GSM
An IMEI may be retrieved from any GSM mobile by entering what into the ME?
*#06#
CRH is found on what channel and has what values?
-BCCH -0-7 in 2dBm increments
Name five parameters with correlating values
-CRO = 0-63 in 2dB increments -RxLEV = 0-63 ; 63=47dB, 0=110dB or worse -T3212 = 0-255 ; 6 minute increments -CRH = 0-7 ; 5 second increments -C2 = C1+CRO
Three events that will trigger a location update?
-IMSI attach/detach -LAC change -T3212 expires
Explain Process for Mobile registration
-MS turns on and attempts the register last LAC -MS finds tower and decodes BSIC -AuC does something with triplets and algorithms -MS is granted access after it uses RAND to send back the correct SRES to XRES
The HLR contains what?
-Permanent records of subscriber information -Last reported location
What is stored on the SIM card and in the AuC, but is never transmitted over the air?
-Subscriber encryption keys -Current Cipher -Ki -Last 10 calls -Phone Book
Authentication is always performed during what three events?
-initial registration -mobile originated call -location update
CRO value
-value 0-63 -measured between 0-126 dBm -increments of 2 -makes tower look more attractive to ME
The BCCH is normally found on which timeslot?
0
ARFCN assignment for EGSM 900
0-124/975-1023
What dBm is CRO measured between?
0-126 dBm
CRO value ?
0-63
CRO dB range
0-63 dB
Temporary offset values
0-7 0-60 dBm Increments of 10 7 is infinite value
CRH has what value range and in what increments
0-7 in 2dBm increments
Which timeslot is the SDCCH broadcast on?
1
ARFCN assignment for PGSM 900
1-124
ARFCN range for 900 ?
1-124
ARFCN assignment for GSM 850
128-251
ARFCN range for 850 ?
128-251
How many digits are in an IMEI
15
The IMSI is composed of how many digits?
15
Channel range 512-885 ?
1800 band
Channel range 512-810 ?
1900 band
The bandwidth for a single GSM channel is?
200 kHz
Channel offset for GSM 850
45 MHz
Channel offset for PGSM900
45 MHz
EGSM channel offset
45 MHz
ARFCN assignment for GSM 1900/PCS
512-810
ARFCN range for 1900 ?
512-810
ARFCN assignment for GSM 1800/DCS
512-885
ARFCN range for 1800 ?
512-885
The highest Rx LEV possible is what?
63
Each GSM channel can provide service to a maximum of how many full rate subscribers?
8
TDMA eighth rate
8 users on one time slot used in SDCCH
GSM 1900/PCS channel offset
80 MHz
What is the offset between forward and reverse for GSM 1900?
80 MHz
What is the offset for forward and reverse for GSM 1900?
80 MHz
Channel range 128-251 ?
850 band
Channel range 1-124 ?
900 band
GSM 1800/DCS channel offset
95 MHz
ARFCN range for E900 ?
975-1023
Standalone Dedicated Control Channel (SDCCH)
A dedicated point to point signaling channel
Random Access Channel (RACH)
A request of network resources from the MS
Values of CBQ
A value of 0 or 1
What is a pair of frequencies used for communication between BTS and MS
ARFCN
ARFCN
Absolute Radio Frequency Channel Number
AGCH
Access Grant Channel
Definition of CRO
Applies an offset to the C2 re-selection criteria
Definition of Temporary Offset?
Applies negative offset to C2 for the duration of the penalty time
Definition of a cell
Area covered by a BTS
Authenticates the User by the using the IMSI, creates triplet Kc, RAND, SRES
AuC
AuC
Authentication Center
In GSM which of the following is a list of usable channels transmitted by the BCCH?
BA list
List of 32 reusable ARFCNs transmitted by every BTS panel, varies panel to panel
BA list
What channel is CRH found on?
BCCH
What is the CBA sent over?
BCCH
Controls up to several hundred base stations. Middle man between BTS and MSC
BSC
The GCI does not contain which of the following? LAC CI BSIC MCC
BSIC
Front end of the network, contains BTS and BSC
BSS
Cell phone tower ; transmit(tx) and receive(rx) antennas
BTS
BSC
Base Station Controller
BSS
Base Station Subsystem
BTS
Base Transceiver Station
BCCH
Broadcast Control Channel
BA List definition
Broadcast allocation list
Time-slot 0 is for what channel?
