, BTSM for BTS management. Signaling system No. 7 (SS7) is used for signaling between an MSC and a BSC. This protocol also transfers all management information between MSCs, HLR, VLRs, AuC, EIR, and OMC. An MSC can also control a BSS via a BSS application part (BSSAP). Localization and Calling The fundamental feature of the GSM system is the automatic, worldwide localization of users for which, the system performs periodic location updates. The HLR always contains information about the current location and the VLR currently responsible for the MS informs the HLR about the location changes. Changing VLRs with uninterrupted availability is called roaming. Roaming can take place within a network of one provider, between two providers in a country and also between different providers in different countries. To locate and address an MS, several numbers are needed:  Mobile station international ISDN number (MSISDN):- The only important number   code for a user of GSM is the phone number. This number consists of the country (CC), the national destination code (NDC) and the subscriber number (SN).  International mobile subscriber identity (IMSI): GSM uses the IMSI for internal unique identification of a subscriber. IMSI consists of a mobile country code (MCC), the mobile network  code (MNC), and finally the mobile subscriber identification  number (MSIN).  Temporary mobile subscriber identity (TMSI): To hide the IMSI, which would give away the exact identity of the user signallingover the air interface, GSM uses the 4  byte TMSI for local subscriber identification.  Mobile station roaming number (MSRN): Another temporary address that hides the identity and location of a subscriber is MSRN. The VLR generates this address on request from the MSC, and the address is also stored in the HLR. MSRN contains the current visitor country code (VCC), the visitor national destination code (VNDC), the identification of the current MSC together with the subscriber  number. The MSRN helps the HLR to find a subscriber for an incoming call. 15 For a mobile terminated call (MTC), the following figure shows the different steps that take place: Mobile Terminated Call (MTC) step 1: User dials the phone number of a GSM subscriber. step 2: The fixed network (PSTN) identifies the number belongs to a user in GSM network and forwards the call setup to the Gateway MSC (GMSC). step 3: The GMSC identifies the HLR for the subscriber and signals the call setup to HLR step 4: The HLR checks for number existence and its subscribed services and requests an MSRN from the current VLR. step 5: VLR sends the MSRN to HLR step 6: Upon receiving MSRN, the HLR determines the MSC responsible for MS and forwards the information to the GMSC step 7: The GMSC can now forward the call setup request to the MSC indicated step 8: The MSC requests the VLR for the current status of the MS step 9: VLR sends the requested information step 10: If MS is available, the MSC initiates paging in all cells it is responsible for. step 11: The BTSs of all BSSs transmit the paging signal to the MS step 12: Step 13: If MS answers, VLR performs security checks step 15: Till step 17: Then the VLR signals to the MSC to setup a connection to the MS 16 For a mobile originated call (MOC), the following steps take place: step 1: The MS transmits a request for a new connection step 2: The BSS forwards this request to the MSC step 3: Step 4: The MSC then checks if this user is allowed to set up a call with the requested and checks the availability of resources through the GSM network and into the PSTN. If all resources are available, the MSC sets up a connection between the MS and the fixed network. In addition to the steps mentioned above, other messages are exchanged between an MS and BTS during connection setup (in either direction). Message flow for MTC and MOC 17 Handover Cellular systems require handover procedures, as single cells do not cover the whole service area. However, a handover should not cause a cut-off, also called call drop. GSM aims at maximum handover duration of 60 ms. There are two basic reasons for a handover: 1. The mobile station moves out of the range of a BTS, decreasing the received signal level increasing the error rate thereby diminishing the quality of the radio link. 2. Handover may be due to load balancing, when an MSC/BSC decides the traffic is too high in one cell and shifts some MS to other cells with a lower load. The four possible handover scenarios of GSM are shown below:  Intra-cell handover: Within a cell, narrow-band interference could make transmission at a certain frequency impossible. The BSC could then decide to change the carrier  frequency (scenario 1).  Inter-cell, intra-BSC handover: This is a typical handover scenario. The mobile station moves from one cell to another, but stays within the control of the same BSC. The BSC then performs a handover,  assigns a new radio channel in the new cell and releases the  old one (scenario 2).  Inter-BSC, intra-MSC handover: As a BSC only controls a limited number of cells;  GSM also has to perform handovers between cells controlled  by different BSCs. This handover then has to be controlled by the MSC (scenario 3).  Inter MSC handover: A handover could be required between two cells belonging  to different MSCs. Now both MSCs perform the handover together (scenario 4). To provide all the necessary information for a handover due to a weak link, MS and BTS both perform periodic measurements of the downlink and uplink quality respectively. Measurement reports are sent by the MS about every half-second and contain the quality of the current link used for transmission as well as the quality of certain channels in neighboring cells (the BCCHs). Handover decision depending on receive level Intra-MSC handover More sophisticated handover mechanisms are needed for seamless handovers between different systems. 19 Security GSM offers several security services using confidential information stored in the AuC and in the individual SIM. The SIM stores personal, secret data and is protected with a PIN against unauthorized use. Three algorithms have been specified to provide security services in GSM. Algorithm A3 is used for authentication, A5 for encryption, and A8 for the generation of a cipher key. The various security services offered by GSM are: Access control and authentication: The first step includes the authentication of a valid user for the SIM. The user needs a secret PIN to access the SIM. The next step is the subscriber authentication. This step is based on a challenge-response scheme as shown below: Subscriber Authentication Authentication is based on the SIM, which stores the individual authentication key Ki, the user identification IMSI, and the algorithm used for authentication A3. The AuC performs the basic generation of random values RAND, signed responses SRES, and cipher keys Kc for each IMSI, and then forwards this information to the HLR. The current VLR requests the appropriate values for RAND, SRES, and Kc from the HLR. For authentication, the VLR sends the random value RAND to the SIM. Both sides, network and subscriber module, perform the same operation with RAND and the key Ki, called A3. The MS sends back the SRES generated by the SIM; the VLR can now compare both values. If they are the same, the VLR accepts the subscriber, otherwise the subscriber is rejected. Confidentiality: All user-related data is encrypted. After authentication, BTS and MS apply encryption to voice, data, and signalling as shown below. To ensure privacy, all messages containing user-related information are encrypted in GSM over the air interface. After authentication, MS and BSS can start using encryption by applying the cipher key