Mobile communication networks (EC505) question and

answer bank
S2 M.E Communication systems
Prepared by
Dr.Jayakumari.J
Professor/ECE
N.I. University
1

UNIT I
Two marks questions
1.
Mention the different types of random access protocols.
ALOHA, Slotted ALOHA, Carrier Sense Multiple Access, Carrier Sense
Multiple Access /Collision Detection.
2.
Distinguish between 1G and 2G cellular networks.
First generation cellular systems introduced in early 1980 s were based on
analog FM technology and designed to carry narrow band circuit switched
voice services. Second generation cellular systems introduced in early 1990 s
use digital modulation and offers more spectral efficiency and voice quality.
3.
Define a cell.
In mobile communication, the coverage area is divided into smaller areas
which are each served by it s own base station. These smaller areas are
called cells.
4.
What is frequency reuse?
Spatially reusing the available spectrum so that the same spectrum can
support multiple users separated by a distance is called frequency reuse.
5.
What are the various types of wireless network topologies?
Infrastructure network topology and ad hoc topology.
6.
Mention the various multiple access schemes used in wireless
communication.
Frequency Division Multiplexing Access, Time Division Multiplexing Access
and Code Division Multiplexing Access
7.
What is co-channel interference?
Interference between signals from co channels are termed as co channel
interference
8.
What is adjacent channel interference?
Interference resulting from signals which are adjacent in frequency to the
desired signal is called adjacent channel interference.
9.
Mention the different types of cells.
2

Femto cells, pico cells, micro cells, macro cells and mega cells.
10. What is a picocell?
Small cells inside a building that support local indoor networks such as
wireless LANs. Size of these cells are in the range of few tens of meters.
11. What is cellular topology?
Cellular topology refers to infrastructure topology employing frequency reuse
concept.
12. What are the various channel allocation techniques used in cellular
communication?
Fixed Channel Allocation, dynamic channel allocation and hybrid channel
allocation.
13. What is mobility management?
Mobility management refers to the operations required for tracking the mobile
and restructuring existing connections as it moves. Mobility management
consists of Location management and Handoff management
14.What is a cluster?
The N cells which collectively use the complete set of available frequencies is
called a cluster.
15.Distinguish between 3G and 4G cellular networks.
Details 3G including 2.5G (EDGE) 4G
Major requirement driving
architecture
Predominantly voice driven,
data was always add on
Converge data and voice
over IP
Network architecture Wide area cell-based Hybrid-integration of
WLAN (WiFi, Bluetooth)
and wireless wide-area
networks
Speeds 384 kbps to 2 Mbps 20 to 100 Mbps in mobile
mode
Frequency band Dependent on country or
continent (1.8 to 2.4 GHz)
Higher frequency bands
(2 to 8 GHz)
Bandwidth 5 to 20 MHz 100 MHz or more
3

Switching design basis Circuit and packet All digital with packetized
voice
Access technologies WCDMA, cdma2000 OFDM and multicarrier
(MC)-CDMA
Component design Optimized antenna design,
multiband adapters
Smart antenna, software
defined multiband and
wideband radios
Mobile top speed 200 km/h 200 km/h
16.What is radio resource management?
Radio resource management refers to the control signalling and associated protoc
ols
employed to keep track of relationships between signal strength, available radio
channels in a system so as to enable a mobile station or the network to optional
ly
select the best radio resources for communication.
17.What are the technical issues in planning of a cellular network?
i.
Selection of frequency reuse pattern for different radio transmission
techniques
j.
Physical deployment and radio coverage modelling
k.
Plans to account for the growth of the network
l.
Analysis of the relationship between the capacity, cell size and the
cost of infrastructure
18.Define location management and handoff management.
Location management refers to the activities a wireless network should perform i
n
order to keep track of where the mobile is.
Handoff management handles the messages required to make the changes in the
fixed network to handle the change in location during a ongoing communication.
19.What is cell splitting?
This is the process of subdividing a congested cell into smaller cells, each wit
h it s
own base station and a corresponding reduction in antenna height and transmitter
power. Cell splitting increases the capacity of a cellular system since it incre
ases the
number of times that channels are reused.
20.What is cell sectoring?
4

The co channel interference in a cellular system may be decreased by replacing a

single omni directional antenna at the base station by several directional anten
nas,
each radiating within a specified sector. By using directional antennas, a given
cell
will receive interference and transmit with only a fraction of the available co
channel
cells. This technique for reducing co channel interference and thus increasing
system performance by using directional antennas is called sectoring.
21. What is trunking efficiency ?
It is a measure of the number of users which can be offered a particular GOS wit
h
a particular configuration of fixed channels.
22. What are the different types of Hand over?
Intra-satellite hand over
Inter-satellite hand over
Gateway hand over
Inter-system hand over
23. What is the necessity of Standards?
Standards help to ensure or promote the following;
Wide variety of products and services to customers
Interoperability between products and services made by different vendors.
Easier introduction of PCS products into the national market.
Healthy competitiveness among vendors, which in turn may lead to reduced
cost and improved product quality.
Development and innovation according to common guidelines.
More accessible services to customers
24. What are the applications of a satellite system?
Weather forecasting.
Radio and TV broadcast satellites.
Military services.
Navigation.
25. Give the benefits of paging systems?
Wide spread coverage
Long battery life
Small light weight sets
Economical

26. What is a page?

It is a brief message which is broadcast over the entire service area, usually i
n
a simulcast fashion by many base stations at the same time.
27. What are the channels used in mobile communication systems?
1.
Forward voice channels (FVC)
2.
Reverse voice channels (RVC)
3.
Forward control channels (FCC)
4.
Reverse Control channels (RCC)
28. What are the basic units of a Cellular system?
Mobile stations
Base stations
Mobile Switching Center (MSC) or Mobile Telephone Switching Office
(MTSO).
29. What are the classifications of Wireless technologies and systems?
Cellular mobile radio systems
Cordless telephones
Wide-area wireless data systems
High-speed WLANs
Paging/messaging systems
Satellite-based mobile systems
30. What are the limitations of conventional mobile telephone system?
Limited service capability
Poor service performance
Inefficient frequency spectrum utilization
31. What are the disadvantages of cellular systems with small cells?
Requires complex infrastructure
Requires frequent hand-over
Involves complicated frequency planning
32. Define BCA.
Borrowing Channel Allocation is a method by which more frequencies are
allotted dynamically for high traffic cells.
6

33. What is breathe?

The cells in which the frequency allocation is based on CDMA technique
are called as breathe.
34. Why 800 MHz frequency is selected for mobiles?
Fixed Station Services -30 MHz to 100 MHz
Television Broadcasting -41 MHz to 960 MHz
FM Broadcasting -100 MHz
Air to Ground system -118 MHz to 136 MHz
Maritime mobile services -160 MHz
Military Aircraft use -225 MHz to 400 MHz
Frequency bands between 30 MHz to 400 MHz is crowded with large number
of services and above 10 GHz is not used due to propagation path loss,
multipath fading and improper medium due to rain activity. So 800 MHz is
chosen for mobile communication.
35. State the two different types of fading.
Long term fading & short term fading.
36. Define rayleigh fading.
It refers to the variation in the received signal which is due to the waves
reflected from surrounding buildings and other structures.
37. Define the term coherence bandwidth.
It is defined as the bandwidth in which either the amplitudes or the phases of
two received signals have a high degree of similarity.
38. What is direct wave path ?
It is the path which is clear from the terrain contour.
39. State the different analog systems available in 1G.
Advanced Mobile Phone System
European Total Access Communication System
7

Nippon Telephone and Telegraph

40. What are the different digital cellular systems available in 2G.
Global system Mobile
Interim Standard -136
Pacific digital Cellular
Interim Standard -95
41. Mention the function of the base station.
The base station serves as a bridge between all mobile users in the cell and
connects the simultaneous mobile calls via telephone lines or microwave links to
the
mobile switching center(MSC)
42. What are the functions of MSC?
The MSC coordinates the activities of all the base stations and connects the ent
ire
cellular system to the PSTN.
43. Define foot print.
The actual radio coverage of a cell is known as the foot print. It is determined
from field measurements or propagation prediction models.
44. Define Dwell time.
The time over which a call may be maintained within a cell without handoff, is
called the dwell time.
45. State the methods used for handoff.
Mobile Controlled Handoff
Network Controlled Handoff
Mobile Assisted Handoff
46. State the types of modulation schemes used in mobile communication.
Gaussian minimum shift keying
Differential Quadrature Phase Shift Keying.
47. Explain free space propagation model.
This model is used to predict the received signal strength, when there is
unobstructed line-of-sight between the transmitter and receiver. The free
space power received by the receiving antenna which is separated from a
radiating transmitter antenna by a distance d is given by
8

PG
G
l2
t
t
r
P
r
(
)
=
d
(4p)2 d
2 L
where Pr(d) is the received power, Pt is the transmitted power, Gt is the
transmitter antenna gain, Gr is the receiver antenna gain, L is the loss factor
and .
is wavelength in meters.
48. Define radar cross section.
Radar cross section of a scattering object is defined as the ratio of the power
density of the signal scattered in the direction of the receiver to the power de
nsity of
the radio wave incident upon the scattering object and has units of square meter
s.
49. What is far-field region?
The far-field or fraunhofer region, of the transmitting antenna is defined as th
e
region beyond the far-field distance df , which is related to the largest linear
dimension of the transmitter antenna aperture and the carrier wavelength.
50. What is the need of bistatic radar equation ?
The bistatic radar equation may be used to compute the received power due
to scattering in the far field in the urban mobile radio systems.
51. Name some of the outdoor propagation models.
Longely-Rico model
Durkin,s model
Okumura model
52. What are the effects of fading?
a.
Rapid changes in signal strength over a small travel distance or time interval
b.
Random frequency modulation due to varying Doppler shifts on different
multipath signals
c.
Time dispersion(echoes) caused by multipath propagation delays
53. Expand PCS, PLMR, NLOS and DECT.
PCS -Personal Communication Systems.
PLMR
Public Land Mobile Radio

NLOS
DECT

Non Line Of Sight

Digital Equipment Cordless Telephone

54. Mention the three partially separable effects of radio propagation.

The three partially separable effects of radio propagation are,
Multi path fading
Shadowing
Path loss
9

55. Mention the basic propagation mechanisms, which impact propagation in

mobile communication.
The basic propagation mechanisms are,
Reflection
Diffraction
Scattering
56. What is reflection?
Reflection occurs when a propagating electromagnetic wave impinges upon
an object, which has very large dimension when compared to the wavelength
of propagating wave.
57. What is diffraction?
Diffraction occurs when the radio path between the transmitter and receiver is
obstructed by a surface that has sharp irregularities.
58. What is scattering?
Scattering occurs when the medium through which the wave travels consists
of objects with dimensions that are small compared to the wavelength and
where the number of obstacles per unit volume is large.
59. Define Brewster angle?
The Brewster angle is the angle at which no reflection occurs in the medium
of origin. It occurs when the incident angle is such that the reflection
coefficient Is equal to zero.
60. . What are the principles of Cellular Architecture?
Low power Transmitters and Coverage Zones.
Frequency Reuse.
Cell splitting to increase Capacity.
Hand off and Central Control.
61. Define adaptive equalizer.
To combat ISI, the equalizer coefficients should change according to the
channel status so as to track the channel variations. Such an equalizer is calle
d an
adaptive equalizer since it adapts to the channel variations.
62. Where is decision feedback equalizer used?
The decision feedback equalizer is particularly used for channels with severe
amplitude distortions and has been widely used in wireless communications.
10