Broadcast channel
The penalty timer is used in the calculation for what?
C2
C2 value equation
C2=C1+CRO-(temporary offset*H)
Definition of Cell Bar Access (CBA)
CBA means no registration attempted and no camping ; the ARFCN is available for TCH only
What is designed to prevent An MS reselecting to a certain cell/ARFCN
CBQ
Identifier for specific sectors of a cell
CI
A dB buffer added to a cell to prevent repeated Re-selection on LAC boundaries
CRH
What are the BCCH parameters?
CRO, CRH
Name five parameters
CRO, CRH, C2, T3212 timer, and RxLEV
BCCH parameters with values and increments
CRO= 0 to 63, increments of 2 CRH= a time buffer the prevent constant LAC changes
The area covered by a single BTS is referred to as a?
Cell
MCC, MNC, LAC, CI together is?
Cell Global Identifier (CGI)
CRH
Cell Re-selection Hysteresis
CRH
Cell Reselection Offset
CBQ
Cell bar Qualifier
CI
Cell identifier
CRO
Cell re selection offset
What is the ARFCN also known as? Two things.
Channel number, or channel
Definition of Cell Bar Qualifier ?
Designed to prevent MS deselecting to a certain cell/ARFCN
Frame definition
Division of a defined length of digital information
Channel range 975-1023 ?
E900 band
Verified IMEI of handset
EIR
EIR
Equipment Identity Register
GSM uses a combination of what access schemes?
FDMA and TDMA
List the multiple access schemes.
FDMA, TDMA, CDMA
True or False : The FCCH is a physical channel
False
True or False : The IMEI is in place of a sensitive identifier?
False
True or False : The MS handles deselection while in traffic?
False
True or False : The Network is informed when a MS performs a cell deselection in the same LAC?
False
True or False : when changing LAC, the MS does not notify the network?
False
True or False, if the neighbor cell is in the same LAC as the serving cell, the MS will re-select the neighbor cell if it's C1 is greater than the C1 of the serving cell for one second?
False
A group of 8 of each timeslot is organized into a ?
Frame
Division of a defined length of digital information ?
Frame
FCH
Frequency Control Channel
An MSC that serves as a gateway to outside networks
G-MSC
What type of modulation does GSM use?
GMSK
When a handset performs a location update due to a LAC change, the subscribers current location information is updated at?
Gaining VLR
G-MSC
Gateway Mobile Switching Center
Definition of Penalty Timer?
Gives duration for which the temporary offset is applied
Database of permanent subscriber information as well as current temporary information?
HLR
GSM network uses what type of system?
Half duplex system
TDMA half-rate
Half of a time slot is yours; 2 users on one timeslot
What is an MSC Internal Handover
Handover between different BSCs in same LAC
What is an Inter BTS handover ?
Handover between different BTS' in the same LAC
What is an MSC external handover?
Handover between different LACs ***Gaining MSC is in charge of handover
What is an Intra BTS Handover?
Handover between sectors on a single tower
HLR
Home Location Register
What are permanent identifiers
IMSI, IMEI
Cell Global Identifier(CGI)
Identifier that uniquely identifies a specific sector from any sector in the world
Cell re-selection is only performed while the MS is...
In Idle Mode
Where is the C1 calculated?
In the MS
What increments are used for CRO?
Increments of 2
What is the IMEI
International Mobile Equipment Identity
What is the RxLev (Received signal Level)
It is the signal strength of the received signal
Code given to identify a specific location area
LAC
During a mobile terminated call, a page for the target handset is sent out across the ?
LAC
The MSC and VLR control an area called a?
LAC
MCC, MNC, LAC together is?
Local Area Identifier (LAI)
LAC
Location Area Code
What are common control channels and list the associated channels.
Logical channel -PCH -AGCH -RACH
Access Grant Channel (AGCH)
Logical channel used to assign an SDDCH or a TCH to a MS
What are broadcast channels and list the associated channels.
Logical channels -BCCH -SCH -FCCH
What are dedicated control channels and list the associated channels.
Logical channels -SDCCH -SACCH -FACCH
Code used to identify a specific country
MCC
The CGI is composed of what?
MCC, MNC, LAC, and CI
IMSI is composed of?
MCC, MNC, and MSIN
Code used to identify a specific network
MNC
Brains of the network. integrated Services Digital Network Switch (ISDN)
MSC
What controls a LAC?