Kc, which is generated using the individual key Ki and a random value by applying the algorithm A8. Note that the SIM in the MS and the network both calculate the same Kc based on the random value RAND. The key Kc itself is not transmitted over the air interface. MS and BTS can now encrypt and decrypt data using the algorithm A5 and the cipher key Kc. Anonymity: To provide user anonymity, all data is encrypted before transmission, and user identifiers are not used over the air. Instead, GSM transmits a temporary identifier (TMSI), which is newly assigned by the VLR after each location update. Additionally, the VLR can change the TMSI at any time. New Data Services To enhance the data transmission capabilities of GSM, two basic approaches are possible. As the basic GSM is based on connection-oriented traffic channels, e.g., with 9.6 kbit/s each, several channels could be combined to increase bandwidth. This system is called HSCSD {high speed circuit switched data}. A more progressive step is the introduction of packet- oriented traffic in GSM, i.e., shifting the paradigm from connections/telephone thinking to packets/internet thinking. The system is called GPRS {general packet radio service}. 21 HSCD: A straightforward improvement of GSM’s data transmission capabilities is high speed circuit switched data (HSCSD) in which higher data rates are achieved by bundling several TCHs. An MS requests one or more TCHs from the GSM network, i.e., it allocates several TDMA slots within a TDMA frame. This allocation can be asymmetrical, i.e. more slots can be allocated on the downlink than on the uplink, which fits the typical user behaviour of downloading more data compared to uploading. A major disadvantage of HSCD is that it still uses the connection-oriented mechanisms of GSM, which is not efficient for computer data traffic. GPRS: The next step toward more flexible and powerful data transmission avoids the problems of HSCSD by being fully packet-oriented. The general packet radio service (GPRS) provides packet mode transfer for applications that exhibit traffic patterns such as frequent transmission of small volumes (e.g., typical web requests) or infrequent transmissions of small or medium volumes (e.g., typical web responses) according to the requirement specification. For the new GPRS radio channels, the GSM system can allocate between one and eight time slots within a TDMA frame. Time slots are not allocated in a fixed, pre-determined manner but on demand. All time slots can be shared by the active users; up- and downlink are allocated separately. Allocation of the slots is based on current load and operator preferences. The GPRS concept is independent of channel characteristics and of the type of channel (traditional GSM traffic or control channel), and does not limit the maximum data rate (only the GSM transport system limits the rate). All GPRS services can be used in parallel to conventional services. GPRS includes several security services such as authentication, access control, user identity confidentiality, and user information confidentiality. The GPRS architecture introduces two new network elements, which are called GPRS support nodes (GSN) and are in fact routers. All GSNs are integrated into the standard GSM architecture, and many new interfaces have been defined. The gateway GPRS support node (GGSN) is the interworking unit between the GPRS network and external packet data networks (PDN). This node contains routing information for GPRS users, performs address conversion, and tunnels data to a user via encapsulation. The GGSN is connected to external networks (e.g., IP or X.25) via the Gi interface and transfers packets to the SGSN via an IP- based GPRS backbone network (Gn interface). The other new element is the serving GPRS support node (SGSN) which supports the MS via the Gb interface. The SGSN, for example, requests user addresses from the GPRS register (GR), keeps track of the individual MSs’ location, is responsible for collecting billing information (e.g., counting bytes), and performs several security functions such as access control. The SGSN is connected to a BSC via frame relay and is basically on the same hierarchy level as an MSC. The GR, which is typically a part of the HLR, stores all GPRS-relevant data. GPRS Architecture Reference Model As shown above, packet data is transmitted from a PDN, via the GGSN and SGSN directly to the BSS and finally to the MS. The MSC, which is responsible for data transport in the traditional circuit-switched GSM, is only used for signalling in the GPRS scenario. Before sending any data over the GPRS network, an MS must attach to it, following the procedures of the mobility management. The attachment procedure includes assigning a temporal identifier, called a temporary logical link identity (TLLI), and a ciphering key sequence number (CKSN) for data encryption. For each MS, a GPRS context is set up and stored in the MS and in the corresponding SGSN. Besides attaching and detaching, mobility management also comprises functions for authentication, location management, and ciphering. The following figure shows the protocol architecture of the transmission plane for GPRS. All data within the GPRS backbone, i.e., between the GSNs, is transferred using the GPRS tunnelling protocol (GTP). GTP can use two different transport protocols, either the reliable TCP (needed for reliable transfer of X.25 packets) or the non-reliable UDP (used for IP packets). The network protocol for the GPRS backbone is IP (using any lower layers). To adapt to the different characteristics of the underlying networks, the subnetwork dependent convergence protocol (SNDCP) is used between an SGSN and the MS. On top of SNDCP and GTP, user packet data is tunneled from the MS to the GGSN and vice versa. To achieve a high reliability of packet transfer between SGSN and MS, a special LLC is used, which comprises ARQ and FEC mechanisms for PTP (and later PTM) services. 23 GPRS transmission plane protocol reference model A base station subsystem GPRS protocol (BSSGP) is used to convey routing and QoS- related information between the BSS and SGSN. BSSGP does not perform error correction and works on top of a frame relay (FR) network. Finally, radio link dependent protocols are needed to transfer data over the Um interface. The radio link protocol (RLC) provides a reliable link, while the MAC controls access with signalling procedures for the radio channel and the mapping of LLC frames onto the GSM physical channels. The radio interface at U m needed for GPRS does not require fundamental changes compared to standard GSM. 24 Unit:2 (Wireless) Medium Access Control: Motivation for a specialized MAC (Hidden and exposed terminals, Near and far terminals), SDMA, FDMA, TDMA, CDMA. The Media Access Control (MAC) data communication protocol sub-layer, also known as the Medium Access Control, is a sublayer of the Data Link Layer specified in the seven-layer OSI model (layer 2). The hardware that implements the MAC is referred to as a Medium Access Controller. The MAC sub-layer acts as an interface between the Logical Link Control (LLC) sublayer and the network's physical layer. The MAC layer emulates a full-duplex logical communication channel in a multi-point network. This channel may provide unicast, multicast or broadcast communication service. LLC and MAC sublayers Motivation for a specialized MAC One of the most commonly used MAC schemes for wired networks is carrier sense multiple access with collision detection (CSMA/CD). In this scheme, a sender senses the medium (a wire or coaxial cable) to see if it is free. If the medium is busy, the sender waits until it is free. If the medium is free, the sender starts transmitting