63. Write the basic algorithms used in adaptive equalization.

Zero forcing algorithm
Least Mean square algorithm
Recursive Least square algorithm
64. What is EIRP?
Effective isotropic radiated power is referenced to an isotropic source. The
difference between ERP and EIRP is 2dB
ERP=EIRP-2dB
65. What is PHP?
PHP means Personal Handy Phone System. It is otherwise called PHS. PHP
is a wireless communication TDD System which supports personal
communication services (PCS). It uses small, low-complexity light weight
terminals called Personal Stations (PSS).
66. Write down the applications of PHP?
PHP can be used for,
* Public Telephone
* Wireless PBX
* Home Cordless Telephone
* Walkie
talkie communication.
67 What are the features of PHP?
* Wider Coverage per cell.
* Operation in a mobile Outdoor environment,
* Faster and distributed control of handoffs.
* Enhanced authentication
* Encryption
* Privacy
* Circuit and packet-oriented data services.
68. What are the logical channels that the control channel consists?
* Broadcast control channel.
* Common control channel.
* User packet channel.
* Associated control channel.
69. What is BCCH?
11

Broadcast control channel is a one way down link channel for broadcasting
control information from CS to PS.
70. What is CCCH?
CCCH is Common Control Channel Which sends out the control information
for call connection.
71. What is SIM?
SIM, which is memory device that store information such as the subscriber
identity number, the network and countries where the subscriber is entitled to
service, private key, and other user specified information.
72. What are main subsystems of GSM architecture?
i) Base station subsystem (BSS)
ii) Network &switching subsystem (NSS)
iii) Operation support subsystem (OSS)
73. What are frequencies used in forward and reverse link frequency in GSM?
(890-915) MHz-reverse link frequency
(935-960) MHz-forward link frequency
63. What are the channel types of GSM system?
i) GSM traffic channel
ii) GSM control channel
1. Broad cost channel
2. Common control channel
3. Dedicated control channel
74. What is CDMA digital cellar standard (is 95)?
IS-95-interim standard
IS 95 allows each user with in the a cell to use the same radio channel and
user in adjacent cell also use the same radio channel since this is a direct
sequence spread spectrum CDMA system.
75. What are frequencies used in forward and reverse link frequency in IS-95?
(824-849) MHz-reverse link frequency
(869-894) MHz-forward link frequency
12

76. If a cellular operator is allocated 12.5 MHz for each simple s band and if
bandwidth is 12.5MHz guardband is 10 KHz & Bc=10khz find the number of
channel available in an FDMA system.
N= (bt --2 bguard) / Bc =(12.5 MHz-2(10 KHz))/ 10khz =416channel
77. State certain access technologies used in mobile satellite communication
systems.
FDMA, TDMA and CDMA.
78 State the different types of handoffs.
Soft handoff, hard handoff, forced handoff, delayed handoff and mobile
associated handoff.
79. What is intersystem handoff ?
During a course of a call, if a mobile moves from one cellular system to a
different cellular system controlled by a different MSC it is referred as
intersystem handoff.
80. State the expression that relates co channel reuse ratio (Q) to radius (R) o
f
a cell
Q = D/R
D Distance between center of co channel cells
81. State the expression used to locate co channel cells.
N = i2 + ij + j2
82. Define the term dwell time.
The time over which a call may be maintained within a cell without handoff.
83. State the advantage of umbrella cell approach.
It provides large area coverage to high speed users while providing small area
coverage to users traveling at low speeds.
84. Define co channel cells.
The cells that operate with the same set of frequencies are referred as co
channel cells.
85. Define the term Erlong.
13

One Erlong represents the amount of traffic intensity carried by a channel that
is completely occupied.
86. State the relation between traffic intensity (Au) and holding time (H).
Au = lH.
l = request rate
87. State the two types of trunked system.
Blocked call cleared system and Delayed call cleared system
88.How many co channel interferes are present in the first tier for a cluster si
ze
of 7?
Six
89.What is CDPD?
CDPD is a Cellular packet digital Data System that uses packet switched data
The bit rate in the RF channel for CDPD is !9.2kbps
90.Write some features of TDMA?
*In TDMA , no. of time slots depends upon modulation technique ,available
bandwidth
*Data transmission occurs in bursts
*It uses different time slots for transmission and reception, then duplexers are
not required
*Adaptive equalization is necessary
* Guard time should be minimized
91Write some features of CDMA?
*In CDMA system, many users share the same frequency either TDD or FDD
may be used
*Channel data rate is high
*Multipath fading may be substantially reduced
*CDMA uses co channel cells, it can use macroscopic spatial diversity to
provide soft hand off
92.Write the features of DECT?
DECT provides a cordless communication framework for high traffic
intensity, short range telecommunication and covers a broad range of
applications and environment
It supports telepoint services
14

 It provides low power radio access between portable parts and fixed base
station s at ranges of upto a few hundred meters
93.What are the interfaces used in the GSM?
GSM radio air interface
Abis interface
A interface
94.What are the types of services in GSM?
Tele sevices and Data services
95.Write some third generation wireless standards.
Personal communication system
IMT-2000
UMTS
96.What is Bluetooth?
It is an open standard that provides an ad-hoc approach for enabling various
devices to communicate with one another within nominal 10 meter range. It
operates in the 2.4 Ghz ISM band and uses frequency hopping TDD scheme
for each radio channel
97.What is the forward and reverse link frequency for AMPS?
(890-915) MHz-reverse link frequency
(935-960) MHz-forward link frequency
98.Write the specifications of DECT ?
Frequency band 1880-1900Mhz
No. of carriers -10
RF channel bandwidth -1.728MHz
Multiplexing FDMA/TDMA
Duplex-TDD
99.What is near-far effect in wireless network?
When used with FM or spread spectrum modulation, it is possible for the
strongest user to successfully capture the intended receiver , even when
many users are also transmitting . If the closest transmitter is able to capture
a receiver because of small propagation path loss, it is called as near -far
effect in wireless network
100. Write some standards used in 3G system
W-CDMA, UMTS
15

Six marks questions

1. Explain the principle of frequency division multiple access.
Frequency division Multiple Access (FDMA) is a technology whereby the total
amount of spectrum is divided in a number of channels. Each channel can be
assigned to a different user. FDMA is commonly used in analog mobile radio,
including analogue cellular mobile telephone systems like AMPS, NMT and
TACS. Between the different used frequency channels is a small amount of
bandwidth not used. This space is called a guard band. This bandwidth is
necessary to cater for instability of the sender, frequency shifts due to
movement (the Doppler effect) and no-ideal filtering. FDMA is usually
implemented either in narrowband systems or to produce few subchannels
combined with other multiple access techniques (e.g., TDMA,CDMA). In
narrowband FDMA systems, the symbol time is usually large as compared
with the average delay spread, and hence, the amount of ISI is low and no
equalization is required. Furthermore, few bits are needed for overhead
purposes such as synchronization and framing as compared to TDMA. FDMA
systems have to cope with intermodulation (IM) products interference.Real
systems almost always include an FDMA component. In cellular systems, the
two directions, base to mobile station and vice versa, are usually separated in
frequency. This scheme is called FDD. Of course, both receiver and
transmitter have to know the frequencies in advance since the receiver must
be able to tune properly. It is not possible to jump arbitrarily in the frequenc
y
domain, contrary to what can be done in the time domain.
The principle of FDMA.
16

2.Give the comparison between fixed channel allocation and dynamic channel
allocation.
Channel allocation deals with the allocation of channels to cells in a cellular
network. Once the channels are allocated, cells may then allow users within the
cell to communicate via the available channels. Channels in a wireless
communication system typically consist of time slots, frequency bands and/or
CDMA pseudo noise sequences, but in an abstract sense, they can represent
any generic transmission resource. There are two major categories for assigning
these channels to cells (or base-stations). They are
Fixed Channel Allocation,
Dynamic Channel Allocation
Fixed Channel Allocation
Fixed Channel Allocation (FCA) systems allocate specific
channels to specific cells. This allocation is static and
can not be changed. For efficient operation, FCA
systems typically allocate channels in a manner that
maximizes frequency reuse. Thus, in a FCA system, the
distance between cells using the same channel is the minimum reuse distance for
that system. The problem with FCA systems is quite simple and occurs whenever
the offered traffic to a network of base stations is not uniform. Consider a cas
e in
which two adjacent cells are allocated N channels each. There clearly can be
situations in which one cell has a need for N+k channels while the adjacent cell
only
requires N-m channels (for positive integers k and m). In such a case, k users i
n the
first cell would be blocked from making calls while m channels in the second cel
l
would go unused. Clearly in this situation of non-uniform spatial offered traffi
c, the
available channels are not being used efficiently. FCA has been implemented on a
widespread level to date.
17

Dynamic Channel Allocation

Dynamic Channel Allocation (DCA) attempts to alleviate the problem mentioned for
FCA systems when offered traffic is non-uniform. In DCA systems, no set
relationship exists between channels and cells. Instead, channels are part of a
pool
of resources. Whenever a channel is needed by a cell, the channel is allocated
under the constraint that frequency reuse requirements can not be violated. Ther
e
are two problems that typically occur with DCA based systems.
First, DCA methods typically have a degree of randomness associated with
them and this leads to the fact that frequency reuse is often not maximized
unlike the case for FCA systems in which cells using the same channel are
separated by the minimum reuse distance.
Secondly, DCA methods often involve complex algorithms for deciding which
available channel is most efficient. These algorithms can be very
computationally intensive and may require large computing resources in order
to be real-time.
3.Write short note on Interim Standard-136.
IS-136 is a second-generation mobile phone systems, known as Digital
AMPS (D-AMPS). This system is most often referred to as TDMA. That name
is based on the acronym for time division multiple access, a common multiple
access technique which is used by multiple protocols, including GSM, as well
as in IS-54 and IS-136. However, D-AMPS has been competing against GSM
and systems based on code division multiple access (CDMA) for adoption by
the network carriers, although it is now being phased out in favor of GSM/
GPRS and CDMA2000 technology.
D-AMPS uses existing AMPS channels and allows for smooth transition
between digital and analog systems in the same area. Capacity was
increased over the preceding analog design by dividing each 30 kHz channel
pair into three time slots (hence time division) and digitally compressing the
18

voice data, yielding three times the call capacity in a single cell. A digital
system also made calls more secure because analog scanners could not
access digital signals. IS-136 added a number of features to the original IS-54
specification, including text messaging, circuit switched data (CSD), and an
improved compression protocol. SMS and CSD were both available as part of
The technical specifications can be summarized as below:
Mobile Frequency Range Rx: 869-894 MHz; Tx: 824-849 MHz
Multiple Access Method TDMA/FDM
Duplex Method FDD
Number of Channels 832 (3 users per channel)
Channel Spacing/Bandwidth 30 kHz
Modulation p/4 DQPSK
Channel Bit Rate 48.6 kbit/s
Spectrum Efficiency 1.62 bit/s/Hz
Equalizer Unspecified
Interleaving 2 slot interleaver
4.Explain in detail the fading effects in wireless channel.
In wireless communications, fading is deviation of the attenuation that a carrie
rmodulated telecommunication signal experiences over certain propagation
media. The fading may vary with time, geographical position and/or radio
frequency, and is often modelled as a random process. A fading channel is a
communication channel that experiences fading. In wireless systems, fading may
either be due to multipath propagation, referred to as multipath induced fading,
or
due to shadowing from obstacles affecting the wave propagation, sometimes
referred to as shadow fading. The terms slow and fast fading refer to the rate a
t
which the magnitude and phase change imposed by the channel on the signal
changes. The coherence time is a measure of the minimum time required for the
19

