Mobile Communication and Third Generation Wireless Networks by dec0de dec0de@to2600.org So yeah, it's 1:35AM on May 7th and I'm finally getting around to writing a file for The Clone, who has been on my ass for the past few months to hurry up and finally write him some files. I could blame the fact I was in school working to earn a telecommunications degree, but let it be known that I am just one lazy motherfucker. I don't know if this article is going to be any good, but I hope someone gets something out of it. [--1.0-- Traditional Access Methods] First off, let's start from stratch. Before we can understand these new protocols used in 3G, we need to understand the older traditional methods of accessing the mobile phone system. - AMPS (Advanced Mobile Phone Service) Developed in the early 1980s by AT&T, AMPS is the older analog system that operates in the 800MHz band. In the US and Canada, two 25MHz bands are allocated to AMPS, one for transmission to the base station (869-894MHz) and one for the base station to transmit to the mobile (824-849MHz). Channels are spaced 30kHz apart which gives room for 832 of them, however 21 of these channels are used for control which operates at 10 kbps. How the 832 channels are divided up is negotiated between the mobile providers. Still used today in more remote parts of the world, AMPS is the old bastard of the mobile phone community. With the growing number of subscribers, the analog system can not keep up with today's growing demands. - TDMA (Time-Division Multiple Access) One of the first digital systems used to replace the AMPS system. TDMA provided up to 3 times the number of calls a standard AMPS system could by using a time-sharing protocol giving a 3:1 improvement ratio over AMPS. This is done by a combination of dividing AMPS' 30kHz channels into subchannels and dividing those radio frequencies into time slots and then allocating these slots to multiple calls. Multiple calls can be made on the same frequency. TDMA has a data rate of 8 kbps - enough for voice, but slow for data (WAP). The majority of Rogers' digital network is TDMA. - CDMA (Code-Division Multiple Access) A successor to TDMA, CDMA allows up to 10 times for capacity as an AMPS system by using Spread Spectrum technology, a technology that was previously reserved for military use where it was immune to jamming. It can also be used as a way of hiding and encrypting signals. Let's make sense of how this works. We start with the data bit rate, and we break each bit into additional bits (k chips) which is a specific code to each user. For this example, we'll use 6-bit chip codes. User A - < 1, 0, 0, 1, 0, 1> User B - < 1, 1, 0, 0, 1, 1> Let's say User B wants to transmit a 1 bit. To transmit a 1 bit, his mobile will transmit <1, 1, 0, 0, 1, 1>. Now wait a minute, what happens if User B wants to transmit a 0 bit? You take the complement of the chip code, therefore, to transmit a 0 bit, the mobile will send < 0, 0, 1, 1, 0, 0,>. How does this allow for more calls you ask? Well, channels can be more tightly squished because the base station will be looking for the correct chip code to distinguish the calls. So even if signals cross into each other, the base station will know which user to filter out of the channel. The 6-bit code we used in this example is not effective enough to do this though, and that's why most practical systems use 100-bit or greater codes. In this case, the ability of the filter to remove unwanted codes can be quite effective. All this bandwidth comes at a price though, and CDMA requires a 19.2 kbps data rate. CDMA is used by Telus and Bell Canada and was developed by Qualcomm. - GSM (Global Standard Mobile for Communications) The idea of GSM was to develop a standard many companies could adopt all over the world, thus creating a world wide network any GSM compliant phone could use. It is a combination of TDMA and FDMA (Frequency Division Multiple Access) with the use of strong security and voice codecs. It's spectral allocation is 25MHz for base transmission (935-960MHz) and 25MHz for mobile transmission (890-915MHz), but there are additional systems which use 1800MHz and 1900MHz (DCS-1800 and DCS-1900 respectively). There are frequency carriers every 200kHz, which provide 124 full-duplex channels. These channels are modulated at 270.833 kbps. GSM subchannels have a data rate of 13 kbps, so 270.833/13 is 90 calls per channel. Microcell (Fido) and Rogers use GSM. For more