data and continues to listen into the medium. If the sender detects a collision while sending, it stops at once and sends a jamming signal. But this scheme doest work well with wireless networks. The problems are:  Signal strength decreases proportional to the square of the distance   The sender would apply CS and CD, but the collisions happen at the receiver   It might be a case that a sender cannot “hear” the collision, i.e., CD does not work   Furthermore, CS might not work, if for e.g., a terminal is “hidden” Hidden and Exposed Terminals Consider the scenario with three mobile phones as shown below. The transmission range of A reaches B, but not C (the detection range does not reach C either). The transmission range of C reaches B, but not A. Finally, the transmission range of B reaches A and C, i.e., A cannot detect C and vice versa. Hidden terminals  A sends to B, C cannot hear A   C wants to send to B, C senses a “free” medium (CS fails) and starts transmitting   Collision at B occurs, A cannot detect this collision (CD fails) and continues with its transmission to B   A is “hidden” from C and vice versa Exposed terminals   B sends to A, C wants to send to another terminal (not A or B) outside the range  C senses the carrier and detects that the carrier is busy.   C postpones its transmission until it detects the medium as being idle again   but A is outside radio range of C, waiting is not necessary   C is “exposed” to B Hidden terminals cause collisions, where as Exposed terminals causes unnecessary delay. Near and far terminals Consider the situation shown below. A and B are both sending with the same transmission power.  Signal strength decreases proportional to the square of the distance   So, B’s signal drowns out A’s signal making C unable to receive A’s transmission   If C is an arbiter for sending rights, B drown out A’s signal on the physical layer making C unable to hear out A. The near/far effect is a severe problem of wireless networks using CDM. All signals should arrive at the receiver with more or less the same strength for which Precise power control is to be implemented. SDMA Space Division Multiple Access (SDMA) is used for allocating a separated space to users in wireless networks. A typical application involves assigning an optimal base station to a mobile phone user. The mobile phone may receive several base stations with different quality. A MAC algorithm could now decide which base station is best, taking into account which frequencies (FDM), time slots (TDM) or code (CDM) are still available. The basis for the SDMA algorithm is formed by cells and sectorized antennas which constitute the infrastructure implementing space division multiplexing (SDM). SDM has the unique advantage of not requiring any multiplexing equipment. It is usually combined with other multiplexing techniques to better utilize the individual physical channels. FDMA Frequency division multiplexing (FDM) describes schemes to subdivide the frequency dimension into several non-overlapping frequency bands. Frequency Division Multiple Access is a method employed to permit several users to transmit simultaneously on one satellite transponder by assigning a specific frequency within the channel to each user. Each conversation gets its own, unique, radio channel. The channels are relatively narrow, usually 30 KHz or less and are defined as either transmit or receive channels. A full duplex conversation requires a transmit & receive channel pair. FDM is often used for simultaneous access to the medium by base station and mobile station in cellular networks establishing a duplex channel. A scheme called frequency division duplexing (FDD) in which the two directions, mobile station to base station and vice versa are now separated using different frequencies. FDM for multiple access and duplex The two frequencies are also known as uplink, i.e., from mobile station to base station or from ground control to satellite, and as downlink, i.e., from base station to mobile station or from satellite to ground control. The basic frequency allocation scheme for GSM is fixed and regulated by national authorities. All uplinks use the band between 890.2 and 915 MHz, all downlinks use 935.2 to 960 MHz. According to FDMA, the base station, shown on the right side, allocates a certain frequency for up- and downlink to establish a duplex channel with a mobile phone. Up- and downlink have a fixed relation. If the uplink frequency is f u = 890 MHz + n·0.2 MHz, the downlink frequency is fd = fu + 45 MHz, ., fd = 935 MHz + n·0.2 MHz for a certain channel n. The base station selects the channel. Each channel (uplink and downlink) has a bandwidth of 200 kHz. This scheme also has disadvantages. While radio stations broadcast 24 hours a day, mobile communication typically takes place for only a few minutes at a time. Assigning a separate frequency for each possible communication scenario would be a tremendous waste of (scarce) frequency resources. Additionally, the fixed assignment of a frequency to a sender makes the scheme very inflexible and limits the number of senders. TDMA A more flexible multiplexing scheme for typical mobile communications is time division multiplexing (TDM). Compared to FDMA, time division multiple access (TDMA) offers a much more flexible scheme, which comprises all technologies that allocate certain time slots for communication. Now synchronization between sender and receiver has to be achieved in the time domain. Again this can be done by using a fixed pattern similar to FDMA techniques, i.e., allocating a certain time slot for a channel, or by using a dynamic allocation scheme. Listening to different frequencies at the same time is quite difficult, but listening to many channels separated in time at the same frequency is simple. Fixed schemes do not need identification, but are not as flexible considering varying bandwidth requirements. Fixed TDM The simplest algorithm for using TDM is allocating time slots for channels in a fixed pattern. This results in a fixed bandwidth and is the typical solution for wireless phone systems. MAC is quite simple, as the only crucial factor is accessing the reserved time slot at the right moment. If this synchronization is assured, each mobile station knows its turn and no interference will happen. The fixed pattern can be assigned by the base station, where competition between different mobile stations that want to access the medium is solved. The above figure shows how these fixed TDM patterns are used to implement multiple access and a duplex channel between a base station and mobile station. Assigning different slots for uplink and downlink using the same frequency is called time division duplex (TDD). As shown in the figure, the base station uses one out of 12 slots for the downlink, whereas the mobile station uses one out of 12 different slots for the uplink. Uplink and downlink are separated in time. Up to 12 different mobile stations can use the same frequency without interference using this scheme. Each connection is allotted its own up- and downlink pair. This general scheme still wastes a lot of bandwidth. It is too static, too inflexible for data communication. In this case, connectionless, demand-oriented TDMA schemes can be used Classical Aloha In this scheme, TDM is applied without controlling medium access. Here each station can access the medium at any time as shown below: This is a random access scheme, without a central arbiter controlling access and without coordination among the stations. If two or more stations access the medium at the same time, a collision occurs and the transmitted data is destroyed. Resolving this problem is left to higher layers (e.g., retransmission