Thursday, March 10, 2016
Friday, April 27, 2012
Friday, March 20, 2009
Network switching subsystem (NSS)
Network switching subsystem (NSS) is the component of a GSM system that carries out switching functions and manages the communications between mobile phones and the Public Switched Telephone Network (PSTN). It is owned and deployed by mobile phone operators and allows mobile phones to communicate with each other and telephones in the wider telecommunications network. The architecture closely resembles a telephone exchange, but there are additional functions which are needed because the phones are not fixed in one location. Each of these functions handle different aspects of mobility management and are described in more detail below.
The Network Switching Subsystem, also referred to as the GSM core network, usually refers to the circuit-switched core network, used for traditional GSM services such as voice calls, SMS, and circuit switched data calls.
There is also an overlay architecture on the GSM core network to provide packet-switched data services and is known as the GPRS core network. This allows mobile phones to have access to services such as WAP, MMS, and Internet access.
All mobile phones manufactured today have both circuit and packet based services, so most operators have a GPRS network in addition to the standard GSM core network.
The Network Switching Subsystem, also referred to as the GSM core network, usually refers to the circuit-switched core network, used for traditional GSM services such as voice calls, SMS, and circuit switched data calls.
There is also an overlay architecture on the GSM core network to provide packet-switched data services and is known as the GPRS core network. This allows mobile phones to have access to services such as WAP, MMS, and Internet access.
All mobile phones manufactured today have both circuit and packet based services, so most operators have a GPRS network in addition to the standard GSM core network.
Equipment identity register (EIR)
Equipment identity register (EIR)
The equipment identity register is often integrated to the HLR. The EIR keeps a list of mobile phones (identified by their IMEI) which are to be banned from the network or monitored. This is designed to allow tracking of stolen mobile phones. In theory all data about all stolen mobile phones should be distributed to all EIRs in the world through a Central EIR. It is clear, however, that there are some countries where this is not in operation. The EIR data does not have to change in real time, which means that this function can be less distributed than the function of the HLR. The EIR is a database that contains information about the identity of the mobile equipment that prevents calls from stolen, unauthorized or defective mobile stations. Some EIR also have the capability to log Handset attempts and store it in a log file.
[edit] Other support functions
Connected more or less directly to the GSM core network are many other functions.
[edit] Billing centre (BC)
The billing centre is responsible for processing the toll tickets generated by the VLRs and HLRs and generating a bill for each subscriber. It is also responsible for to generate billing data of roaming subscriber.
[edit] Short message service centre (SMSC)
The short message service centre supports the sending and reception of text messages.
[edit] Multimedia messaging service centre (MMSC)
The multimedia messaging service centre supports the sending of multimedia messages (e.g., images, audio, video and their combinations) to (or from) MMS-enabled Handsets.
[edit] Voicemail system (VMS)
The voicemail system records and stores voicemails
The equipment identity register is often integrated to the HLR. The EIR keeps a list of mobile phones (identified by their IMEI) which are to be banned from the network or monitored. This is designed to allow tracking of stolen mobile phones. In theory all data about all stolen mobile phones should be distributed to all EIRs in the world through a Central EIR. It is clear, however, that there are some countries where this is not in operation. The EIR data does not have to change in real time, which means that this function can be less distributed than the function of the HLR. The EIR is a database that contains information about the identity of the mobile equipment that prevents calls from stolen, unauthorized or defective mobile stations. Some EIR also have the capability to log Handset attempts and store it in a log file.
[edit] Other support functions
Connected more or less directly to the GSM core network are many other functions.
[edit] Billing centre (BC)
The billing centre is responsible for processing the toll tickets generated by the VLRs and HLRs and generating a bill for each subscriber. It is also responsible for to generate billing data of roaming subscriber.
[edit] Short message service centre (SMSC)
The short message service centre supports the sending and reception of text messages.
[edit] Multimedia messaging service centre (MMSC)
The multimedia messaging service centre supports the sending of multimedia messages (e.g., images, audio, video and their combinations) to (or from) MMS-enabled Handsets.
[edit] Voicemail system (VMS)
The voicemail system records and stores voicemails
Visitor location register (VLR)
[edit] Visitor location register (VLR)
[edit] Description
The visitor location register is a temporary database of the subscribers who have roamed into the particular area which it serves. Each base station in the network is served by exactly one VLR, hence a subscriber cannot be present in more than one VLR at a time.