magnitude change of the channel to become uncorrelated from its previous

value.
Slow fading
arises when the coherence time of the channel is large relative to the
delay constraint of the channel. In this regime, the amplitude and phase
change imposed by the channel can be considered roughly constant over
the period of use. Slow fading can be caused by events such as
shadowing, where a large obstruction such as a hill or large building
obscures the main signal path between the transmitter and the receiver.
The amplitude change caused by shadowing is often modeled using a lognormal
distribution with a standard deviation according to the log-distance
path loss model.
Fast fading
occurs when the coherence time of the channel is small relative to the
delay constraint of the channel. In this regime, the amplitude and phase
change imposed by the channel varies considerably over the period of
use.
In a fast-fading channel, the transmitter may take advantage of the variations i
n
the channel conditions using time diversity to help increase robustness of the
communication to a temporary deep fade. Although a deep fade may temporarily
erase some of the information transmitted, use of an error-correcting code
coupled with successfully transmitted bits during other time instances
(interleaving) can allow for the erased bits to be recovered. In a slow-fading
channel, it is not possible to use time diversity because the transmitter sees o
nly
a single realization of the channel within its delay constraint. A deep fade
therefore lasts the entire duration of transmission and cannot be mitigated usin
g
coding. The coherence time of the channel is related to a quantity known as the
Doppler spread of the channel. When a user (or reflectors in its environment) is
20

moving, the user's velocity causes a shift in the frequency of the signal
transmitted along each signal path. This phenomenon is known as the Doppler
shift. Signals travelling along different paths can have different Doppler shift
s,
corresponding to different rates of change in phase. The difference in Doppler
shifts between different signal components contributing to a single fading chann
el
tap is known as the Doppler spread. Channels with a large Doppler spread have
signal components that are each changing independently in phase over time.
Since fading depends on whether signal components add constructively or
destructively, such channels have a very short coherence time.
5. Explain the Power Control mechanism in CDMA
A proper power control on both the uplink and downlink has several
advantages: System capacity is improved or optimized. Mobile battery life is
extended. Radio path impairments are properly compensated for. Quality of
service (QoS) at various bit rates can be maintained. The reverse link (uplink)
uses a combination of open loop and closed loop power control to command
the mobile station to make power adjustments The mobile station and the
base station receiver measure the received power and use the measurements
to maintain a power level for adequate performance. The mobile unit
measurement is part of the open loop power control while the base station
measurement is part of the closed loop power control. In the closed loop
mode, the mobile station transmitter power is controlled by a signal from the
base station site. Each base station demodulator measures the received SNR
for that mobile station and sends a power command either to increase or
decrease mobile station power. The measure-command-react cycle is
performed at a rate of800 times per second for each mobile station in IS-95.
The power adjustment command is combined with the mobile s open loop
estimate and the result is used to adjust the transmitter gain. This solves the
near far interference problem, reduces interference to other mobiles using the
same. CDMA radio channel, helps to overcome fading, and conserves battery
power in portable and mobile units. On the uplink, the objective of the mobile
station is to produce a nominal received power signal at the base station
receiver. Regardless of the mobile s position or propagation loss, each mobile
21

should be received at the base station with almost the same power level. If
the mobile s signal arrives at the base station with a lower power level than
the required power level, its error rate performance will be high. On the other
hand, if the mobile s signal is too high, it will interfere with other users with
the
same CDMA radio channel causing performance degradation unless the
traffic load is decreased. Similarly, a combination of open loop and closed
loop power control is used on the forward link (downlink) to keep SNR at the
mobile almost constant. Forward link power control mitigates the corner
problem. Mobiles at the edges of cells normally require more power than
those close to the center of the base station for two reasons: more
transmission loss and more interference from adjacent base stations. This is
known as the corner problem. Forward link power control minimizes
interference to mobiles in the same base station (in multipath environments)
as well as mobiles in other base stations. Using the downlink power control,
the base station transmits the minimum required power, hence, minimizes the
interference to mobiles in the surrounding base stations. The outer loop power
control is the finer power control over the closed loop power control. It adjust
s
the target signal-to-interference ratio (SIR) in the base station according to t
he
needs of the individual radio links and aims at a constant quality, which is
usually defined as a certain target bit error rate (BER) or frame error ratio
22

(FER). The required SIR depends on the mobile speed and multipath profile.
The outer loop power control is typically implemented by having the base
station to each uplink user data frame with frame quality indicator, such as a
cyclic redundancy check (CRC) result, obtained during decoding of the
particular user data frame.
6. Explain the channels in GSM
GSM uses a variety of channels in which the data is carried. In GSM, these
channels are separated into physical channels and logical channels. The
Physical channels are determined by the timeslot, whereas the logical
channels are determined by the information carried within the physical
channel. It can be further summarised by saying that several recurring
timeslots on a carrier constitute a physical channel. These are then used by
different logical channels to transfer information. These channels may either
be used for user data (payload) or signalling to enable the system to operate
correctly.The channels may also be divided into common and dedicated
channels. The forward common channels are used for paging to inform a
mobile of an incoming call, responding to channel requests, and broadcasting
bulletin board information. The return common channel is a random access
channel used by the mobile to request channel resources before timing
information is conveyed by the BSS.The dedicated channels are of two main
types: those used for signalling, and those used for traffic. The signalling
channels are used for maintenance of the call and for enabling call set up,
providing facilities such as handover when the call is in progress, and finally
terminating the call. The traffic channels handle the actual payload.
The following logical channels are defined in GSM:
TCHf -Full rate traffic channel.
TCH h -Half rate traffic channel.
23

BCCH -Broadcast Network information, e.g. for describing the current

control channel structure. The BCCH is a point-to-multipoint channel
(BSS-to-MS).
SCH -Synchronisation of the MSs.
FCHMS -frequency correction.
AGCH -Acknowledge channel requests from MS and allocate a
SDCCH.
PCHMS -terminating call announcement.
RACHMS -access requests, response to call announcement, location
update, etc.
FACCHt -For time critical signalling over the TCH (e.g. for handover
signalling). Traffic burst is stolen for a full signalling burst.
SACCHt -TCH in-band signalling, e.g. for link monitoring.
SDCCH -For signalling exchanges, e.g. during call setup, registration /
location updates.
FACCHs -FACCH for the SDCCH. The SDCCH burst is stolen for a
full signalling burst. Function not clear in the present version of GSM
(could be used for e.g. handover of an eight-rate channel, i.e. using a
"SDCCH-like" channel for other purposes than signalling).
SACCHs -SDCCH in-band signalling, e.g. for link monitoring.
7. Explain the characteristics of HIPERLAN
HIPERLAN is a European standardization initiative for a HIgh PERformance
wireless Local Area Network. Radio waves are used instead of a cable as a
transmission medium to connect stations. Either, the radio transceiver is
mounted to the movable station as an add-on and no base station has to be
24

25
installed separately, or a base station is needed in addition per room. The
stations may be moved during operation-pauses or even become mobile. The
max. data rate for the user depends on the distance of the communicating
stations. With short distances (<50 m) and asynchronous transmission a data
rate of 20 Mbit/s is achieved, with up to 800 m distance a data rate of 1 Mbit/s
are provided. For connection-oriented services, e.g. video-telephony, at least
64 kbit/s are offered. The standard serves to ensure the possible
interoperability of different manufacturers' wireless communications
equipment that operate in this spectrum. The HIPERLAN standard only
describes a common air interface including the physical layer for wireless
communications equipment, while leaving decisions on higher level
configurations and functions open to the equipment manufacturers.
The choice of frequencies allocated to HIPERLAN was part of the 5-5.30 GHz
band being allocated globally to aviation purposes. The Aviation industry only
used the 5-5.15GHz frequency, thus making the 5.15-5.30 frequency band
accessible to HIPERLAN standards. HIPERLAN is designed to work without
any infrastructure. Two stations may exchange data directly, without any
interaction from a wired (or radio-based) infrastructure. The simplest

HIPERLAN thus consists of two stations. Further, if two HIPERLAN stations

are not in radio contact with each other, they may use a third station (i.e. the
third station must relay messages between the two communicating stations).
Products compliant to the HIPERLAN 5 GHz standard shall be possible to
implement on a PCMCIA Type III card. Thus the standard will enable users to
truly take computing power on the road.
8. Explain the characteristics of mobile ad hoc networks
Wireless, or single-hop networks, until recently were based on a fixed structure
,
basically network nodes communicating to fixed infrastructure. Mobile ad-hoc
networking offers multi-hop communication, in effect network nodes communicating
via other nodes. In situations where networks are constructed and destructed in
adhoc manner, mobile ad-hoc networking is an excellent choice. The idea of mobile
adhoc or packet radio networks has been under development since 1970s. Since the
mid-90s, when the definition of standards such as IEEE802.11 helped cause
commercial wireless technology to emerge, mobile ad-hoc networking has been
identified as a challenging evolution in wireless technology. A mobile ad-hoc ne
twork
is a collection of mobile devices equipped with a transmitter and receiver, conn
ected
in the absence of fixed infrastructure. Mobile ad-hoc network is defined with
characteristics such as purpose-specific, autonomous and dynamic. In comparison
with fixed wireless networks, there is no master slave relationship that exists
in a
mobile ad-hoc network. Nodes rely on each other to established communication,
thus each node acts as a router. Therefore, in a mobile ad-hoc network, a packet
can travel from a source to a destination either directly, or through some set o
f
intermediate packet forwarding nodes.
The control and management of mobile ad-hoc network is distributed among the
participating nodes. Each node is responsible to forward packet to other nodes i
n the
networks. The nodes are also collaborate themselves to implement network routine
functions such as security. Nodes in mobile ad-hoc network are highly mobile whi
ch
causes network topology to change rapidly and unpredictably. Moreover the
connectivity among the hosts varies with time. In most cases, mobile ad-hoc
26

networks operate on low power devices. Normally these devices have low CPU
process capability and small memory sizes, thus affect the capability of the mob
ile
ad-hoc network to reach other devices. Routing in mobile ad-hoc network, meaning
transferring packets from source to destination, is different than traditional r
outing in
a fixed network. Routing in mobile ad-hoc networking depends on many factors
which includes topology, selection of routers, initiation of request and availab
le
bandwidth.
ces. Normally these devices have low CPU
process capability and small memory sizes, thus affect the capability of the mob
ile
ad-hoc network to reach other devices. Routing in mobile ad-hoc network, meaning
transferring packets from source to destination, is different than traditional r
outing in
a fixed network. Routing in mobile ad-hoc networking depends on many factors
which includes topology, selection of routers, initiation of request and availab
le
bandwidth.
9. Explain in detail about denial of service attacks?
A denial-of-service attack (DoS attack) or distributed denial-of-service attack
(DDoS attack) is an attempt to make a computer resource unavailable to its
intended users. Although the means to carry out, motives for, and targets of a
DoS attack may vary, it generally consists of the concerted efforts of a person
or people to prevent an Internet site or service from functioning efficiently or
at
all, temporarily or indefinitely. Perpetrators of DoS attacks typically target s
ites
or services hosted on high-profile web servers such as banks, credit card
payment gateways, and even root nameservers. The term is generally used
with regards to computer networks, but is not limited to this field, for example
,
it is also used in reference to CPU resource management. One common
method of attack involves saturating the target (victim) machine with external
communications requests, such that it cannot respond to legitimate traffic, or
responds so slowly as to be rendered effectively unavailable. In general
terms, DoS attacks are implemented by either forcing the targeted
computer(s) to reset, or consuming its resources so that it can no longer
provide its intended service or obstructing the communication media between
27