of data). The simple Aloha works fine for a light load and does not require any complicated access mechanisms. Slotted Aloha The first refinement of the classical Aloha scheme is provided by the introduction of time slots (slotted Aloha). In this case, all senders have to be synchronized, transmission can only start at the beginning of a time slot as shown below. The introduction of slots raises the throughput from 18 per cent to 36 per cent, i.e., slotting doubles the throughput. Both basic Aloha principles occur in many systems that implement distributed access to a medium. Aloha systems work perfectly well under a light load, but they cannot give any hard transmission guarantees, such as maximum delay before accessing the medium or minimum throughput. Carrier sense multiple access One improvement to the basic Aloha is sensing the carrier before accessing the medium. Sensing the carrier and accessing the medium only if the carrier is idle decreases the probability of a collision. But, as already mentioned in the introduction, hidden terminals cannot be detected, so, if a hidden terminal transmits at the same time as another sender, a collision might occur at the receiver. This basic scheme is still used in most wireless LANs. The different versions of CSMA are:  1-persistent CSMA: Stations sense the channel and listens if its busy and transmit immediately, when the channel becomes idle. It’s called 1-persistent CSMA because the host transmits with a probability of 1 whenever it finds the channel idle.   non-persistent CSMA: stations sense the carrier and start sending immediately if the medium is idle. If the medium is busy, the station pauses a random amount of time before sensing the medium again and repeating this pattern.   p-persistent CSMA: systems nodes also sense the medium, but only transmit with a probability of p, with the station deferring to the next slot with the probability 1-p, i.e., access is slotted in addition CSMA with collision avoidance (CSMA/CA) is one of the access schemes used in wireless LANs following the standard IEEE 802.11. Here sensing the carrier is combined with a back-off scheme in case of a busy medium to achieve some fairness among competing stations. Demand assigned multiple access Channel efficiency for Aloha is 18% and for slotted Aloha is 36%. It can be increased to 80% by implementing reservation mechanisms and combinations with some (fixed) TDM patterns. These schemes typically have a reservation period followed by a transmission period. During the reservation period, stations can reserve future slots in the transmission period. While, depending on the scheme, collisions may occur during the reservation period, the transmission period can then be accessed without collision. One basic scheme is demand assigned multiple access (DAMA) also called reservation Aloha, a scheme typical for satellite systems. It increases the amount of users in a pool of satellite channels that are available for use by any station in a network. It is assumed that not all users will need simultaneous access to the same communication channels. So that a call can be established, DAMA assigns a pair of available channels based on requests issued from a user. Once the call is completed, the channels are returned to the pool for an assignment to another call. Since the resources of the satellite are being used only in proportion to the occupied channels for the time in which they are being held, it is a perfect environment for voice traffic and data traffic in batch mode. It has two modes as shown below. During a contention phase following the slotted Aloha scheme; all stations can try to reserve future slots. Collisions during the reservation phase do not destroy data transmission, but only the short requests for data transmission. If successful, a time slot in the future is reserved, and no other station is allowed to transmit during this slot. Therefore, the satellite collects all successful requests (the others are destroyed) and sends back a reservation list indicating access rights for future slots. All ground stations have to obey this list. To maintain the fixed TDM pattern of reservation and transmission, the stations have to be synchronized from time to time. DAMA is an explicit reservation scheme. Each transmission slot has to be reserved explicitly. PRMA packet reservation multiple access It is a kind of implicit reservation scheme where, slots can be reserved implicitly. A certain number of slots form a frame. The frame is repeated in time i.e., a fixed TDM pattern is applied. A base station, which could be a satellite, now broadcasts the status of each slot to all mobile stations. All stations receiving this vector will then know which slot is occupied and which slot is currently free. The base station broadcasts the reservation status ‘ACDABA-F’ to all stations, here A to F. This means that slots one to six and eight are occupied, but slot seven is free in the following transmission. All stations wishing to transmit can now compete for this free slot in Aloha fashion. The already occupied slots are not touched. In the example shown, more than one station wants to access this slot, so a collision occurs. The base station returns the reservation status ‘ACDABA-F’, indicating that the reservation of slot seven failed (still indicated as free) and that nothing has changed for the other slots. Again, stations can compete for this slot. Additionally, station D has stopped sending in slot three and station F in slot eight. This is noticed by the base station after the second frame. Before the third frame starts, the base station indicates that slots three and eight are now idle. Station F has succeeded in reserving slot seven as also indicated by the base station. As soon as a station has succeeded with a reservation, all future slots are implicitly reserved for this station. This ensures transmission with a guaranteed data rate. The slotted aloha scheme is used for idle slots only; data transmission is not destroyed by collision. Reservation TDMA In a fixed TDM scheme N mini-slots followed by N·k data-slots form a frame that is repeated. Each station is allotted its own mini-slot and can use it to reserve up to k data-slots. This guarantees each station a certain bandwidth and a fixed delay. Other stations can now send data in unused data-slots as shown. Using these free slots can be based on a simple round- robin scheme or can be uncoordinated using an Aloha scheme. This scheme allows for the combination of, e.g., isochronous traffic with fixed bitrates and best-effort traffic without any guarantees. Multiple access with collision avoidance Multiple access with collision avoidance (MACA) presents a simple scheme that solves the hidden terminal problem, does not need a base station, and is still a random access Aloha scheme – but with dynamic reservation. Consider the hidden terminal problem scenario. A starts sending to B, C does not receive this transmission. C also wants to send something to B and senses the medium. The medium appears to be free, the carrier sense fails. C also starts sending causing a collision at B. But A cannot detect this collision at B and continues with its transmission. A is hidden for C and vice versa. With MACA, A does not start its transmission at once, but sends a request to send (RTS) first. B receives the RTS that contains the name of sender and receiver, as well as the length of the future transmission. This RTS is not heard by C, but triggers an acknowledgement from B, called clear to send (CTS). The CTS again contains the names of sender (A) and receiver (B) of the user data, and the length of the future transmission. This CTS is now heard by C and the medium for future