information in GSM Security, I suggest you read the "The GSM Security Technical Whitepaper for 2002" by RT and The Clone. http://www.hackcanada.com/blackcrawl/cell/gsm/gsm_security.html [--2.0-- What is Third Generation Wireless Communication?] Well, unless you've been living under a rock for the past year (or in Edmonton) you'd know that the initiative called "Third Generation Wireless" (3G for short) is the idea to provide fairly high speed wireless communication to support multimedia, data and video in addition to the normal voice service. The ITU's definition of 3G is as follows: - Voice quality comparable to the Public Switched Telephone Network (PSTN) - 144 kbps service to large areas (country) - 384 kbps to 2.048 Mbps service to smaller areas (cities) - Support for both packet switched and circuit switched data services - More efficient use of the radio spectrum in general - A crap load of bandwidth Basically, the movement towards a global 3G infrastructure is as follows; 1G 2G 2.5G 3G voice -> voice/data -> fast voice/data -> data ----- ---------- --------------- ------ cdma cdma cdma2000 w-cdma tdma tdma gprs cdma2000 3X gsm gsm edge amps (a combination) [--2.1-- 2.5 & 3G Protocols] - GPRS (General Packet Radio Service) GPRS is a new non-voice data option being added to existing TDMA and GSM networks as a 2.5G solution to bring the Internet to cell phones. GPRS takes advantage of the short-bursty nature of IP packets by grabbing up time slots usually allocated to voice channels to move data. Because most data sessions do not involve being connected to the network continuously, GPRS is a very viable solution. Each voice channel is divided up into 8 time slots, thus providing 13.4 kbps bandwidth. Currently, there are three types of GPRS enabled mobile phones: Type 2+1 - 2 slots download, 1 slot upload Type 3+1 - 3 slots download, 1 slot upload Type 4+1 - 4 slots download, 1 slot upload Theoritically GPRS has a maximum data rate of 171.2 kbps per channel but today a user could expect a maximum of 53.6 kbps (4 x 13.4 kbps). GPRS is a 2.5G solution that will eventually move over to CDMA. - CDMA2000 (Code Division Multiple Access 2000) a.k.a. 1X CDMA2000 is the evolution of the current CDMA standard, cdmaOne. 1X (Phase One) offers approximately twice the voice capacity of cdmaOne, average data rates of 144 kbps and backward compatibility with cdmaOne networks. This is accomplished by using the current 1.25MHz channel with a more efficient modulisation scheme to double to number of voice and data channels. Phase Two of CDMA2000 called 1XEV-DO is the implentation of a true data channel. 1XEV-DO (Data Only) will provide data rates up to 2.048 MBps, but it will not be until 1XEV-DV (Data & Voice) that users will have a complete multimedia experience. 1X is a 2.5G solution. 3X is the next step in CDMA evolution. Instead of using the old IS-95 standard of 1.25MHz channels, 3X will use 3.75MHz a channel in the 5MHz frequency range. The remaining 1.25MHz will be used as buffer zones for the lower and upper bands. 3X is a 3G solution. - Wideband CDMA (Wideband Code Division Multple Access) W-CDMA is the final step in CDMA evolution. Unfortunately as of right now, CDMA2000 and W-CDMA are not compatible as they use different channel codes and synchonization procedures. W-CDMA will use the entire 5MHz channel providing up to 2.048 MBps. W-CDMA is a 3G solution. - EDGE (Enhanced Data Rates for GSM Evolution) This technology works over existing TDMA channels providing up to 384 kbps data rate ONLY if the quality of TDMA channels inproves in the future. It uses the same 200kHz channels with 8 timeslots with a more effective modulation scheme - instead of 14.4 kbps, EDGE can do 48 kbps. EDGE is a 2.5G solution that I believe failed to meet up GPRS and CDMA2000 quickly enough. [--3.0-- Outro] There you have it, a brief rundown on 1 - 3G protocols we're going to be seeing in the future. So I hope someone out there got something out of this article, and I promise to write more technical papers rather then this type. I'd really like your comments on this seeing it's my first real file... so please shoot me an email. [--3.1-- Shouts] ..::: shouts to The Clone, Magma, caesium, Kris, asher, coercion, hackcanada, all my friends from toronto.2600 and my friends in the t-com massive. ..::: www.to2600.org - irc.to2600.org #to2600 ..::: www.nettwerked.net ..::: www.hackcanada.com ..::: www.uecanada.ca ..::: : Inf with a Key.