Network Switching Subsystem (NSS) or Switching Subsystem (SS) is responsible for switching the traffic from one mobile operator to another operator or to PSTN.
MSC and VLR
The central component of the this subsystem is the Mobile services Switching Center (MSC). It acts like a normal switching node of the PSTN or ISDN and additionally provides all the functionality needed to handle a mobile subscriber such as registra- tion, authentication, location updating, handovers4 and call routing to a roaming subscriber. These services are provided in conjunction with several functional enti- ties which together form the switching subsystem. The MSC provides the connection to the fixed networks such as the PSTN or ISDN. Signalling between functional en- tities in the this subsystem uses Signalling System Number 7 SS7 used for trunk signalling in ISDN and widely used in current public networks.
2.1. ARCHITECTURE OF THE GSM NETWORK 29 The Visitor Location Register (VLR) contains selected subscriber’s information from the HLR necessary for call control and provision of the subscribed services for each subscriber currently located in the geographical area controlled by the VLR. Al- though each functional entity can be implemented as an independent unit, all man- ufacturers of switching equipment implement the VLR together with the MSC so that the geographical area controlled by the MSC corresponds to that controlled by the VLR thus simplifying the signalling required. Note that the MSC contains no information about particular mobile stations. This information is stored in the location registers.
The following steps take place when a MS tries to register itself with an MSC/VLR.
Step 1: A subscriber sends its request to register with an MSC/VLR (Using IMSI). Step 2: MSC analyzes the IMSI and finds out the home operator and the HLR’s
address.
Step 3: MSC/VLR contacts the HLR and requests for subscriber’s information. Step 4: Using this information, the serving MSC/VLR authenticates the subscriber. Step 5: After successful authentication, VLR informs the HLR about the successful
registration. In future, if any incoming call or SMS arrives for this subscriber, this MSC/VLR will be contacted for setting up the connection.
Gateway MSC GMSC
From basic operation and functionality, GMSC is in fact the same as MSC but its logical role is different. GMSC is that MSC which is at the border of the PLMN and interconnects one network to another. The main function of GMSC is HLR- Interrogation. This procedure takes place when a Mobile Terminated Call (incoming call) request comes to GMSC, and GMSC interrogates HLR regarding the current location of a mobile subscriber.
To understand the role of GMSC, let us take a look at the sequence of events which take place when an incoming5 call comes.
Step 1: Mobile terminated call setup request arrives at GMSC (using MSISDN of
called party).
Step 2: GMSC queries HLR regarding the current location of subscriber (using MSISDN number).
Step 3: HLR maps MSISDN to IMSI and finds the VLR address where UE was
last reported.
Step 4: HLR contacts VLR (using IMSI).
Step 5: VLR assigns a temporary Mobile Station Roaming Number (MSRN) to
this IMSI and sends it back to HLR.
Step 6: HLR sends MSRN to GMSC and hence the call can be forwarded to the
serving-MSC where the user is currently located.
The acceptance of an interrogation to an HLR is the decision of the operator. The choice of which MSCs can act as Gateway MSCs is for the operator to decide (i.e. all MSCs or some designated MSCs).
Home Location Register HLR
Home Location Register (HLR) is a central database that stores the information about the subscribers. When a SIM card is issued to a mobile user, it gets reg- istered in HLR. Afterwards, wherever the user goes, it gets registered with local MSC/VLR and that MSC/VLR contacts HLR to get the administrative informa- tion of the subscriber. In this way, HLR always keeps track of the user’s location. This information is stored in the form of signalling address of VLR. HLR and VLR communicate using MAP protocol of the SS7 signalling suite.
For each subscriber HLR contains a lot of information. Some of that is shown below: • IMSI of the subscriber
• MSISDN of the subscriber
• VLR-address which is currently serving this subscriber • List of Subscribed services
• GPRS related data
• Quality-of-service (QoS) profile
• Subscribed supplementary services (e.g., Call Waiting, Call Forwarding, etc.) There is logically one HLR per GSM operator but as the number of subscribers grows, there can be more than one HLR in the network. It is also better to have
2.1. ARCHITECTURE OF THE GSM NETWORK 31 another HLR node for redundancy purpose. The second node can be used for backup and for redundancy purpose. This arrangement can be used to guarantee the service continuity in case of technical failure with the first node. The information about HLR-address can be found from the IMSI.
Equipment Identity Register EIR
The Equipment Identity Register (EIR) is a database that contains a list of all valid mobile equipment on the network where each mobile station is identified by its International Mobile Equipment Identity IMEI. An IMEI is marked as invalid if it has been reported stolen or is not type-approved. An EIR maintains three lists:
1. Black: The IMEI numbers of the mobile handsets which have been reported
stolen or inappropriate are stored in black list.
2. White: The while list contains the few digits of IMEI number that identify the
handset type. In white list, there is no need to have the full IMEI number. If a handset model has been approved by 3GPP standards, then its ”handset type” is stored in the white list.
3. Grey: Under the grey list of EIR, one can find the IMEI numbers of phones
which are under surveillance. Every time, this handset is used to access the network services, a log will be generated.
In the criminal investigation, IMEI number proves to be quite helpful. Sometimes, criminals steal the phones and start using them with their own SIM cards. Fortu- nately, the IMEI number of the handset can help the law enforcement agencies to track the mobile equipment.
Authentication Center AuC
The Authentication Center (AuC) is a protected database that stores a copy of the secret key stored in each subscriber’s SIM card. The AuC always resides in the HPLMN. This network element is the most secured node in the whole PLMN. The AuC generates security data which is used for authentication of users and encryption of data over the radio channel. The secret master key (K) never leaves the authentication center. The AuC feeds random number (RAND) and master key (K) to a standards algorithm and generate security data. This security data is then forwarded to the serving MSC/VLR in VPLMN.
As described, MSC/VLR perform an authentication procedure to verify the identity of the user at the time of registration. The relationship between MSC/VLR and the AuC can be illustrated in figure 2.2.
Figure 2.2: Authentication of user during roaming