use by A is now reserved for the duration of the transmission. After receiving a CTS, C is not allowed to send anything for the duration indicated in the CTS toward B. A collision cannot occur at B during data transmission, and the hidden terminal problem is solved. Still collisions might occur when A and C transmits a RTS at the same time. B resolves this contention and acknowledges only one station in the CTS. No transmission is allowed without an appropriate CTS. Now MACA tries to avoid the exposed terminals in the following way: With MACA, B has to transmit an RTS first containing the name of the receiver (A) and the sender (B). C does not react to this message as it is not the receiver, but A acknowledges using a CTS which identifies B as the sender and A as the receiver of the following data transmission. C does not receive this CTS and concludes that A is outside the detection range. C can start its transmission assuming it will not cause a collision at A. The problem with exposed terminals is solved without fixed access patterns or a base station. Polling Polling schemes are used when one station wants to be heard by others. Polling is a strictly centralized scheme with one master station and several slave stations. The master can poll the slaves according to many schemes: round robin (only efficient if traffic patterns are similar over all stations), randomly, according to reservations (the classroom example with polite students) etc. The master could also establish a list of stations wishing to transmit during a contention phase. After this phase, the station polls each station on the list. Example: Randomly Addressed Polling  base station signals readiness to all mobile terminals   terminals ready to send transmit random number without collision using CDMA or FDMA   the base station chooses one address for polling from list of all random numbers (collision if two terminals choose the same address)   the base station acknowledges correct packets and continues polling the next terminal   this cycle starts again after polling all terminals of the list Inhibit sense multiple access This scheme, which is used for the packet data transmission service Cellular Digital Packet Data (CDPD) in the AMPS mobile phone system, is also known as digital sense multiple access (DSMA). Here, the base station only signals a busy medium via a busy tone (called BUSY/IDLE indicator) on the downlink. After the busy tone stops, accessing the uplink is not coordinated any further. The base station acknowledges successful transmissions; a mobile station detects a collision only via the missing positive acknowledgement. In case of collisions, additional back-off and retransmission mechanisms are implemented. CDMA Code division multiple access systems apply codes with certain characteristics to the transmission to separate different users in code space and to enable access to a shared medium without interference. All terminals send on the same frequency probably at the same time and can use the whole bandwidth of the transmission channel. Each sender has a unique random number, the sender XORs the signal with this random number. The receiver can “tune” into this signal if it knows the pseudo random number, tuning is done via a correlation function Disadvantages:  higher complexity of a receiver (receiver cannot just listen into the medium and start  receiving if there is a signal)  all signals should have the same strength at a receiver Advantages:  all terminals can use the same frequency, no planning needed 32  huge code space (e.g. 2 ) compared to frequency space  interferences (e.g. white noise) is not coded  forward error correction and encryption can be easily integrated The following figure shows a sender A that wants to transmit the bits 101. The key of A is shown as signal and binary sequence Ak. The binary “0” is assigned a positive signal value, the binary “1” a negative signal value. After spreading, i.e., XORing Ad and Ak, the resulting signal is As. Coding and spreading of data from sender A and sender B The same happens with data from sender B with bits 100. The result is B s. As and Bs now superimpose during transmission. The resulting signal is simply the sum A s + Bs as shown above. A now tries to reconstruct the original data from Ad. The receiver applies A’s key, Ak, to the received signal and feeds the result into an integrator. The integrator adds the products, a comparator then has to decide if the result is a 0 or a 1 as shown below. As clearly seen, although the original signal form is distorted by B’s signal, the result is quite clear. The same happens if a receiver wants to receive B’s data. Reconstruction of A’s data Soft handover or soft handoff refers to a feature used by the CDMA and WCDMA standards, where a cell phone is simultaneously connected to two or more cells (or cell sectors) during a call. If the sectors are from the same physical cell site (a sectorised site), it is referred to as softer handoff. This technique is a form of mobile-assisted handover, for IS-95/CDMA2000 CDMA cell phones continuously make power measurements of a list of neighboring cell sites, and determine whether or not to request or end soft handover with the cell sectors on the list. Soft handoff is different from the traditional hard-handoff process. With hard handoff, a definite decision is made on whether to hand off or not. The handoff is initiated and executed without the user attempting to have simultaneous traffic channel communications with the two base stations. With soft handoff, a conditional decision is made on whether to hand off. Depending on the changes in pilot signal strength from the two or more base stations involved, a hard decision will eventually be made to communicate with only one. This normally happens after it is evident that the signal from one base station is considerably stronger than those from the others. In the interim period, the user has simultaneous traffic channel communication with all candidate base stations. It is desirable to implement soft handoff in power-controlled CDMA systems because implementing hard handoff is potentially difficult in such systems. Spread Aloha multiple access (SAMA) CDMA senders and receivers are not really simple devices. Communicating with n devices requires programming of the receiver to be able to decode n different codes. Aloha was a very simple scheme, but could only provide a relatively low bandwidth due to collisions. SAMA uses spread spectrum with only one single code (chipping sequence) for spreading for all senders accessing according to aloha. In SAMA, each sender uses the same spreading code, for ex 110101 as shown below. Sender A and B access the medium at the same time in their narrowband spectrum, so that the three bits shown causes collisions. The same data could also be sent with higher power for shorter periods as show. The main problem in using this approach is finding good chipping sequences. The maximum throughput is about 18 per cent, which is very similar to Aloha, but the approach benefits from the advantages of spread spectrum techniques: robustness against narrowband interference and simple coexistence with other systems in the same frequency bands. Mobile IP UNIT- II DHCP UNIT-3: MOBILE NETWORK LAYER: MOBILE IP (GOALS, ASSUMPTIONS, ENTITIES AND TERMINOLOGY, IP PACKET DELIVERY, AGENT ADVERTISEMENT AND DISCOVERY, REGISTRATION, TUNNELING AND ENCAPSULATION, OPTIMIZATIONS) DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP). Need for Mobile IP The IP addresses are designed to work with stationary hosts because part of the address defines the network to which the host is attached. A host cannot change its IP address without terminating on-going