the intended users and the victim so that they can no longer communicate
adequately.
A "denial-of-service" attack is characterized by an explicit attempt by attacker
s
to prevent legitimate users of a service from using that service. Attacks can be
directed at any network device, including attacks on routing devices and web,
electronic mail, or Domain Name System servers.A DoS attack can be
perpetrated in a number of ways. The five basic types of attack are:
1.
Consumption of computational resources, such as bandwidth, disk
space, or processor time
2.
Disruption of configuration information, such as routing information.
3.
Disruption of state information, such as unsolicited resetting of TCP
sessions.
4.
Disruption of physical network components.
5.
Obstructing the communication media between the intended users and
the victim so that they can no longer communicate adequately.
A DoS attack may include execution of malware intended to:
Max out the processor's usage, preventing any work from occurring.
Trigger errors in the microcode of the machine.
Trigger errors in the sequencing of instructions, so as to force the
computer into an unstable state or lock-up.
Exploit errors in the operating system, causing resource starvation and/or
thrashing, i.e. to use up all available facilities so no real work can be
accomplished.
Crash the operating system itself.
A permanent denial-of-service (PDoS), also known loosely as phlashing is
an attack that damages a system so badly that it requires replacement or
reinstallation of hardware. Unlike the distributed denial-of-service attack, a
PDoS attack exploits security flaws which allow remote administration on
the management interfaces of the victim's hardware, such as routers,
printers, or other networking hardware. The attacker uses these
28

vulnerabilities to replace a device's firmware with a modified, corrupt, or

defective firmware image a process which when done legitimately is
known as flashing. This therefore "bricks" the device, rendering it unusable
for its original purpose until it can be repaired or replaced.
The PDoS is a pure hardware targeted attack which can be much faster
and requires fewer resources than using a botnet in a DDoS attack.
Because of these features, and the potential and high probability of
security exploits on Network Enabled Embedded Devices (NEEDs), this
technique has come to the attention of numerous hacker communities.
10. What are the security threats to wireless networks?
Signals in wireless networks are omni directional and spread beyond the
desired coverage area. Due to this weakness, many active and passive
methods are available for doing attacks in wireless network transmission.
Inserting the data into wireless networks or modifying any transmitted data is
called active method whereas passive methods include monitoring the traffic
in promiscuous mode to get information about wireless networks.Major
security threats which are possible in wireless networks are as follows:
Active Scanning / Probing Threat:
The most common threat of wireless networks is doing attack by Active
software like Net Stumber (for Windows) and Dstumber (for Unix/ Linux).
These software works on the method of active scanning. Attacks transmit the
probe request to find any access point. If any access point is available, it wil
l
transmit probe response for that request. This response frame consists of
SSID, Source/Destination MAC Address. Once attack captures this response
frame, he/she has all the necessary information to enter in the network.
Hence, if there is not any strong authentication mechanism, attackers may
easily enter in the network.
Spoofing Threat:
Another major threat in wireless networks is MAC Address Spoofing which
alters the manufacture assigned MAC address to any other value. This is
29

conceptually different than traditional IP address spoofing where an attacker

sends data from any arbitrary source address and does not expect to see a
response to their actual source IP address. An attacker may choose MAC
Address Altering for several reasons, e.g. to bypass access control list, to
impersonate an already authenticated user or disguising his/her presence on
the network.
802.11 Beacon Flood Threat:
This technique requires generating thousands of counterfeit/fake 802.11
beacon frames and then transmits them on the network. Beacon frame
contains the information about SSID of the network. Hence, it becomes
difficult for the client to choose correct SSID to find a legitimate AP. There a
re
several tools available nd transmit the fake beacon frames.
Authentication/ De Authentication Flood Threat:
In this, the attacker broadcasts the association or authentication request
frames from the fake addresses to either access point (infrastructure mode) or
to clients e). So, access point or client sends reply and keep the information
about that request for some time in memory and wait for response, which is
never going to come. Thus they are loaded with false authentication/ de-n
requests and legitimate entities are put on hold for sometime, hence denying
services to them.
Threat from Unauthorized Devices:
In case of wireless networks, unauthorized access are not only limited to
clients, but it is also applicable to access points. Sometimes, an authorized
person, due to suspicious users does not plant these access points. Once
planted, this rouge access point is configured to operate on higher
broadcasting power and as a valid access point. Sometimes, the legitimate
users plant access point to improve their coverage.
Jamming Threat:
30

One of the most famous security threats for wireless networks is jamming. In
this, the attacker operates on the same frequency and channel of the target
network. He/she operates at higher power, thus disabling the actual access
point. Sometimes, the network arrives at standstill position and user fears that
network is attacked.
Man in the Middle Threat:
Wireless networks are also prone to Man in the Middle attack. In this, an
attacker sends management frames to client and force them dissociate from
valid access point and prompt them to join another fake access point setup by
an attacker posing as valid access point.
11. Describe in detail the Radio Propagation and Propagation Path-Loss
Models
Exponential growth of mobile communications has increased interest in many
topics in radio propagation. Much effort is now devoted to refine radio
propagation path-loss models for urban, suburban, and other environments
together with substantiation by field data. Radio propagation in urban areas is
quite complex because it often consists of reflected and diffracted waves
produced by multipath propagation. Radio propagation in open areas free
from obstacles is the simplest to treat, but, in general, propagation over the
earth and the water invokes at least one refl ected wave. For closed areas
such as indoors, tunnels, and underground passages, no established models
have been developed as yet, since the environment has a complicated
structure. However, when the environmental structure is random, the Rayleigh
model used for urban area propagation may be applied. When the
propagation path is on line of sight, as in tunnel and underground passages,
the environment may be treated either by the Rician model or waveguide
theory. Direct wave models may be used for propagation in a corridor. In
general, radio wave propagation consists of three main attributes: reflection,
diffraction and scattering. Reflection occurs when radio wave propagating in
31

one medium impinges upon another medium with different electromagnetic

properties. The amplitude and phase of the reflected wave are strongly
related to the medium s instrinsic impedance, incident angle, and electric field
polarization. Part of the radio wave energy may be absorbed or propagated
through the reflecting medium, resulting in a reflected wave that is attenuated.
Diffraction is a phenomenon by which propagating radio waves bend or
deviate in the neighborhood of obstacles. Diffraction results from the
propagation of wavelets into a shadowy region caused by obstructions such
as walls, buildings, mountains, and so on. Scattering occurs when a radio
signal hits a rough surface or an object having a size much smaller than or on
the order of the signal wavelength. This causes the Signal energy to spread
out in all directions. Scattering can be viewed at the receiver as another radio
wave source. Typical scattering objects are furniture, lamp posts, street signs,
and foliage.
12. Write short note on frequency reuse and hexagonal cell pattern
Frequency reuse
Cellular systems seeks to make an efficient use of available channels by
employing low-power transmitters to allow frequency reuse at much smaller
32

distances Maximizing the number of times each channel may be reused in a

given geographic area is the key to an efficient cellular system design.
Cellular systems are designed to operate with groups of low-power radios
spread out over the geographical service area. Each group of radios serve
mobile stations located near them. The area served by each group of radios is
called a cell. Each cell has an appropriate number of low-power radios to
communicate within the cell itself. The power transmitted by the cell is chosen
to be large enough to communicate with mobile stations located near the
edge of the cell. The radius of each cell may be chosen to be perhaps 28 km
(about 16 miles) in a start-up system with relatively few subscribers, down to
less than 2 km (about 1 mile) for a mature system requiring considerable
frequency reuse.
Hexagonal Cell Geometry
As the traffic grows, new cells and channels are added to the system. If an
irregular cell pattern is selected, it would lead to an inefficient use of the
spectrum due to its inability to reuse frequencies because of cochannel
interference. In addition, it would also result in an uneconomical deployment
of equipment, requiring relocation from one cell site to another. Therefore, a
33

great deal of engineering effort would be required to readjust the

transmission, switching, and control resources every time the system goes
through its development phase. The use of a regular cell pattern in a cellular
system design eliminates all these difficulties. In reality, cell coverage is an
irregularly shaped circle. The exact coverage of the cell depends on the
terrain and many other factors. For design purposes and as a first-order
approximation, we assume that the coverage areas are regular polygons. For
example, for omnidirectional antennas with constant signal power, each cell
site coverage area would be circular. To achieve full coverage without dead
spots, a series of regular polygons are required for cell sites. Any regular
polygon such as an equilateral triangle, a square, or a hexagon can be used
for cell design.The hexagon is used for two reasons: a hexagonal layout
requires fewer cells and, therefore, fewer transmitter sites, and a hexagonal
cell layout is less expensive compared to square and triangular cells. In
practice, after the polygons are drawn on a map of the coverage area, radial
lines are drawn and the signal-to-noise ratio (SNR) calculated for various
directions using the propagation
13. Write short note on medium access techniques
A typical scenario in a wireless network is shown in fig 1. The MSs have to
compete for a shared medium. Each MS has a transmitter/receiver that
communicates with other MSs.
34

