O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

GSM Base transceiver station

4.911 visualizações

Publicada em

Topics covered in this presentation:
What is a Base Transceiver Station ?
Components of any BTS
BTS transceiver, BTS O&M module, clock module
BTS Transmitter and Receiver Characteristics
BTS configurations
BTS functions and Protocols on Um and Abis Interface
BTS security aspects

Publicada em: Educação
  • Hello there! Get Your Professional Job-Winning Resume Here! http://bit.ly/topresum
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui

GSM Base transceiver station

  1. 1. GSM Base Transceiver Station Presentation by: Naveen Jakhar ITS – 2014 Batch 1
  2. 2. Topics covered in this presentation:  What is a Base Transceiver Station ?  Components of any BTS  BTS transceiver, BTS O&M module, clock module  BTS Transmitter and Receiver Characteristics  BTS configurations  BTS functions and Protocols on Um and Abis Interface  BTS security aspects  Conclusion 2
  3. 3. Introduction to Base Transceiver Station:  BTS stands for Base Transceiver Station  A BTS is an equipment that facilitates wireless communication between user equipment (UE) and a network  UEs are devices like mobile phones, WLL (Wireless in Local Loop) phones, computers with wireless Internet connectivity  The network can be that of any of the wireless communication technologies like GSM, CDMA, wireless local loop, Wi-Fi (wireless fidelity), WiMAX (Worldwide Interoperability for Microwave Access) or other wide area network(WAN) technology 3
  4. 4. Introduction to Base Transceiver Station:  BTS is also referred to as the radio base station (RBS), node B(in 3G Networks) or, simply, the base station (BS)  The term BTS is applicable to any of the wireless communication standards, it is generally associated with mobile communication technologies like GSM and CDMA 4
  5. 5. Base Transceiver Station(BTS) components:  BTS provides the wireless connectivity to Mobile Station on one side via Air Interface (also called 𝑈 𝑚 𝐼𝑛𝑡𝑒𝑟𝑓𝑎𝑐𝑒)  BTS is connected to BSC via Abis Interface  Any BTS is having these components:  Transceiver (TRX) Power amplifier (PA)  Combiner Multiplexer  Antenna Baseband receiver unit (BBxx)  Control function Alarm extension system  Clock Module Operation and Maintenance module 5
  6. 6. Base Station Transceiver:  BTS Transceiver is responsible for transmission and reception of signals  GSM recommendations allow one BTS to host up to 16 TRX  In field, majority of BTS have one to 4 TRX at max  TRX is having two parts: one, a low frequency part for digital signal processing and other, high frequency part for GMSK modulation and demodulation  Both parts are connected via a separate or an integrated frequency hopping unit 6
  7. 7. Base Transceiver Diagram: 7
  8. 8. Base station components:  Combiner combines feeds from several TRXs so that they could be sent out through a single antenna thus reducing the number of antennas that need be installed  Power Amplifier Class C, aids in signal amplification from TRX for transmission through the antenna  Duplexer is used for separating sending and receiving signals to or from the antenna  Antenna is an external part of the BTS and it is used to transmit the signals to other entity 8
  9. 9. Base station components:  Alarm Extension system collects working status alarms of various units in the BTS and extends them to operations and maintenance (O&M) monitoring stations Control functions controls and manages the various units of BTS, including any software. On-the-spot configurations, status changes, software upgrades, etc. are done through the control function module 9
  10. 10. BTS Operations and Maintenance module:  It consists of at least one central unit, which administers all other parts of BTS  O&M module is connected to BSC by means of a special O&M channel  O&M module allows a remote access from BSC for any software update A BTS is controlled by a parent BSC via the base station control function(BCF), implemented in O&M module  O&M module also provides a Human Machine Interface, which allows for local control of BTS 10
  11. 11. BTS Clock module:  Clock generation and distribution module is present inside O&M module  Reference clock is derived from PCM signals on Abis Interface  BTS internal clock generation is mandatory – when a BTS is to be tested in standalone environment & when PCM clock is not available due to link failure  GSM requires that all TRX of a BTS use same clock. The accuracy of the signal has to have a precision of at least 0.05 ppm 1 MHz clock, precision should be .05 Hz 11
  12. 12. BTS Input and Output filters:  Input and output filters are used to limit the bandwidth of received and transmitted signal  The input filter typically is a non-adjustable wideband filter that allows GSM 900MHz, DCS 1800 MHz, PCS 1900 MHz frequencies to pass in the uplink direction  The output filter is an adjustable wideband filter used in downlink direction which limits the signal to 200 KHz bandwidth 12
  13. 13. BTS Transmitter Characteristics:  Output Power  Output RF Spectrum  Spurious emissions  Radiofrequency tolerance  Output level dynamic operation  Modulation accuracy  Intermodulation attenuation 13
  14. 14. BTS Transmitter Specifications: For a normal BTS, the maximum output power measured at the input of the BSS Tx combiner, shall be, according to its class, as defined in the following table 14
  15. 15. Micro and pico -BTS Transmitter Specifications:  For a micro-BTS or a pico-BTS, the maximum output power per carrier measured at the antenna connector after all stages of combining shall be, according to its class, defined in the following table. 15