sessions and restarting them after it acquires a new address. Other link layer mobility solutions exist but are not sufficient enough for the global Internet. Mobility is the ability of a node to change its point-of-attachment while maintaining all existing communications and using the same IP address. Nomadicity allows a node to move but it must terminate all existing communications and then can initiate new connections with a new address. Mobile IP is a network layer solution for homogenous and heterogeneous mobility on the global Internet which is scalable, robust, secure and which allows nodes to maintain all ongoing communications while moving. Design Goals: Mobile IP was developed as a means for transparently dealing with problems of mobile users. Mobile IP was designed to make the size and the frequency of required routing updates as small as possible. It was designed to make it simple to implement mobile node software. It was designed to avoid solutions that require mobile nodes to use multiple addresses. Requirements: There are several requirements for Mobile IP to make it as a standard. Some of them are: 1. Compatibility: The whole architecture of internet is very huge and a new standard cannot introduce changes to the applications or network protocols already in use. Mobile IP is to be integrated into the existing operating systems. Also, for routers also it may be possible to enhance its capabilities to support mobility instead of changing the routers which is highly impossible. Mobile IP must not require special media or MAC/LLC protocols, so it must use the same interfaces and mechanisms to access the lower layers as IP does. Finally, end-systems enhanced with a mobile IP implementation should still be able to communicate with fixed systems without mobile IP. 2. Transparency: Mobility remains invisible for many higher layer protocols and applications. Higher layers continue to work even if the mobile computer has Mobile IP UNIT- II DHCP changed its point of attachment to the network and even notice a lower bandwidth and some interruption in the service. As many of today’s applications have not been designed to use in mobile environments, the effects of mobility will be higher delay and lower bandwidth. 3. Scalability and efficiency: The efficiency of the network should not be affected even if a new mechanism is introduced into the internet. Enhancing IP for mobility must not generate many new messages flooding the whole network. Special care is necessary to be taken considering the lower bandwidth of wireless links. Many mobile systems have a wireless link to an attachment point. Therefore, only some additional packets must be necessary between a mobile system and a node in the network. It is indispensable for a mobile IP to be scalable over a large number of participants in the whole internet, throughout the world. 4. Security: Mobility possesses many security problems. A minimum requirement is the authentication of all messages related to the management of mobile IP. It must be sure for the IP layer if it forwards a packet to a mobile host that this host really is the receiver of the packet. The IP layer can only guarantee that the IP address of the receiver is correct. There is no way to prevent faked IP addresses and other attacks. The goal of a mobile IP can be summarized as: ‘supporting end-system mobility while maintaining scalability, efficiency, and compatibility in all respects with existing applications and Internet protocols’. Entities and terminology The following defines several entities and terms needed to understand mobile IP as defined in RFC 3344.  Mobile Node (MN): A mobile node is an end-system or router that can change its point of attachment to the internet using mobile IP. The MN keeps its IP address and can continuously communicate with any other system in the internet as long as link-layer   connectivity is given. Examples are laptop, mobile phone, router on an aircraft etc.  Correspondent node (CN): At least one partner is needed for communication. In the   the CN represents this partner for the MN. The CN can be a fixed or mobile following node.   Home network: The home network is the subnet the MN belongs to with  respect to its IP address. No mobile IP support is needed within the home network.   network is the current subnet the MN visits and which is Foreign network: The foreign not the home network. Mobile IP UNIT- II DHCP  Foreign agent (FA): The FA can provide several services to the MN during its visit to the foreign network. The FA can have the COA, acting as tunnel endpoint and forwarding packets to the MN. The FA can be the default router for the MN. FAs can also provide security services because they belong to the foreign network as opposed to the MN   which is only visiting. FA is implemented on a router for the subnet the MN attaches to.  Care-of address (COA): The COA defines the current location of the MN from an IP point of view. All IP packets sent to the MN are delivered to the COA, not directly to the IP address of the MN. Packet delivery toward the MN is done using a tunnel, i.e., the COA marks the tunnel endpoint, i.e., the address where packets exit the tunnel. There  are two different possibilities for the location of the COA: Foreign agent COA: The COA could be located at the FA, i.e., the COA is an IP address of the FA. The FA is the tunnel end-point and forwards  packets to the MN.  Many MN using the FA can share this COA as common COA. Co-located COA: The COA is co-located if the MN temporarily acquired an additional IP address which acts as COA. This address is now topologically correct, and the tunnel endpoint is at the MN. Co-located addresses can be acquired using services such as DHCP.   Home agent (HA): The HA provides several services for the MN and is located in the home network. The tunnel for packets toward the MN starts at the HA. The HA maintains a location registry, i.e., it is informed of the MN’s location by the current COA. Three alternatives for the implementation of an HA exist. 1. The HA can be implemented on a router that is responsible for the home network. This is obviously the best position, because without optimizations to mobile IP, all packets for the MN have to go through the router anyway. 2. If changing the router’s software is not possible, the HA could also be implemented on an arbitrary node in the subnet. One disadvantage of this solution is the double 3 Mobile IP UNIT- II DHCP crossing of the router by the packet if the MN is in a foreign network. A packet for the MN comes in via the router; the HA sends it through the tunnel which again crosses the router. 3. Finally, a home network is not necessary at all. The HA could be again on the ‘router’ but this time only acting as a manager for MNs belonging to a virtual home network. All MNs are always in a foreign network with this solution. A CN is connected via a router to the internet, as are the home network and the foreign network. The HA is implemented on the router connecting the home network with the internet, an FA is implemented on the router to the foreign network. The MN is currently in the foreign network. The tunnel for packets toward the MN starts at the HA and ends at the FA, for the FA has the COA in the above example. IP packet delivery Consider the above example in which a correspondent node (CN) wants to send an IP packet to the MN. One of the requirements of mobile IP was to support hiding the mobility of the MN. CN does not need to know anything about the MN’s current location and sends the packet as usual to the IP address of MN as shown below. CN sends an IP packet with MN as a destination address and CN as a source address. The internet, not having information on the current location of MN, routes the packet to the router responsible for the home network of MN. This is done using the standard routing 4 Mobile IP UNIT- II DHCP mechanisms of the internet. The HA now intercepts the packet, knowing that MN is currently not in its home network. The packet is not forwarded into the subnet as usual, but encapsulated and tunnelled to the COA. A new header is put in front of the old IP header showing the COA as new destination and HA as source of the encapsulated packet (step 2). The foreign agent now decapsulates the packet, i.e., removes the additional header, and forwards the original packet with CN as source and MN as destination to the MN (step 3). Again, for the MN mobility is not visible. It receives the packet with the same sender and receiver address as it would have done in the home network. 