The data stored in the VLR has either been received from the HLR, or collected from the MS. In practice, for performance reasons, most vendors integrate the VLR directly to the V-MSC and, where this is not done, the VLR is very tightly linked with the MSC via a proprietary interface.
Data stored include:
IMSI (the subscriber's identity number).
Authentication data.
MSISDN (the subscriber's phone number).
GSM services that the subscriber is allowed to access.
access point (GPRS) subscribed.
The HLR address of the subscriber.
[edit] Other GSM core network elements connected to the VLR
The VLR connects to the following elements:
The V-MSC to pass needed data for its procedures; e.g., authentication or call setup.
The HLR to request data for mobile phones attached to its serving area.
Other VLRs to transfer temporary data concerning the mobile when they roam into new VLR areas. For example, the temporal mobile subscriber identity (TMSI).
[edit] Procedures implemented
The primary functions of the VLR are:
To inform the HLR that a subscriber has arrived in the particular area covered by the VLR.
To track where the subscriber is within the VLR area (location area) when no call is ongoing.
To allow or disallow which services the subscriber may use.
To allocate roaming numbers during the processing of incoming calls.
To purge the subscriber record if a subscriber becomes inactive whilst in the area of a VLR. The VLR deletes the subscriber's data after a fixed time period of inactivity and informs the HLR (e.g., when the phone has been switched off and left off or when the subscriber has moved to an area with no coverage for a long time).
To delete the subscriber record when a subscriber explicitly moves to another, as instructed by the HLR.
[edit] Description
The visitor location register is a temporary database of the subscribers who have roamed into the particular area which it serves. Each base station in the network is served by exactly one VLR, hence a subscriber cannot be present in more than one VLR at a time.
The data stored in the VLR has either been received from the HLR, or collected from the MS. In practice, for performance reasons, most vendors integrate the VLR directly to the V-MSC and, where this is not done, the VLR is very tightly linked with the MSC via a proprietary interface.
Data stored include:
IMSI (the subscriber's identity number).
Authentication data.
MSISDN (the subscriber's phone number).
GSM services that the subscriber is allowed to access.
access point (GPRS) subscribed.
The HLR address of the subscriber.
[edit] Other GSM core network elements connected to the VLR
The VLR connects to the following elements:
The V-MSC to pass needed data for its procedures; e.g., authentication or call setup.
The HLR to request data for mobile phones attached to its serving area.
Other VLRs to transfer temporary data concerning the mobile when they roam into new VLR areas. For example, the temporal mobile subscriber identity (TMSI).
[edit] Procedures implemented
The primary functions of the VLR are:
To inform the HLR that a subscriber has arrived in the particular area covered by the VLR.
To track where the subscriber is within the VLR area (location area) when no call is ongoing.
To allow or disallow which services the subscriber may use.
To allocate roaming numbers during the processing of incoming calls.
To purge the subscriber record if a subscriber becomes inactive whilst in the area of a VLR. The VLR deletes the subscriber's data after a fixed time period of inactivity and informs the HLR (e.g., when the phone has been switched off and left off or when the subscriber has moved to an area with no coverage for a long time).
To delete the subscriber record when a subscriber explicitly moves to another, as instructed by the HLR.
Authentication centre (AUC)
Authentication centre (AUC)
[edit] Description
The authentication centre (AUC) is a function to authenticate each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). Once the authentication is successful, the HLR is allowed to manage the SIM and services described above. An encryption key is also generated that is subsequently used to encrypt all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network.
If the authentication fails, then no services are possible from that particular combination of SIM card and mobile phone operator attempted. There is an additional form of identification check performed on the serial number of the mobile phone described in the EIR section below, but this is not relevant to the AUC processing.
Proper implementation of security in and around the AUC is a key part of an operator's strategy to avoid SIM cloning.
The AUC does not engage directly in the authentication process, but instead generates data known as triplets for the MSC to use during the procedure. The security of the process depends upon a shared secret between the AUC and the SIM called the Ki. The Ki is securely burned into the SIM during manufacture and is also securely replicated onto the AUC. This Ki is never transmitted between the AUC and SIM, but is combined with the IMSI to produce a challenge/response for identification purposes and an encryption key called Kc for use in over the air communications.