  16. 16. BTS Transmitter Specifications:  The tolerance of the actual maximum output power of the BTS for each supported modulation shall be ±2 dB under normal conditions and ±2.5 dB under extreme conditions  Power can be increased in steps, each step size is of 2 dB with accuracy of ±1 dB  dBc (decibels relative to the carrier) is the power ratio of a signal to a carrier signal, expressed in decibels The Residual output power, if a timeslot is not activated, shall be maintained at, or below, a level of -30 dBc on the frequency channel 16
  17. 17. BTS Receiver Characteristics:  Blocking Characteristics  AM Suppression Characteristics  Intermodulation Characteristics  Spurious emissions 17
  18. 18. BTS Receiver Blocking Characteristics:  The blocking characteristics of the receiver are specified separately for in-band and out-of-band performance 18
  19. 19. BTS configurations:  BTS Configurations depend on load, subscriber behaviour and area to be covered  Three different configurations of BTS:  Standard omnidirectional configuration  Umbrella shape configuration  Sectorized or Cell configuration 19
  20. 20. BTS Standard Omnidirectional Configuration:  Omnidirectional antennas are used  No fine load balancing with respect to the load and clutter  Inefficient resource utilization  Low antenna gain 20
  21. 21. BTS Umbrella Cell Configuration:  Umbrella cell configuration consists of one BTS with high transmission power and an antenna installed high above the ground that serves as an umbrella for a number of BTSs with low transmission power and small diameters  Use of Umbrella cell Configuration ? 21
  22. 22. BTS Umbrella Cell Configuration:  Umbrella cell configuration – high rise antenna may be a solution to provide coverage for fast moving cars (how can they be detected – using timing advance parameter – updated after every 480 ms by MEAS_RES message)and antennas with lesser height can provide coverage to dense areas within a city  Umbrella configuration not specified by GSM, so additional design updates required in BTS and BSC  Drawback: Interference and non-reuse of frequency 22
  23. 23. BTS Sectorized(Collocated) Configuration:  Several BTSs are collocated at one site but their antennas cover only an area of 120 or 180 degrees  Fairly easy to fine-synchronize the cells with each other and thus allows for synchronised handover between the two cells  Re-use of frequencies  Sectorization eases the demand for frequencies especially in urban areas 23
  24. 24. BTS Sectorized(Collocated) Configuration: 24
  25. 25. BTS functions:  BTS is an important component of BSS  Channel encoding and decoding  Burst formatting and Interleaving  Encryption and decryption (ciphering)  setup of LAPD connection on BSC side and LAPDm on Um interface  GMSK modulation and demodulation  Creation and transmission of BCCH  Measurements of signal strength and forward the results to BSC 25
  26. 26. BTS Interface Protocols and signal transfer :  𝑼 𝒎interface : This interface uses LAPDm protocol for signalling, to conduct call control,measurement reporting reporting, handover, power control, authentication, authorization, location update and so on. Traffic and signaling are sent in bursts of 0.577 ms at intervals of 4.615 ms, to form data blocks each 20 ms LAPDm does not have CRC for Error detection  Abis Interface : Uses TDM sub channels for traffic (TCH), LAPD protocol for BTS supervision and telecom signalling, and carries synchronization from the BSC to the BTS and MS 26
  27. 27. BTS Interface Protocols: 27
  28. 28. BTS Interface Protocols and signal transfer :  GSM Layer 1:  FDMA/TDMA is the air interface(radio), also called Um interface  At Mobile Station, FDMA/TDMA is used which is also followed at BTS, BTS takes this format from MS and convert it to 64kbps digital format for the digital link and interfaces with BSC 28
  29. 29. BTS Interface Protocols and signal transfer :  GSM Layer 2:  Layer 2 is the data link layer, which does following three main functions.  Establish and maintain the link  Flow control  Error detection  Work on layer 3 frames . 29
  30. 30. BTS Interface Protocols and signal transfer :  GSM Layer 2: At Layer-2 LAPD and LAPDm is used. LAPD is the ISDN(Integrated Services Digital Network) protocol for D Channel LAPDm is the modified version of LAPD for mobile station LAPDm does not have CRC for Error detection LAPD at BTS converts potentially unreliable physical link of MS into reliable link 30
  31. 31. Security aspects at BTS:  All BTS are comprised of software and radio equipment and most of the vendors use a similar transceiver code base – means all can be attacked using this flaw  A malicious hacker can take control of BTS from any remote place – results in compromised BTS functionalities  The attacker could impersonate a parallel BTS communicating with it and could send GSM data bursts to the transceiver itself, thus conducting attacks such as IMSI detaching, encryption downgrading, and denial of service against mobile subscribers 31
  32. 32. Conclusion and way forward:  BTS is an important device for Mobile communication and any security breach at BTS would expose the entire mobile network to many vulnerabilities  Vendors are coming up with these improvements in BTS design:  change firewall rules to block traffic coming from external networks to specific ports  Enhanced authentication process  perform additional code audits before releasing alpha version of any software patch 32
  33. 33. References: Book GSM networks : Protocols, Terminology and Implementation by Gunnair Heine 3GPP TS 05.05 version 8.20.0 Release 1999, ETSI TS 100 910 V8.20.0 (2005-11)  http://www.securityweek.com/critical-vulnerabilities-affect-open- source-base-transceiver-stations http://www.rfwireless-world.com/ http://whytelecom.com/ https://en.wikipedia.org/wiki/Base_transceiver_station 33
  34. 34. Thank You Communication – The Human Connection – is the key to Personal and Career Success 34

×