5 Mobile IP UNIT- II DHCP Sending packets from the mobile node (MN) to the CN is comparatively simple. The MN sends the packet as usual with its own fixed IP address as source and CN’s address as destination (step 4). The router with the FA acts as default router and forwards the packet in the same way as it would do for any other node in the foreign network. As long as CN is a fixed node the remainder is in the fixed internet as usual. If CN were also a mobile node residing in a foreign network, the same mechanisms as described in steps 1 through 3 would apply now in the other direction. Working of Mobile IP:- Mobile IP has two addresses for a mobile host: one home address and one care-of address. The home address is permanent; the care-of address changes as the mobile host moves from one network to another. To make the change of address transparent to the rest of the Internet requires a home agent and a foreign agent. The specific function of an agent is performed in the application layer. When the mobile host and the foreign agent are the same, the care-of address is called a co-located care-of address. To communicate with a remote host, a mobile host goes through three phases: agent discovery, registration, and data transfer. Agent Discovery A mobile node has to find a foreign agent when it moves away from its home network. To solve this problem, mobile IP describes two methods: agent advertisement and agent solicitation. Agent advertisement For this method, foreign agents and home agents advertise their presence periodically using special agent advertisement messages, which are broadcast into the subnet. Mobile IP does not use a new packet type for agent advertisement; it uses the router advertisement packet of ICMP, and appends an agent advertisement message. The agent advertisement packet according to RFC 1256 with the extension for mobility is shown below: 6 Mobile IP UNIT- II DHCP The TTL field of the IP packet is set to 1 for all advertisements to avoid forwarding them. The type is set to 9, the code can be 0, if the agent also routes traffic from non-mobile nodes, or 16, if it does not route anything other than mobile traffic. The number of addresses advertised with this packet is in #addresses while the addresses themselves follow as shown. Lifetime denotes the length of time this advertisement is valid. Preference levels for each address help a node to choose the router that is the most eager one to get a new node. The extension for mobility has the following fields defined: type is set to 16, length depends on the number of COAs provided with the message and equals 6 + 4*(number of addresses). The sequence number shows the total number of advertisements sent since initialization by the agent. By the registration lifetime the agent can specify the maximum lifetime in seconds a node can request during registration. The following bits specify the characteristics of an agent in detail. The R bit (registration) shows, if a registration with this agent is required even when using a colocated COA at the MN. If the agent is currently too busy to accept new registrations it can set the B bit. The following two bits denote if the agent offers services as a home agent (H) or foreign agent (F) on the link where the advertisement has been sent. Bits M and G specify the method of encapsulation used for the tunnel. While IP-in-IP encapsulation is the mandatory standard, M can specify minimal encapsulation and G generic routing encapsulation. In the first version of mobile IP (RFC 2002) the V bit specified the use of header compression according to RFC 1144. Now the field r at the same bit position is set to zero and must be ignored. The new field T indicates that reverse tunneling is supported by the FA. The following fields contain the COAs advertised. A foreign agent setting the F bit must advertise at least one COA. A mobile node in a subnet can now receive agent advertisements from either its home agent or a foreign agent. This is one way for the MN to discover its location. Agent Solicitation If no agent advertisements are present or the inter-arrival time is too high, and an MN has not received a COA by other means, the mobile node must send agent solicitations. Care must be taken to ensure that these solicitation messages do not flood the network, but basically an MN can search for an FA endlessly sending out solicitation messages. If a node does not receive an answer to its solicitations it must decrease the rate of solicitations exponentially to avoid flooding the network until it reaches a maximum interval between solicitations (typically one minute). Discovering a new agent can be done anytime, not just if the MN is not connected to one. After these steps of advertisements or solicitations the MN can now receive a COA, either one for an FA or a co-located COA. Mobile IP UNIT- II DHCP Agent Registration Having received a COA, the MN has to register with the HA. The main purpose of the registration is to inform the HA of the current location for correct forwarding of packets. Registration can be done in two different ways depending on the location of the COA.  If the COA is at the FA, the MN sends its registration request containing the COA to the FA which forwards the request to the HA. The HA now sets up a mobility binding, containing the mobile node’s home IP address and the current COA. It also contains the lifetime of the registration which is negotiated during the registration process. Registration expires automatically after the lifetime and is deleted; so, an MN should reregister before expiration. This mechanism is necessary to avoid mobility bindings which are no longer used. After setting up the mobility binding, the HA sends a reply  message back to the FA which forwards it to the MN. Registration of a mobile node via the FA or directly with the HA  If the COA is co-located, registration can be simpler, the MN sends the request directly  procedure for MNs returning to to the HA and vice versa. This is also the registration their home network to register directly with the HA. Mobile IP UNIT- II DHCP UDP packets are used for the registration requests using the port no 434. The IP source address of the packet is set to the interface address of the MN, the IP destination address is that of the FA or HA. Registration Request The first field type is set to 1 for a registration request. With the S bit an MN can specify if it wants the HA to retain prior mobility bindings. This allows for simultaneous bindings. Setting the B bit generally indicates that an MN also wants to receive the broadcast packets which have been received by the HA in the home network. If an MN uses a co-located COA, it also takes care of the decapsulation at the tunnel endpoint. The D bit indicates this behavior. As already defined for agent advertisements, the bits M and G Mobile IP UNIT- II DHCP denote