MSC and VLR
MSC Handover between different LACs?
MSC external handover
Unique number that references a users account information
MSIN
Dialed phone number of mobile station
MSISDN
A temporary number used to route calls in an outside network
MSRN
What does the CRO do?
Makes tower look more attractive to the ME than it really is. ( fake tits on a tower )
Definition of MS_TxPWR_MAX_CCH
Max transmit power levels an MS may use when accessing the network
Definition of Rx_LEV_ACCESS_MIN
Minimum Rx level at the MS needed to access the network
MCC
Mobile Country Code
MNC
Mobile Network Code
MSRN
Mobile Station Roaming Number
MSISDN
Mobile Subscriber Integrated Services Digital Network
MSC
Mobile Switching Center
MSIN
Mobile subscriber identification number
Back end of the network; contains MSC, VLR, AuC, EIR, GMSC, HLR
NSS
What is the strongest six channels calculated by the handset?
Neighbor list
The base Station Identification Code contains what color code?
Network Color Code
Two components that make up the BSIC?
Network Color Code Base Station Color Code
The BCCH transmits ?
Network Identification Information
Broadcast Control Channel (BCCH)
Network Identifying Parameters
NSS
Network Switching Subsystem
Does the ME need to inform the network if it's in the same LAC?
No
Will the MS conduct a location update if it moves to a new cell in the same LAC
No
Will the MS conduct a location update if it moves to a new cell in the same LAC?
No
Where is the CRO sent?
On the BCCH
Where is the BSIC sent?
On the SCH(Sync channel)
What is an ARFCN?
Pair of frequencies, uplink/downlink
The first 6 digits of the IMSI indicates the ?
Public Land Mobile Network (PLMN)
MCC and MNC together is?
Public Land Mobile Network(PLMN)
Identify what triplets are, how they are formed and what they are used for.
RAND, SRES, Kc, used for authentication
What is used to calculate the expected RSSI on a receiver?
Radio Link Budget
RACH
Random Access Channel
Syncs timing and broadcasts BSIC
SCH
Unique to a user and identifies by the IMSI. Stores important info for authentication.
SIM
SDCCH
Standalone Dedicated Control Channel
A dedicated point to point signaling Channel?
Standalone dedicated control Channel (SDCCH)
SIM
Subscriber Identity Module
What does the SIM contain?
Subscriber encryption keys Last LAC User phone books
What channel is the BSIC transmitted on?
Sync
SCH
Synchronization Channel
Make and model of equipment
TAC
What is the IMEI composed of?
TAC, Serial Number and CD ( 8, 6, and 1 digits long
Point to point voice and data communications
TCH
Temporary identifier put in place to mask another sensitive identifier known as the IMSI?
TMSI
What does the network assign temporarily?
TMSI
TMSI
Temporary Mobile Subscriber Identity
TDMA Full-rate
Time slot is yours
What is the purpose of the CI?
To identify a specific sector on a tower
TCH
Traffic Channel
True or False : CRH is used on LAC boundaries?
True
True or False : The BCCH is a logical channel?
True
True or False : The FACCH is sent on the Traffic channel?
True
True or False : The SACCH will notify the MS of incoming messages?
True
True or False : The SACCH_BA_List is used for ARFCN selection in handoffs?
True
True or False : The strongest 6 ARFCNs in the area are the BA_list?
True
True or False : the network handles handoffs?
True
True or False, in the IMEI, the CD (Check Digit) is not transmitted
True
TAC
Type Allocation Code
Definition of IMEI
Unique identifier for the mobile equipment
When the downlink path loss is less than the uplink path loss, the system is said to be :
Uplink limited
Frequency Control Channel
Used for correction of transmission Frequency
Radio Link Budget
Used to calculate expected RSSI on a receiver
FDMA definition
User occupies private frequency, protected from interference
TDMA definition
Users occupy specific frequency but only during assigned timeslots
The database that holds temporary record of an MS' information is the?
VLR
Cell Re-selection Definition
When a channel becomes more favorable than its current channel and the channel is on the MS neighbor list, it will attempt to switch to a new channel
Definition of Cell Reselection
When a channel becomes more favorable than its current channel and the channel on the MS neighbor list, it will attempt to switch to new channel
What is RxQual (Receive Quality)
clarity of signal
GSM
global system for mobile communications