Shared multiple access

medium
MS 1 MS n
MS 4
MS 3
MS 2
Shared multiple access
medium
MS 1 MS n
MS 4
MS 3
MS 2
Fig 1 Multiple access of a shared medium in wireless network
In a general scheme, transmission from any MS can be received by all other
MSs in the neighborhood. Therefore, if more than one MS attempts to transmit at
one time, collision occurs and MSs receiving the information cannot interpret or
differentiate what id being transmitted. These situations are called collisions
in the
medium. Collisions must be avoided and this is done using medium access control
(MAC) techniques. Thus the primary function of MAC is to minimize or eliminate t
he
incidence of collisions to achieve a reasonable utilization of the medium. The t
wo
basic approaches in MAC are random access and scheduling.
Random access
The different types of random access protocols are
i. ALOHA
ii. Slotted ALOHA
iii. Carrier Sense Multiple Access
iv. Carrier Sense Multiple Access with Collision Detection
Scheduling approaches to medium access control
These approaches attempt to produce an orderly access to the transmission
medium. The different types of scheduling protocols are
35

i. Reservation systems
ii. Polling
14. Explain shortly about CDMA
In the mid-l980s, several researchers saw the potential for a technology primari
ly
used in military applications to also be used for cellular communications. This
technology, spread spectrum communications, which involve transforming
narrowband information to a wideband signal for transmission, was seen as a mean
of addressing potential capacity limitations of TDMA systems (which result from
the
fact that the number of users on any single frequency is restricted by the numbe
r of
available time slots). A spread spectrum system operates by transforming the
narrowband information of an individual user into wideband information by using
high-frequency codes, each unique for that particular user. By assigning differe
nt
users unique codes, a multiple-access system is possible, i.e, code division mul
tiple
access (CDMA). Moreover, in a CDMA system, frequency reuse limitations Seen in
FDMA and TDMA systems are not quite so critical, as multiple mobile stations and
base stations can occupy the same frequencies at once. Qualcomm Incorporated in
San Diego, California, developed the first CDMA cellular system for widespread
deployment in the early 1990s, culminating with the standardization of Qualcomm'
s
CDMA solution by the Telecommunications Industry Association (TIA) in 1992.
More recently, CDMA has formed the basis for enhancing cellular systems around
the world. CDMA spread spectrum systems come in two types: frequency hopped
and direct sequence. CDMA using frequency hopping involves a user transmitting
over multiple frequencies consecutively in time in a pseudorandom manner.
Pseudorandom in this case refers to the fact that the sequence of transmission
frequencies is known at the transmitter and receiver, but appears random to any
other receiver. An example of a frequency hopping sequence is given in Figure 1.
Slow-hopping systems involve a changing of frequencies at a slower rate than the
information bit rate, whereas fast-hopping requires a much faster change of the
transmission frequency than the information bit rate. Frequency hopped systems a
re
limited by the total number of hopping frequencies available. If two users hop t
o the
same frequency at once, they will interfere with one another.Direct-sequence
36

systems work by modulating the user's information signal with a sequence known t
o
the receiver and transmitter. This sequence is generated at a much higher rate t
han
the user signal, literally "spreading" the user's signal bandwidth. This process
is
illustrated in Figure 2. All commercial cellular CDMA systems use direct-sequenc
e
spreading as opposed to frequency hopping.
Fig 1 Frequency hopping sequence
Fig 2 Direct sequence spreading of information
37

Ten Marks questions

1. Explain the development history of mobile radio systems.
1921 -Detroit Michigan Police Dept. made the earliest significant use of
Mobile radio in a vehicle in the United States. The system operated at a
frequency close to 2 MHz. The channels soon became overcrowded.
1940 -New frequencies between 30 and 40 MHz were made available.
Increasing the available channels encouraged a substantial buildup of police
systems. Shortly thereafter other users found a need for this form of
communication. Private individuals, companies, and public agencies
purchased and operated their own mobile units.
1945 -First public mobile telephone system in the U.S. was inaugurated in St.
Louis, Missouri with three channels at 150 MHz. Six channels spaced 60 kHz
apart were allocated for this service by the FCC, but the mobile equipment
was not sophisticated enough to prevent interference.
1947 -A Public mobile system using frequencies in the 35 to 44 MHz band
began operations along the highway between New York and Boston. These
frequencies were thought to carry greater distances however a problem with
skip-distance propagation carried interfering conversations for long distances.
These early mobile telephone systems used push-to-talk operation.
1949 -FCC authorized separate radio channels to common carrier entities
known as "Radio Common Carriers" (ROC). These companies do not provide
public telephone service, but interconnect to the public telephone network to
provide mobile telephone services equivalent to the wire line common
carriers.
38

1955 -Number of wire line channels available at 150 MHz was expanded
from 5 to 11 by the creation of new channels between the old ones (channel
spacing of 30 kHz).
1956 -12 wire line channels were added near 450 MHz. All systems operated
in a manual mode, with each call to or from a mobile unit being handled by a
special mobile telephone operator.
1964 -A new system (150 MHz) was developed providing automatic channel
selection for each call, eliminated the need to push-to-talk operation, and
allowed customers to do their own dialing.
1969 -Automatic capability was extended to the 450 MHz band and the so
called "Improved Mobile Telephone System" (IMTS) became the standard for
mobile telephone service in the U.S.
Advanced Systems (Cellular Concept)
As early as 1947, it was realized that small cells with frequency reuse could
increase traffic capacity substantially and the basic cellular concept was
developed. However, the technology did not exist.
1953 -AT&T proposed to the FCC a broadband mobile telephone system to
operate in the 800 MHz region.
1970 -FCC announced a tentative allocation of 75 MHz in the 800 MHz
region and invited industry to submit proposals for achieving communication
objectives and demonstrating feasibility.
1971 -AT&T responds with a technical report asserting feasibility by detailing
how a "cellular system" might be composed. No other proposed systems were
submitted to the FCC.
1974 -FCC makes a firm allocation of 40 MHz for mobile telephone service
and solicited applications for developmental Systems to prove the feasibility of
so-called "Cellular Systems" but because of the beginnings of Bell Systems
divestiture proceedings, ruled that Western Electric could not manufacture
cellular terminal equipment. This was because Western Electric makes the
39

network equipment and the restriction from selling both terminal and network
products were to prevent further monopolization.
1975 -AT&T applied for authorization to operate a developmental cellular
system in Chicago.
1977 -License granted in March of 1977. Illinois Bell Telephone constructs
and operates a developmental cellular system.
1978 -Mid 1978 the Equipment Test phase commenced. The Service Testphase started in late 1978. Twenty-one hundred mobile sets were procured
from three suppliers for the test and the system served over 2000 trial
customers.
1981 -FCC issues standard rules and due to the direction already taken, In
the Bell System divestiture proceedings, now rules that Western Electric is
permitted to manufacture cellular terminals as well as the network equipment.
In the years between 1974 and 1981, AT&T Bell Labs worked with all other cellula
r
terminal vendors to develop their cellular phones so that consumers would have
quality products available to use on the cellular network.
2. Explain in detail IEEE 802.11 MAC layer structure
The MAC sublayer is responsible for the channel allocation procedures,
protocol data unit (PDU) addressing, frame formatting, error checking, and
fragmentation and reassembly. The transmission medium can operate in the
contention mode exclusively, requiring all stations to contend for access to the
channel for each packet transmitted. The medium can also alternate between
the contention mode, known as the contention period (CP), and a contentionfree period (CFP). During the CFP, medium usage is controlled (or mediated)
by the AP, thereby eliminating the need for stations to contend for channel
access. IEEE 802.11 supports three different types of frames: management,
control, and data. The management frames are used for station association
and disassociation with the AP, timing and synchronization, and
authentication and deauthentication. Control frames are used for handshaking
40

during the CP, for positive acknowledgments during the CP, and to end the
CFP. Data frames are used for the transmission of data during the CP and
CFP, and can be combined with polling and acknowledgments during the
CFP. The standard IEEE 802.11 frame format is illustrated in Fig. 1 The IEEE
standard 48-bit MAC addressing is used to identify a station. The 2 duration
octets indicate the time (in microseconds) the channel will be allocated for
successful transmission of a MAC protocol data unit (MPDU). The type bits
identify the frame as either control, data or management. The subtype bits
further identify the type of frame (e.g., Clear to Send control frame). A 32-bit
cyclic redundancy check (CRC) is used for error detection.
Fig 1. IEEE 802.11 MAC frame format
DISTRIBUTED COORDINATION FUNCTION
The DCF is the fundamental access method used to support asynchronous
data transfer on a best effort basis. As identified in the specification, all
stations must support the DCF. The DCF operates solely in the ad hoc
network, and either operates solely or coexists with the PCF in an
infrastructure network. The MAC architecture is depicted in Fig. 2, where it is
shown that the DCF sits directly on top of the physical layer and supports
contention services. Contention services imply that each station with an
MSDU queued for transmission must contend for access to the channel and,
once the MSDU is transmitted, must recontend for access to the channel for
all subsequent frames. Contention services promote fair access to the
channel for all stations. The DCF is based on carrier sense multiple access
with collision avoidance (CSMA/CA). CSMA/CD (collision detection) is not
41

used because a station is unable to listen to the channel for collisions while
transmitting. In IEEE 802.11, carrier sensing is performed at both the air
interface, referred to as physical carrier sensing, and at the MAC sublayer,
referred to as virtual carrier sensing. Physical carrier sensing detects the
presence of other IEEE 802.11 WLAN users by analyzing all detected
packets, and also detects activity in the channel via relative signal strength
from other sources. A source station performs virtual carrier sensing by
sending MPDU duration information in the header of request to send (RTS),
clear to send (CTS), and data frames. An MPDU is a complete data unit that
is passed from the MAC sublayer to the physical layer. The MPDU contains
header information payload, and a 32-bit CRC. The duration field indicates the
amount of time (in microseconds) after the end of the present frame the
channel will be utilized to complete the successful transmission of the data or
management frame. Stations in the BSS use the information in the duration
field to adjust their network allocation vector (NAV), which indicates the
amount of time that must elapse until the current transmission session is
complete and the channel can be sampled again for idle status. The channel
is marked busy if either the physical or virtual carrier sensing mechanisms
indicate the channel is busy. Priority access to the wireless medium is
controlled through the use of interframe space (IFS) time intervals between
the transmission of frames. The IFS intervals are mandatory periods of idle
time on the transmission medium. Three IFS intervals are specified in the
standard: short IFS (SIFS), point coordination function IFS (PIFS), and DCFIFS
(DIFS). The SIFS interval is the smallest IFS, followed by PIFS and DIFS,
respectively. Stations only required to wait a SIFS have priority access over
those stations required to wait a PIFS or DIFS before transmitting; therefore,
SIFS has the highest-priority access to the communications medium. For the
basic access method, when a station senses the channel is idle, the station
waits for a DIFS period and samples the channel again. If the channel is still
idle, the station transmits an MPDU. The receiving station calculates the
checksum and determines whether the packet was received correctly. Upon
receipt of a correct packet, the receiving station waits a SIFS interval and
42

transmits a positive acknowledgment frame (ACK) back to the source station,

indicating that the transmission was successful.
POINT COORDINATION FUNCTION (PCF)
The PCF is an optional capability, which is connection-oriented, and provides
contention-free (CF) frame transfer. The PCF relies on the point coordinator (PC
) to
perform polling, enabling polled stations to transmit without contending for the
channel. The function of the PC is performed by the AP within each BSS. Stations
within the BSS that are capable of operating in the CF period (CFP) are known as
CF-aware stations. The method by which polling tables are maintained and the
polling sequence is determined, is left to the implementor. The PCF is required
to
coexist with the DCF and logically sits on top of the DCF (Fig. 2). The CFP repe
tition
interval (CFP_Rate) is
Fig 2. MAC Architecture
used to determine the frequency with which the PCF occurs. Within a
repetition interval, a portion of the time is allotted to contention-free traffi
c, and
the remainder is provided for contention-based traffic. The CFP repetition
interval is initiated by a beacon frame, where the beacon frame is transmitted
by the AP. One of its primary functions is synchronization and timing. The
duration of the CFP repetition interval is a manageable parameter that is
always an integral number of beacon frames. Once the CFP_Rate is
43

established, the duration of the CFP is determined. The maximum size of the
CFP is determined by the manageable parameter CFP_Max_Duration. The
minimum value of CFP_Max_Duration is the time required to transmit two
maximum-size MPDUs, including overhead, the initial beacon frame, and a
CF-End frame. The maximum value of CFP_Max_Duration is the CFP
repetition interval minus the time required to successfully transmit a
maximumsize MPDU during the CP (which includes the time for RTS/CTS
handshaking and the ACK). Therefore, time must be allotted for at least one
MPDU to be transmitted during the CP. It is up to the AP to determine how
long to operate the CFP during any given repetition interval. If traffic is very
light, the AP may shorten the CFP and provide the remainder of the repetition
interval for the DCF. The CFP may also be shortened if DCF traffic from the
previous repetition interval carries over into the current interval. The maximum
amount of delay that can be incurred is the time it takes to transmit an
RTS/CTS handshake, maximum MPDU, and ACK
3.Explain the IEEE 802.11 physical layer
The IEEE 802.11 draft specification calls for three different physical-layer
implementations: They are
frequency hopping spread spectrum (FHSS),
direct sequence spread spectrum (DSSS), and
Infra Red.
The FHSS utilizes the 2.4 GHz Industrial, Scientific, and Medical (ISM) band
(i.e., 2.4000 2.4835 GHz). In the United States, a maximum of 79 channels
are specified in the hopping set. The first channel has a center frequency of
2.402 GHz, and all subsequent channels are spaced 1 MHz apart. The 1 MHz
separation is mandated by the FCC for the 2.4 GHz ISM band. The channel
separation corresponds to 1 Mb/s of instantaneous bandwidth. Three different
hopping sequence sets are established with 26 hopping sequences per set.
Different hopping sequences enable multiple BSSs to coexist in the same
geographical area, which may become important to alleviate congestion and
maximize the total throughput in a single BSS. The reason for having three
44

different sets is to avoid prolonged collision periods between different hopping

sequences in a set. The minimum hop rate permitted is 2.5 hops/s. The basic
access rate of 1 Mb/s uses two-level Gaussian frequency shift keying (GFSK),
where a logical 1 is encoded using frequency Fc + f and a logical 0 using
frequency Fc
f. The enhanced access rate of 2 Mb/s uses four-level GFSK,
where 2 bits are encoded at a time using four frequencies.
The DSSS also uses the 2.4 GHz ISM frequency band, where the 1 Mb/s
basic rate is encoded using differential binary phase shift keying (DBPSK),
and a 2 Mb/s enhanced rate uses differential quadrature phase shift keying
(DQPSK). The spreading is done by dividing the available bandwidth into 11
subchannels, each 11 MHz wide, and using an 11-chip Barker sequence to
spread each data symbol. The maximum channel capacity is therefore (11
chips/ symbol)/(11 MHz) = 1 Mb/s if DBPSK is used. Overlapping and
adjacent BSSs can be accommodated by ensuring that the center frequencies
of each BSS are separated by at least 30 MHz [3]. This rigid requirement will
enable only two overlapping or adjacent BSSs to operate without interference.
45

Fig IEEE 802.11 physical layer activities

The IR specification identifies a wavelength range from 850 to 950 nm. The IR
band is designed for indoor use only and operates with nondirected
transmissions. The IR specification was designed to enable stations to receive
line-of-site and reflected transmissions. Encoding of the basic access rate of 1
Mb/s is performed using 16-pulse position modulation (PPM), where 4 data
bits are mapped to 16 coded bits for transmission. The enhanced access rate
(2 Mb/s) is performed using 4-PPM modulation, where 2 data bits are mapped
to 4 coded bits for transmission.
IEEE 802.11a makes use of 5-GHz band and Provides rates of 6, 9 ,
12, 18, 24, 36, 48, 54 Mbps. It uses orthogonal frequency division multiplexing
(OFDM) as the physical layer. It is basically a multicarrier system in which the
46

subcarriers used are orthogonal to each other. The subcarriers are modulated
using BPSK, QPSK, 16-QAM or 64-QAM.
IEEE 802.11b standard provides data rates of 5.5 and 11 Mbps. In this
case the barker code used for spreading is replaced by complementary code
keying (CCK) modulation scheme shown below.
Fig 11Mbps CCK modulation scheme
4. Explain in detail about the Mobile radio standards around the world.
Many mobile radio standards have been developed for Wireless
systems throughout the world, and more standards are likely to emerge.
Some of the standards prevalent throughout the world are listed below.
The world s first cellular system was implemented by the Nippon Telephone
and Telegraph Company (NTT) in Japan. The system deployed in 1979, uses
6 FM Duplex channels (25 KHz for each one way link) in the 800 MHz band.
MOBILE RADIO STANDARDS IN NORTH AMERICA
Standard Type
Year of
Introduction
Multiple
Access
Frequency
band
Modulation
Channel
Bandwidth
AMPS cellular 1983 FDMA 824-894 FM 30 KHz
47

MHz
NAMPS cellular 1992 FDMA
824-894
MHz
FM 10 KHz
USDC cellular 1991 TDMA
824-894
MHz
p/4DQPSK
30KHz
CDPD cellular 1993
FH/
packet
824-894
MHz
GMSK 30 KHz
IS-95
Cellular/
PCS
1993 CDMA
824-894
MHz/
1.8-2.0 GHz
QPSK/
BPSK
1.25 MHz
GSC paging 1970S Simplex several FSK 1.25 KHz
POCSAG Paging 1970S Simplex several FSK 1.25 KHz
FLEX Paging 1993 Simplex several 4-FSK 15 KHz
DCS-900
(GSM)
PCS 1994 TDMA
1.85-1.99
GHz
GMSK 200 KHz
PACS
Cordless/
PCS
1994
FDMA/
TDMA
1.85-1.99
GHz
p/4DQPSK
300 KHz
MIRS
SMR/PC
S
1994 TDMA several 16-QAM 25 KHz
iDen
SMR/PC
S
1995 TDMA several 16-QAM 25 KHz
MOBILE RADIO STANDARDS IN EUROPE
Standard Type Year of Multiple Frequency Modulation Channel

48

Introduction Access band Bandwidth

ETACS Cellular 1985 FDMA 900MHz FM 25 KHz
NMT-450 Cellular 1981 FDMA
450-470
MHz
FM 25 KHz
NMT-900 Cellular 1986 FDMA
890-960
MHz
FM 12.5 KHz
GSM
Cellular/
PCS
1990 TDMA
890-960
MHz
GMSK 200 KHz
C-450 Cellular 1985 FDMA
450-465
MHz
FM
20 KHz/
10 KHz
ERMES Paging 1993 FDMA Several 4-FSK 25 KHz
CT2 Cordless 1989 FDMA
864-868
MHz
GFSK 100 KHz
DECT Cordless 1993 TDMA
1880-1900
MHz
GFSK 1.728 MHz
DCS1800
Cordless/
PCS
1993 TDMA
1710-1880
MHz
GFSK 200 KHz
The first generation European cellular systems are generally incompatible with o
ne
another because of the different frequencies and communication protocols used.
MOBILE RADIO STANDARDS IN JAPAN
Standard Type
Year of
Introduction
Multiple
Access
Frequency
band
Modulation
Channel
Bandwidth
JTACS Cellular 1988 FDMA 860-925 MHz FM 25 KHz
49

PDC Cellular 1993 TDMA 810-1501 MHz

p/4DQPSK
25 KHz
NTT Cellular 1979 FDMA 400/800 MHz FM 25 KHz
NTACS Cellular 1993 FDMA 843-925 MHz FM 12.5 KHz
NTT Paging 1979 FDMA 280 MHz FSK 12.5 KHz
NEC Paging 1979 FDMA Several FSK 10 KHz
PHS Cordless 1993 TDMA 1895-1907 MHZ
p/4DQPSK
300 KHz
5. Discuss in detail about the security mechanism used in WLAN
Two security services are specified in IEEE 802.11, the authentication service a
nd
the privacy service. The privacy service is provided by Wired Equivalent Privacy
(WEP) algorithm. The authentication service provides two basic levels of securit
y.
The first, Open System Authentication (OSA) is mandatory, but provides essential
ly
no security.The second is shared-key authentication that provides the highest le
vel
of security available and uses the WEP algorithm.
Wired Equivalent Privacy (WEP)
The WEP is based on the use of RC4 encryption. RC4 as specified in the standard
operates in Output FeedBack (OFB) mode as shown in Figure 1. The RC4 algorithm
has three inputs; an initializing vector IV, the random key, and the plaintext.
The IV
vector is input to E, the RC4 encryption algorithm, along with the key. The algo
rithm
generates a keystream output from E that is sent to the output box O. The output
box
O shifts the keystream out, a byte at a time and each byte is combined with the
plaintext P under the Exclusive OR function. The output of E is also fed back to
the I
50

stage which causes the keystream to vary as a function of IV and the key. That i
s:
Given:
The plaintext pj and RC4(IV, Key)
Form: cj = pj RC4(IV, Key)
Encryption is shown on the left and decryption on the right side of Figure 1.
Since IV must be known to the transmitter and receiver, it is sent to the receiv
er as
an unencrypted part of the ciphertext stream. The logic function to insert IV in
to the
ciphertext stream and recover it from the stream for input to the I function at
the
receiving end are not shown, but are straightforward functions. IV does not have
to
be secret since RC4 s strength is derived from the algorithm and key, not IV.
However, the integrity of IV needs to be assured or decryption will not function
properly. The RC4 algorithm supports variable length keys. The two lengths most
commonly used for wireless applications are 40 bits for export controlled system
s
and 128 bits for domestic application. Although most vendors advertise 128 bit
encryption, the effective key length is 104 bits . One of the primary requiremen
ts of
stream ciphers in general and RC4 as well is that the implementation must ensure
that the keystream is never used twice to encrypt a data stream.
Fig stream cipher operation
51

Authentication
Prior to sending data, a station (i.e., a wireless device) and an access point m
ust
authenticate and establish an association. An association is a binding between t
he
station and the access point. Once successfully authenticated and associated
stations can exchange data with the access point (i.e., enter the network). The
two
authentication methods supported are
Open System authentication and
Shared key Authentication.
Open System Authentication(OSA)
In OSA, two management frames are exchanged between the station and the
access point (AP). The first frame is sent from the station to the AP and includ
es the
station Media Access Control (MAC) address and an identifier indicating it is an
authentication request. The AP responds with a second frame that includes a stat
us
field indicating authentication success or failure. The station is now authentic
ated
and unassociated. Two more frames are passed to establish and association. Most
wireless vendors have implemented a wireless access control mechanism as part of
the association process that is based on examining the station MAC address and
blocking unwanted stations from associating
Shared Key Authentication
Shared key authentication uses the optional WEP algorithm along with a challenge
response system to mutually authenticate a station and an AP. Authentication
consists of the exchange of 4 messages for station authentication and 4 more for
AP
authentication APs send beacon messages to announce their presence. A station
wishing to enter the network finds a beacon message and then initiates
authentication with the AP whose address appears in the beacon message. The
exchange is shown in Figure 2
The initiating station sends a management frame (sequence # 1) to the AP
requesting authentication. The frame is sent in the clear. The responding AP sen
ds
sequence #2 which contains an authentication challenge in the message body. The
challenge is 128 octets in length. The AP challenge is generated by combining a
52

pseudo random number with the shared secret key and a random initializing vector
(IV) and sent as a clear text message (i.e.,unencrypted). The station receives t
he
message, extracts the challenge and copies it to a new management frame. This
frame is encrypted under the WEP algorithm using the shared key and a new IV
and sent to the AP. The IV used by the station is also sent to the AP in the cle
ar so
the AP knows what IV to use with the secret key to decrypt the frame. The AP
receives the frame, decrypts the contents, and checks the validity of the CRC 32
check sum, and tests the challenge to see if it matches the original challenge s
ent to
the station. If the CRC 32 check is invalid, the frame is dropped. If the CRC-32
is
valid, the challenge is tested. On a match, the station is successfully authenti
cated.
The process is repeated to authenticate the AP to the stationThe protocol for
exchanging authentication messages can be exploited to allow unauthorized statio
ns
to enter the network.
6. Explain the principle of cellular telephony
Cellular telephony systems are radio systems that involve distributed
transmission. Therefore, rather than having a single transmitter service
53

many different users over a wide area of coverage (e.g., commercial FM

radio), the coverage area is divided into smaller areas known as cells.
Each cell has one stationary transceiver known as a base station. A user
of a cellular system communicates with the base station to place a call.
The call can be data or voice, and the base station routes the call to either
a terrestrial network to the termination point or to another user of the
same cellular network. Normally, for voice calls, the base station either
directly or indirectly routes the call to a public switched telephony
network (PSTN).Each user of a cellular system is also sometimes called a
subscriber. The basic relationship between a subscriber and the base
station is shown in Figure 1-1. The communications link from the base
station to the subscriber is referred to as the downlink or forward link,
while the link from the subscriber to the base station is referred to as the
uplink or reverse link. Cellular subscribers can be stationary or mobile. If
the subscriber is mobile, then the cellular network must be able to handle
the situation in which a mobile subscriber (also known as a mobile
station) moves from one cell to another. This event is known as handoff
for handover. If the mobile station can engage in simultaneous
communication with multiple base stations, then it is said to be in soft
handoff In order to ensure that a call is not dropped when a handoff
occurs, information about the mobile station is usually known to the base
stations involved in the handoff. Due to this and for other reasons, some
communication exists in the network that connects base stations together
in a cellular system. This network is known as the backbone network or
simply the backhaul.
54