the use of minimal encapsulation or generic routing encapsulation, respectively. T indicates reverse tunneling, r and x are set to zero. Lifetime denotes the validity of the registration in seconds. A value of zero indicates deregistration; all bits set indicates infinity. The home address is the fixed IP address of the MN, home agent is the IP address of the HA, and COA represents the tunnel endpoint. The 64 bit identification is generated by the MN to identify a request and match it with registration replies. This field is used for protection against replay attacks of registrations. The extensions must at least contain parameters for authentication A registration reply, which is conveyed in a UDP packet, contains a type field set to 3 and a code indicating the result of the registration request. Registration Reply The lifetime field indicates how many seconds the registration is valid if it was successful. Home address and home agent are the addresses of the MN and the HA, respectively. The 64-bit identification is used to match registration requests with replies. The value is based on the identification field from the registration and the authentication method. Again, the extensions must at least contain parameters for authentication. Mobile IP UNIT- II DHCP Tunnelling and encapsulation A tunnel establishes a virtual pipe for data packets between a tunnel entry and a tunnel endpoint. Packets entering a tunnel are forwarded inside the tunnel and leave the tunnel unchanged. Tunneling, i.e., sending a packet through a tunnel is achieved by using encapsulation. Mobile IP tunnelling Encapsulation is the mechanism of taking a packet consisting of packet header and data and putting it into the data part of a new packet. The reverse operation, taking a packet out of the data part of another packet, is called decapsulation. Encapsulation and decapsulation are the operations typically performed when a packet is transferred from a higher protocol layer to a lower layer or from a lower to a higher layer respectively. The HA takes the original packet with the MN as destination, puts it into the data part of a new packet and sets the new IP header so that the packet is routed to the COA. The new header is called outer header. Mobile IP UNIT- II DHCP IP-in-IP encapsulation There are different ways of performing the encapsulation needed for the tunnel between HA and COA. Mandatory for mobile IP is IP-in-IP encapsulation as specified in RFC 2003. The following fig shows a packet inside the tunnel. The version field ver is 4 for IP version 4, the internet header length (IHL) denotes the length of the outer header in 32 bit words. DS(TOS) is just copied from the inner header, the length field covers the complete encapsulated packet. The fields up to TTL have no special meaning for mobile IP and are set according to RFC 791. TTL must be high enough so the packet can reach the tunnel endpoint. The next field, here denoted with IP- in-IP, is the type of the protocol used in the IP payload. This field is set to 4, the protocol type for IPv4 because again an IPv4 packet follows after this outer header. IP checksum is calculated as usual. The next fields are the tunnel entry as source address (the IP address of the HA) and the tunnel exit point as destination address (the COA). If no options follow the outer header, the inner header starts with the same fields as above. This header remains almost unchanged during encapsulation, thus showing the original sender CN and the receiver MN of the packet. The only change is TTL which is decremented by 1. This means that the whole tunnel is considered a single hop from the original packet’s point of view. This is a very important feature of tunneling as it allows the MN to behave as if it were attached to the home network. No matter how many real hops the packet has to take in the tunnel, it is just one (logical) hop away for the MN. Finally, the payload follows the two headers. Mobile IP UNIT- II DHCP Minimal encapsulation Minimal encapsulation (RFC 2004) as shown below is an optional encapsulation method for mobile IP which avoids repetitions of identical fields in IP-in-IP encapsulation. The tunnel entry point and endpoint are specified. The field for the type of the following header contains the value 55 for the minimal encapsulation protocol. The inner header is different for minimal encapsulation. The type of the following protocol and the address of the MN are needed. If the S bit is set, the original sender address of the CN is included as omitting the source is quite often not an option. No field for fragmentation offset is left in the inner header and minimal encapsulation does not work with already fragmented packets. Generic Routing Encapsulation Unlike IP-in-IP and Minimal encapsulation which work only for IP packets, Generic routing encapsulation (GRE) allows the encapsulation of packets of one protocol suite into the payload portion of a packet of another protocol suite as shown below. The packet of one protocol suite with the original packet header and data is taken and a new GRE header is prepended. Together this forms the new data part of the new packet. Finally, the header of the second protocol suite is put in front.The following figure shows the fields of a packet inside the tunnel between HA and COA using GRE as an encapsulation scheme according to RFC 1701. The outer header is the standard IP header with HA as Mobile IP UNIT- II DHCP source address and COA as destination address. The protocol type used in this outer IP header is 47 for GRE. The GRE header starts with several flags indicating if certain fields are present or not. A minimal GRE header uses only 4 bytes. The C bit indicates if the checksum field is present and contains valid information. If C is set, the checksum field contains a valid IP checksum of the GRE header and the payload. The R bit indicates if the offset and routing fields are present and contain valid information. The offset represents the offset in bytes for the first source routing entry. The routing field, if present, has a variable length and contains fields for source routing. GRE also offers a key field which may be used for authentication. If this field is present, the K bit is set. The sequence number bit S indicates if the sequence number field is present, if the s bit is set, strict source routing is used. The recursion control field (rec.) is an important field that additionally distinguishes GRE from IP-in-IP and minimal encapsulation. This field represents a counter that shows the number of allowed recursive encapsulations. The default value of this field should be 0, thus allowing only one level of encapsulation. The following reserved fields must be zero and are ignored on reception. The version field contains 0 for the GRE version. The following 2 byte protocol field represents the protocol of the packet following the GRE header. The standard header of the original packet follows with the source address of the correspondent node and the destination address of the mobile node. 14 Mobile IP UNIT- II DHCP A simplified header of GRE following RFC 2784 is shown below. The field C indicates again if a checksum is present. The next 5 bits are set to zero, then 7 reserved bits follow. The version field contains the value zero. The protocol type, again, defines the protocol of the payload following RFC 3232. If the flag C is set, then checksum field and a field called reserved1 follows. The latter field is constant zero set to zero follow. Optimizations If a scenario occurs, where if the MN is in the same subnetwork as the node to which it is communicating and HA is on

Mobile Computing Notes PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue