Internal Only

GPRS & EDGE

Internal Only

Agenda
GPRS EDGE

Security in GPRS

Internal Only

GPRS
(General Packet Radio Service)

Internal Only

Agenda
General GPRS GPRS Network GPRS Roaming

Security in GPRS

Internal Only

General GPRS

Internal Only

GSM Bit Rate Evolution

Bit rate in kbps

100 90 80 70 60 50 40 30 20 10 0 9.6kbps (Today) CS-1 14.4kbps CS-2 HSCSD 38.4-64kbps GPRS 115kbps EDGE 384kbps Technology

Higher Bandwidth!

Internal Only

GPRS Network

Internal Only

Network Architecture 1/2

BTS
A

BSC

MSC/VLR
Gs

MAP Gr (MAP)

HLR IP Network
Gi (IP)

BTS data for the radio interface and PS data descrimination and channel allocation interface is reused
Gd (MAP)

lPacket

Gb

Gc

lCS

lSlot

lExisting A

SGSN
Gn

GGSN
Gn

BSC
lGPRS

SMS-GMSC SMS-IWMSC

Backbone Network IP

MS

Mobility Management lGb Frame Relay lAllocation of PDCH in cells lHandling of GPRS Paging lBroadcast GPRS information

HLR

Internal Only

Network Architecture 2/2

BTS
A

lGPRS lMaps

subscription and routing information subscriber to one or more GGSNs SGSN at attach and detach

BSC

MSC/VLR
Gs

MAP Gr (MAP)

HLR

lUpdate

Gb

Gc Gi (IP)

IP Network

MS

SMS-GMSC SMS-IWMSC

SGSN
Gd (MAP) Gn

GGSN
Gi (X.25) Gn

MSC
lLocation

info from

SGSN lCS paging request to SGSN lSignalling coordination for class A/B mobile (Gs)

Backbone Network IP

X.25 Network

SMS-SC SS7/MAP based SMS is delivered over GPRS for GPRS attached terminals

Charging in GPRS 1/2

BTS
A

Internal Only

SMS-G/IW MSC
Gd (MAP)

BSC

MSC/VLR
Gr (MAP) Gs (BSSAP+)

HLR ISP ISP Network Network

Gb

Charging can be done at SGSN or GGSN or both for data volume and / or SGSN MS for PDP context duration

Gi (IP)

GGSN
Gn Gi (IP)

Gn

Mediation

Backbone Backbone Network Network

Corporate Corporate Network Network

Types of CDRs in GPRS S-CDR : radio n/w related (fm SGSN) G-CDR : for External n/w usage (fm GGSN) M-CDR : related to MM activities (fm SGSN) 2 CDRs related to usage of SMS with GPRS (fm SGSN)

Charging in GPRS 2/2

SMS-G/IW MSC BTS
A

Internal Only

BSC

Gd (MAP)

MSC/VLR
Gr (MAP) Gs (BSSAP+)

HLR ISP ISP Network Network

Gb

SGSN MS
Gn

Gi (IP)

GGSN
Gn Gi (IP)

Mediation

Billing Gateway Functions interface between GSNs and existing billing systems Matching & Filtering of CDRs per PDP context basis Rating : can put price tag to GPRS CDRs, partly or fully Can convert volume based CDRs into time based CDRs for billing systems Storing : (i) Stores security the CDRs till a session ends (ii) The matched CDRs are stored till billing system needs them for processing

Backbone Backbone Network Network

Corporate Corporate Network Network

Internal Only

GPRS Interfaces
Ericsson Ericsson BSS BSS
G b A

SMS-GMSC SMS-IWMSC
Gd (MAP)

MSC/VLR
Gs

Gr (MAP)

HLR
Gc (MAP) Gi (IP)

ISP ISP Network Network

MS
A

SGSN
Gb Gn

GGSN
Gi (IP) Gn Ga

Other Other Vendor BSS Vendor BSS

Backbone Backbone Network Network IP IP

BGW

Corporate Corporate Network Network

MS

Internal Only

GPRS PDP Context Activation

SMS-G/IW MSC BTS BSC MSC/VLR
HLR

SOG AUC

MS Activate PDP context Request Activate PDP context Accept

ISP ISP Network Network

SGSN

GGSN

BG
Backbone Backbone Network Network

Corporate Corporate Network Network

Authentication and Ciphering Req. Authentication and Ciphering Response Create PDP context Request Create PDP context Response

Send Authentication Info. Send Authentication Info. ACK.