The backbone network consists of several entities between the PSTN and the base
station. The base station usually interfaces with a base station controller (BSC
),
which networks a cluster of base stations to ensure that call admission and hand
over
can function in a coordinated manner among base stations within a geographical
region. A cluster is a group of cells that use the complete set of available tel
ephony
channels in a cellular network. One or more BSCs are usually connected to a mobi
le
switching center (MSC), which interfaces directly with the PSTN. The MSC
contains information about the cellular subscriber that can be used to route oth
er
information to that user during the call. Moreover, a home location register (HL
R)
may be co-located with the MSC; this entity contains user-specific information u
sed
primarily for authentication of the subscriber during call initialization. The
intercommunication between the mobile station, base station, BSC and MSC is
shown in Figure 1-2. A cellular telephone system has two basic functions; it mus
t
locate and track both active and inactive mobile stations (MSs), and it must alw
ays
attempt to connect the active MSs to the best available base station(s) (BS(s)).
The
former task is the subject of user location updating and paging. The latter task
requires the continuous evaluation of the radio link quality with the serving BS
(s),
and the radio link quality with alternate BSs. This monitoring is performed by a
computer system that uses knowledge of the link quality evaluations, in addition
to
55

the system topology and traffic flow, to decide upon the best BS(s) to serve a
particular MS.
7.Explain in detail RC4 stream cipher algorithm
RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a
variable keysize stream cipher with byte-oriented operations. The algorithm is b
ased
on the use of a random permutation. Eight to sixteen machine operations are
required per output byte, and the cipher can be expected to run very quickly in
software. RC4 was kept as a trade secret by RSA Security. A variable-length key
of
from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vect
or S,
with elements S[0], S[1], , S[255]. At all times, S contains a permutation of all
8-bit
numbers from 0 through 255. For encryption and decryption, a byte k is generated
from S by selecting one of the 255 entries in a systematic fashion. As each valu
e of k
is generated, the entries in S are once again permuted.
Initialization of S
To begin, the entries of S are set equal to the values from 0 through 255 in
ascending order; that is;
S[0] = 0, S[1] = 1, , S[255] = 255.
56

A temporary vector, T, is also created. If the length of the key K is 256 bytes,
then K
is transferred to T. Otherwise, for a key of length keylen bytes, the first keyl
en
elements of T are copied from K and then K is repeated as many times as necessar
y
to fill out T. These preliminary operations can be summarized as follows:
/* Initialization */
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];
Next we use T to produce the initial permutation of S. This involves starting wi
th S[0]
and going through to S[255], and, for each S[i], swapping S[i] with another byte
in S
according to a scheme dictated by T[i]:
/* Initial Permutation of S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);
Because the only operation on S is a swap, the only effect is a permutation. S s
till
contains all the numbers from 0 through 255.
Stream Generation
Once the S vector is initialized, the input key is no longer used. Stream genera
tion
involves starting with S[0] and going through to S[255], and, for each S[i], swa
pping
S[i] with another byte in S according to a scheme dictated by the current
configuration of S. After S[255] is reached, the process continues, starting ove
r again
at S[0]:
/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
57

k = S[t];
To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the
value k with the next byte of ciphertext.

58

Fig 2 RC4
8.Explain in detail about general packet radio service.
General Packet Radio Services (GPRS) is a mobile data service available to
users of GSM and IS-136 mobile phones. GPRS data transfer is typically charged
per megabyte of transferred data, while data communication via traditional circu
it
switching is billed per minute of connection time, independently of if the user
actually
has transferred data or been in an idle state. GPRS can be utilized for services
such
as WAP access, SMS and MMS, but also for Internet communication services such
as email and web access.2G cellular systems combined with GPRS is often
described as "2.5G", that is, a technology between the second and third generati
ons
of mobile telephony. It provides moderate speed data transfer, by using unused
TDMA channels.
59

GPRS is different from the older Circuit Switched Data (or CSD) connection inclu
ded
in GSM standards. In CSD, a data connection establishes a circuit, and reserves
the
full bandwidth of that circuit during the lifetime of the connection. GPRS is pa
cketswitched which means that multiple users share the same transmission channel,
only transmitting when they have data to send. This means that the total availab
le
bandwidth can be immediately dedicated to those users who are actually sending a
t
any given moment, providing higher utilisation where users only send or receive
data
intermittently. Web browsing, receiving e-mails as they arrive and instant messa
ging
are examples of uses that require intermittent data transfers, which benefit fro
m
sharing the available bandwidth.The multiple access methods used in GSM with
GPRS is based on frequency division duplex (FDD) and FDMA. During a session, a
user is assigned to one pair of uplink and downlink frequency channels. This is
combined with time domain statistical multiplexing, i.e. packet mode communicati
on,
which makes it possible for several users to share the same frequency channel. T
he
packets have constant length, corresponding to a GSM time slot. In the downlink,
first-come first-served packet scheduling is used. In the uplink, a scheme that
is very
similar to reservation ALOHA is used. This means that slotted Aloha (S-ALOHA) is
used for reservation inquiries during a contention phase, and then the actual da
ta is
transferred using first-come first-served scheduling.
GPRS speeds and profile
Packet-switched data under GPRS is achieved by allocating unused cell bandwidth
to transmit data. As dedicated voice (or data) channels are setup by phones, the
bandwidth available for packet switched data shrinks. A consequence of this is t
hat
packet switched data has a poor bit rate in busy cells. The theoretical limit fo
r packet
switched data is 171.2 kbit/s (using 8 time slots and CS-4 coding). A realistic
bit rate
is 30 80 kbit/s, because it is possible to use max 4 time slots for downlink. A ch
ange
to the radio part of GPRS called EDGE (sometimes called EGPRS or Enhanced
GPRS however it actually stands for Enhanced Data rates for GSM Evolution) allow
s
higher bit rates of between 160 and 236.8 kbit/s. The maximum data rates are
achieved only by allocation of more than one time slot in the TDMA frame. Also,
the
higher the data rate, the lower the error correction capability. Generally, the
connection speed drops logarithmically with distance from the base station. This
is
60

not an issue in heavily populated areas with high cell density, but may become a
n
issue in sparsely populated/rural areas.
GPRS coding scheme
Transfer speed depends also on the channel encoding used. The least robust (but
fastest) coding scheme (CS-4) is available near the Base Transceiver Station (BT
S)
while the most robust coding scheme (CS-1) is used when the Mobile Station (MS)
is
further away from the BTS.Using the CS-4 it is possible to achieve a user speed
of
20.0 kbit/s per time slot. However, using this scheme the cell coverage is 25% o
f
normal. CS-1 can achieve a user speed of only 8.0 kbit/s per time slot, but has
98%
of normal coverage. Newer network equipment can adapt the transfer speed
automatically depending on the mobile location.
GPRS upgrades GSM data services providing:
MMS -Multimedia Messaging Service
Push To Talk over Cellular PoC / PTT -Push to talk
Instant Messaging and Presence Wireless_Village
Internet Applications for Smart Devices through WAP
Point-to-point (PTP) service: internetworking with the Internet (IP protocols).
Short Message Service (SMS): bearer for SMS.
Future enhancements: flexible to add new functions, such as more capacity,
more users, new accesses, new protocols, new radio networks.
9. Explain the GSM architecture
GSM is a cellular network, which means that mobile phones connect to it by
searching for cells in the immediate vicinity. GSM networks operate in four diff
erent
frequency ranges. Most GSM networks operate in the 900 MHz or 1800 MHz
bands..In the 900 MHz band the uplink frequency band is 890-915 MHz, and the
downlink frequency band is 935-960 MHz. This 25 MHz bandwidth is subdivided into
124 carrier frequency channels, each spaced 200 kHz apart. Time division
multiplexing is used to allow eight full-rate or sixteen half-rate speech channe
ls per
radio frequency channel. There are eight radio timeslots (giving eight burst per
iods)
61

grouped into what is called a TDMA frame. Half rate channels use alternate frame
s
in the same timeslot. The channel data rate is 270.833 kbit/s, and the frame dur
ation
is 4.615 ms.The transmission power in the handset is limited to a maximum of 2
watts in GSM850/900 and 1 watt in GSM1800/1900.
The structure of a GSM network
GSM has used a variety of voice codecs to squeeze 3.1kHz audio into between 6
and 13kbps. Originally, two codecs, named after the types of data channel they w
ere
allocated, were used, called "Full Rate" (13kbps) and "Half Rate" (6kbps). These
used a system based upon linear predictive coding (LPC). In addition to being
efficient with bitrates, these codecs also made it easier to identify more impor
tant
parts of the audio, allowing the air interface layer to prioritize and better pr
otect these
parts of the signal.GSM was further enhanced in the mid-nineties with the GSM-EF
R
codec, a 12.2kbps codec that uses a full rate channel. Finally, with the develop
ment
of UMTS, EFR was refactored into a variable-rate codec called AMR-Narrowband,
which is high quality and robust against interference when used on full rate cha
nnels,
and less robust but still relatively high quality when used in good radio condit
ions on
62