[edit] Other GSM core network elements connected to the AUC
The AUC connects to the following elements:
the MSC which requests a new batch of triplet data for an IMSI after the previous data have been used. This ensures that same keys and challenge responses are not used twice for a particular mobile.
[edit] Procedures implemented
The AUC stores the following data for each IMSI:
the Ki
Algorithm id. (the standard algorithms are called A3 or A8, but an operator may choose a proprietary one).
When the MSC asks the AUC for a new set of triplets for a particular IMSI, the AUC first generates a random number known as RAND. This RAND is then combined with the Ki to produce two numbers as follows:
The Ki and RAND are fed into the A3 algorithm and the signed response (SRES) is calculated.
The Ki and RAND are fed into the A8 algorithm and a session key called Kc is calculated.
The numbers (RAND, SRES, Kc) form the triplet sent back to the MSC. When a particular IMSI requests access to the GSM core network, the MSC sends the RAND part of the triplet to the SIM. The SIM then feeds this number and the Ki (which is burned onto the SIM) into the A3 algorithm as appropriate and an SRES is calculated and sent back to the MSC. If this SRES matches with the SRES in the triplet (which it should if it is a valid SIM), then the mobile is allowed to attach and proceed with GSM services.
After successful authentication, the MSC sends the encryption key Kc to the base station controller (BSC) so that all communications can be encrypted and decrypted. Of course, the mobile phone can generate the Kc itself by feeding the same RAND supplied during authentication and the Ki into the A8 algorithm.
The AUC is usually collocated with the HLR, although this is not necessary. Whilst the procedure is secure for most everyday use, it is by no means crack proof. Therefore a new set of security methods was designed for 3G phones.
[edit] Description
The authentication centre (AUC) is a function to authenticate each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). Once the authentication is successful, the HLR is allowed to manage the SIM and services described above. An encryption key is also generated that is subsequently used to encrypt all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network.
If the authentication fails, then no services are possible from that particular combination of SIM card and mobile phone operator attempted. There is an additional form of identification check performed on the serial number of the mobile phone described in the EIR section below, but this is not relevant to the AUC processing.
Proper implementation of security in and around the AUC is a key part of an operator's strategy to avoid SIM cloning.
The AUC does not engage directly in the authentication process, but instead generates data known as triplets for the MSC to use during the procedure. The security of the process depends upon a shared secret between the AUC and the SIM called the Ki. The Ki is securely burned into the SIM during manufacture and is also securely replicated onto the AUC. This Ki is never transmitted between the AUC and SIM, but is combined with the IMSI to produce a challenge/response for identification purposes and an encryption key called Kc for use in over the air communications.
[edit] Other GSM core network elements connected to the AUC
The AUC connects to the following elements:
the MSC which requests a new batch of triplet data for an IMSI after the previous data have been used. This ensures that same keys and challenge responses are not used twice for a particular mobile.
[edit] Procedures implemented
The AUC stores the following data for each IMSI:
the Ki
Algorithm id. (the standard algorithms are called A3 or A8, but an operator may choose a proprietary one).
When the MSC asks the AUC for a new set of triplets for a particular IMSI, the AUC first generates a random number known as RAND. This RAND is then combined with the Ki to produce two numbers as follows:
The Ki and RAND are fed into the A3 algorithm and the signed response (SRES) is calculated.
The Ki and RAND are fed into the A8 algorithm and a session key called Kc is calculated.
The numbers (RAND, SRES, Kc) form the triplet sent back to the MSC. When a particular IMSI requests access to the GSM core network, the MSC sends the RAND part of the triplet to the SIM. The SIM then feeds this number and the Ki (which is burned onto the SIM) into the A3 algorithm as appropriate and an SRES is calculated and sent back to the MSC. If this SRES matches with the SRES in the triplet (which it should if it is a valid SIM), then the mobile is allowed to attach and proceed with GSM services.
After successful authentication, the MSC sends the encryption key Kc to the base station controller (BSC) so that all communications can be encrypted and decrypted. Of course, the mobile phone can generate the Kc itself by feeding the same RAND supplied during authentication and the Ki into the A8 algorithm.
The AUC is usually collocated with the HLR, although this is not necessary. Whilst the procedure is secure for most everyday use, it is by no means crack proof. Therefore a new set of security methods was designed for 3G phones.
Subscribe to:
Posts (Atom)