Internal Only

Mobile Terminals
Class A mode of operation: Attached both to CS and PS Simultaneous Circuit (CS) and Packet-Switched (PS) services Class B mode of operation: Attached both to CS and PS. Automatic choice of service, CS or PS, but only one at a time Class C mode of operation: Can be attached to either CS or PS service

Internal Only

GPRS Roaming

Internal Only

PLMN Roaming

HPLMN
DN DN S S SGS SGS N N APN available in Home PLMN only GGS GGS N N

ISP

DN DN UPLMN
MS

SGS SGS GGSN N N

S S GGS GGS GGS GGS NN NN

VPLMN

Internal Only

ISP Roaming

HPLMN
SGS SGS N N APN available in Visited PLMN DN DN S S
MS

GGS GGS N N

SGS SGS GGSN N N

VPLMN

GGS GGS N N

ISP

Internal Only

Multi PLMN Support HPLMN2

BSS HLR HPLMN3 BSS HLR

BSS

SGS SGS N N

HLR

GGS GGS N N

Gb

ISP

M-PLMN feature provides seamless PLMN Roaming

HPLMN1
BSS HLR MS HPLMN4

Normal GSM Roaming GPRS Charging Same

Internal Only

Inter SGSN Roaming

HPLMN1
SGS SGS N N
Normal GSM Roaming APNs are same as GGSN is common CDRs generated in Visited SGSN Gn

GGS GGS N N

ISP

SGS SGS N N

HPLMN2

Internal Only

GPRS Roaming Scenario (with GRX)

VPLMN1 HPLMN DNS SLA DNS

GR X
DN S DN S

GR X
DN S VPLMN2 - INT DNS

GR X GRX = GPRS Roaming Exchange

Internal Only

Roaming Billing
TAP - Records (Transferred Account Procedure)

Existing methods of TAP exchanges shall be used TAP File Spec 3 required - GPRS enhancements like: data volume, IP address, APN, etc.
Different concepts to existing TAP Record Procedures

Partial Records Generated + Data volume counts CDRs from HGGSN and VSGSN - different records from different networks for the same connection

Internal Only

Security Issues in GPRS

Internal Only

Mobile Operator Security Requirements

Corporate Network #1 Roaming Partner #1

GTP Firewall Firewall VPN Firewall

Operator

GTP Firewall Over IPSec

GRX

VPN Corporate Network #2

VPN Roaming Partner #2

Internal Only

Security Threats on the Gn / Gp Interface

Threat:
Denial of Service from invalid or flood of GTP traffic Undesirable GTP messages

Solution:
GTP traffic management prevents the GSNs from being overwhelmed GTP packet sanity check in firewall prevents GSNs from having to try to process malformed GTP packets GTP stateful inspection prevents GSNs from having to process GTP packets which dont make sense because of no PDP context or wrong PDP context state GTP policies which determine which GTP messages should be allowed

Internal Only

Security Threats on the Gn / Gp Interface

Threat:

GTP traffic from a non-roaming partner can kill a MS session or hijack a session GTP traffic spoofed to appear from a valid roaming partner
Solution:

GTP security policies block traffic from non-roaming partners High performance IPSec tunnels across GRX can be used to maintain confidentiality and integrity of GTP and prevent GTP from being spoofed

Internal Only

Security Threats on the Gi Interface

Threat:

A subscribers Internet connection may be flooded by incoming traffic The Gi Internet connection may be flooded Hackers may attack subscribers with malicious traffic
Solution:

Firewall traffic management protects the Gi Internet connection for subscribers and the PLMN as a whole Firewall can protect against many common attacks

Internal Only

EDGE
(Enhanced Data rates for GSM Evolution)

Internal Only

Agenda
General EDGE EDGE Network

Security in GPRS

Internal Only

GPRS Evolution
- The Way to UMTS BTS SMS-G/IW MSC MSC/VLR
HLR

SOG AUC

MS

BSC

MS

EDGE BTS UMTS BT BT S S BT BT S S BT BT S S

ISP ISP Network Network

SGSN

GGSN

MS

U T R A N

R R N N C C R R N N C C

BG
Backbone Backbone Network Network

Corporate Corporate Network Network

PTM-SC

Internal Only

EDGE boosts GSM

384 kbps

115 kbps

EDGE

9.6 kbps GSM

57.6 kbps HSCSD

GPRS

Internal Only

The Abbreviation
GPRS = General Packet Radio System

EGPRS = GPRS + EDGE modulation

EDGE = Enhanced Data rates for GSM Evolution

Internal Only

kbps 60 50 40

Standardized improvement I EGPRS Coding Schemes

54.4

59.2

44.8

30 20 10 0
CS1 CS2 CS3 CS4
12.0 8.0 8.4 20.0 14.4 11.2 14.8 17.6 22.4

29.6

MCS1

MCS2

MCS3

MCS4

MCS7

MCS8

MCS5

MCS6

GPRS

EGPRS

GMSK modulation

8PSK modulation

MCS9

Internal Only

(E)GPRS Basic Technical Parameters

GSM Modulation Symbol rate Modulation bit rate Radio data rate per time slot User data rate per time slot User data rate (8 time slots) GMSK 270 ksym/s 270 kb/s 22.8 kb/s 20kb/s (CS4) 160kb/s (182.4kb/s) EDGE 8-PSK / GMSK 270 ksym/s 810 kb/s 69.2 kb/s 59,2 kb/s (MCS9) 473,6kb/s (553.6kb/s)

Internal Only

Network modification !
Internet GPRS
MS

GPRS Protocol

SGS SGSN N

GGS GGSN N

EDGE BTS TRU

PCU

EDGE

MS

EDGE Protocol

No changes

Internal Only

EDGE ...
is easy to implement increases both capacity and performance in GPRS networks

provides complementary coverage

takes GSM to one seamless network

Internal Only

Questions ?

Thank You !!