half-rate channels.There are four different cell sizes in a GSM network -macro,
micro, pico and umbrella cells. The coverage area of each cell varies according
to
the implementation environment. Macro cells can be regarded as cells where the
base station antenna is installed on a mast or a building above average roof top
level. Micro cells are cells whose antenna height is under average roof top leve
l; they
are typically used in urban areas. Picocells are small cells whose diameter is a
few
dozen meters; they are mainly used indoors. On the other hand, umbrella cells ar
e
used to cover shadowed regions of smaller cells and fill in gaps in coverage bet
ween
those cells.
Cell radius varies depending on antenna height, antenna gain and propagation
conditions from a couple of hundred meters to several tens of kilometers. The
longest distance the GSM specification supports in practical use is 35 km or 22
miles. There are also several implementations of the concept of an extended cell
,
where the cell radius could be double or even more, depending on the antenna
system, the type of terrain and the timing advance.Indoor coverage is also suppo
rted
by GSM and may be achieved by using an indoor picocell base station, or an indoo
r
repeater with distributed indoor antennas fed through power splitters, to delive
r the
radio signals from an antenna outdoors to the separate indoor distributed antenn
a
system. These are typically deployed when a lot of call capacity is needed indoo
rs,
for example in shopping centers or airports. However, this is not a prerequisite
, since
indoor coverage is also provided by in-building penetration of the radio signals
from
nearby cells.
The modulation used in GSM is Gaussian minimum shift keying (GMSK), a kind of
continuous-phase frequency shift keying. In GMSK, the signal to be modulated ont
o
the carrier is first smoothed with a Gaussian low-pass filter prior to being fed
to a
frequency modulator, which greatly reduces the interference to neighboring chann
els
(adjacent channel interference).
Network structure
The network behind the GSM system seen by the customer is large and
complicated in order to provide all of the services which are required. It is di
vided into a
number of sections and these are each covered in separate articles.
63

the Base Station Subsystem (the base stations and their controllers).
the Network and Switching Subsystem (the part of the network most similar to
a fixed network). This is sometimes also just called the core network.
the GPRS Core Network (the optional part which allows packet based Internet
connections).
all of the elements in the system combine to produce many GSM services
such as voice calls and SMS.
Subscriber identity module
One of the key features of GSM is the Subscriber Identity Module (SIM), commonly
known as a SIM card. The SIM is a detachable smart card containing the user's
subscription information and phonebook. This allows the user to retain his or he
r
information after switching handsets.
GSM security
GSM was designed with a moderate level of security. The system was designed to
authenticate the subscriber using shared-secret cryptography. Communications
between the subscriber and the base station can be encrypted. GSM uses several
cryptographic algorithms for security. The A5/1 and A5/2 stream ciphers are used
for
ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger
algorithm used within Europe and the United States; A5/2 is weaker and used in
other countries. A large security advantage of GSM over earlier systems is that
the
Ki, the crypto variable stored on the SIM card that is the key to any GSM cipher
ing
algorithm, is never sent over the air interface. Serious weaknesses have been fo
und
in both algorithms, and it is possible to break A5/2 in real-time in a ciphertex
t-only
attack. The system supports multiple algorithms so operators may replace that
cipher with a stronger one.
10.Explain the two ray reflection model
When the two antennas (transmitting and receiving) are on the earth, then there
are
multiple paths from the transmitter to the receiver. The effect of the multiple
paths is
the change in the path loss between two points. The simplest case is when the
64

antenna heights, hb and hm, are small compared with their separation, d, and the
refl
ecting earth surface is assumed to be flat. The received signal is then represen
ted
by a scattered fi eld, Es, that is approximated by a combination of a direct wav
e and
reflected wave
(1)
Fig Two ray reflection model
where:
cr _ coefficient of reflection
E _ electric field
.._ _ phase difference between the direct and reflected path
(2)
where:
.d _ difference between direct path and refl ected path
In the mobile radio environment, cr = -1, and ..
is much less than one
65

radian. Thus Equation 2 can be written as

(3)
Since the received power Pr is proportional to the square of the field strength,
the power level at the antenna output located at the distance, d, from the trans
mitter,
including the path loss, will be:
(4)
From fig.1
(5)
Using image property
(6)
66

(7)
Substituting for ..
from eq.7 into eq.5,we get
(8)
11. Explain in detail about wireless network topologies
Wireless network topology refers to the configuration in which a mobile terminal
communicates with another. The two fundamental types of topologies used in
wireless networks are
a) infrastructure, centralized or hub and spoke topology
b) ad hoc or distributed topology
Infrastructure network topology
In this topology, there is a fixed (wired ) infrastructure that supports communi
cation
between mobile terminals and between mobile and fixed terminals. The
infrastructure networks are often designed for large coverage areas and multiple
base station or access point operations. Figure 1 shows the basic operation of a
n
infrastructure network with a single BS/AP. The BS/AP serves as the hub of the
network, and the mobile terminals are located at the ends of the spokes. Any
communication between one wireless user station to another, i.e. between peers h
as
to be sent through the BS/AP. The hub station usually controls the mobile statio
ns
67

and monitors what each station is transmitting. Thus the hub station is involved
in
managing user access to the network. All standardized cellular mobile telephone
and
wireless data systems use an infrastructure network topology to serve mobile
terminals operating within the coverage area of any BS. The IEEE 802.11 standard
and most of the wireless LAN products support infrastructure operation
Fig 1. Basic operation of an infrastructure network topology
Ad hoc network topology
This type of network topology applies to reconfigurable networks that can operat
e
without the need for a fixed infrastructure. These networks are primarily used b
y
the military and also in a few commercial applications for voice and data
transmission. Such a topology is suitable for rapid deployment of a wireless net
work
in a mobile or fixed environment. Fig 2 shows two variations of the ad hoc netwo
rk
topology. Fig 2.a is a single hop ad hoc network where, as the name implies ever
y
user terminal has the functional capability of communicating directly with any o
f the
other user terminals. The IEEE 802.11 WLAN standard supports single hop as hoc
topology.
68

Fig 2.Ad hoc networking (a) single hop peer to peer topology (b) multi hop ad ho
c
network topology
In some as hoc networking applications, where users may be distributed over a wi
de
area, a given user terminal may be able to reach only a portion of the other use
rs in
the network due to transmitter signal power limitations. In this situation, user
terminals will have to co-operate in carrying messages across the network betwee
n
widely separated stations. Networks designed to function this way are called
multihop ad hoc networks and is illustrated in fig2.b. In this type of network e
ach
terminal should be aware of the neighboring terminals in its coverage range. Thi
s
type of network configuration is used in military applications.
12. Explain in detail the ALOHA and slotted ALOHA random access protocols
used in wireless systems
ALOHA
This is a single hop system with infinite users. Each user generates packets of
data according to a Poisson process with arrival rate .
(packets/sec) and all
packets have the same fixed length T. In this scheme, when the MS has a packet
to transmit, it transmits the packet right away. The sender side also waits to s
ee
whether transmission is acknowledged by the receiver; no response within a
specified period of time indicates a collision with another transmission. If the
69

presence of a collision is determined by the sender, it retransmits after some

random wait time, as shown in fig.1 where the arrows indicate the arrival times.

Fig 1 Collision mechanism in ALOHA

Each packet is generated by different users. In this method, it is assumed that
the packets and users are identical. Thus the time point at which the packet
transmission attempts are made is only considered. Considering the channel over
time, the scheduling time includes both the generation times of new packets and
the retransmission times of previously collided packets. Let the rate of
scheduling be g (packets/sec). The parameter g is referred to as the offered loa
d
to the channel. Since some packets have to be transmitted more than once for
successful transmission, g>..
It is assumed that this scheduling process is a Poisson process with arrival tim
e
g. Consider a new or retransmitted packet scheduled for transmission at some
instant t. This packet can be successfully transmitted if there are no other
packets scheduled for transmission between the instants t-T and t+ T , where
the period 2T is called the vulnerable period. Therefore, the probability, Ps of
successful transmission is the probability that no packet is scheduled in an
interval of length 2T. Since the distribution of the scheduling time is assumed
to
be Poisson process,
Ps =P (no collision) = P (no transmission in two packets time)= e-2gT (1)
Since packets are scheduled at a rate of g packets per second with only a
fraction of Ps successful, the rate of successful transmission is g Ps . Definin
g
70

throughput as the fraction of time during which the useful information is carrie
d on
the channel, it can be written as
Sth= gTe-2gT =Ge-2G (2)
Where G=gT is the normalized offered load to the channel. The maximum
throughput Sth max can be obtained by differentiating eq.(2) w.r.t G. It is foun
d that
the maximum throughput occurs when G=1/2. Substituting in eq(2),
Sth max=1/2e

0.184 (3)

Slotted ALOHA
This is a modification of the ALOHA and in this scheme, the slot size is taken
as equal to the duration of the packet transmission T. Thus the vulnerable perio
d
for packet collision is reduced to a slot. It means that a transmission is succe
ssful
if and only if one packet is scheduled for transmission for the current slot. Fi
g.2
shows the collision mechanism in slotted ALOHA where a collision is observed
to be a full collision; thus, no partial collision occurs.
Since the process composed of newly generated and retransmitted packets id
Poisson, the probability of successful transmission is given by
-gT
Ps = e(4)
and the throughput becomes Sth= gTe-gT =Ge-G (5)
The maximum throughput Sth max can be obtained by differentiating eq.(5) w.r.t G
.
It is found that the maximum throughput occurs when G=1. Substituting in eq(5),
Sth max=1/e

0.368 (6)

Fig 3 shows the throughput of pure ALOHA and slotted ALOHA.

71

Fig.2 Collision mechanism in slotted ALOHA

Fig 3 Throughputs of pure ALOHA and slotted ALOHA
13. Explain in detail the CSMA and CSMA/CD random access protocols used in
wireless systems
Carrier Sense Multiple Access (CSMA)
In Carrier Sense Multiple Access protocol potential collision is prevented by
listening to the channel before transmitting a packet. Each MS can sense the
transmission of all other terminals, and the propagation delay is small compared
with
the transmission time. Fig 1 shows the collision process in the CSMA protocol.
72

Fig 1. Collision mechanism in CSMA

Two different variants of this protocol are
a. non persistent CSMA
b. persistent CSMA
Non persistent CSMA protocol
In this protocol, the MS senses the medium first whenever the MS has a packet to
send. If the medium is busy, the MS waits for a random amount of time and senses
the medium again. If the medium is idle, the MS transmits the packet immediately
. If
a collision occurs, the MS waits for a random amount of time and starts all over
again. The packets can be sent during a slotted period or can be transmitted at
any
arbitrary time. This leads to two different subcategories.
a. slotted non persistent CSMA
b. unslotted non persistent CSMA
For unslotted non persistent CSMA, the throughput is given by
-aG
S
=
Ge
(1)
-aG
th
G(1 +
2a) +
e
For slotted non persistent CSMA, the throughput is given by
-aG
Sth
=
aGe
(2)
-aG
(1e
) +
a
73

where a
=
t
, and t
is the propagation delay through the air.
T
Persistent CSMA
Two different variants of this protocol are
a. 1 persistent CSMA
b. p persistent CSMA
In 1 persistent CSMA protocol, the MS senses the medium when the MS has a
packet ready to send. If the medium is busy, the MS keeps listening to the mediu
m
and transmits the packet immediately after the medium becomes idle. This protoco
l
is called 1 persistent because the MS transmits with a probability of 1 whenever
it
finds the medium to be idle. However, in this protocol, there will always be a c
ollision
if two or more MSs have ready packets, are waiting for the medium to become free
,
and start transmitting at the same time. The two variants of this protocol are
unslotted 1 persistent CSMA and slotted 1 persistent CSMA. Given the system
parameters G and a, the throughput for unslotted 1 persistent CSMA is given by
.
aG
.
-G(1+2a)
G
1+G+aG(1+G+
) e
..
.
2 .
S
=
(3)
-aG
-G(1+a)
th
G(1+
2a)-(1-e
)+

(1+aG)e
the throughput for slotted 1 persistent CSMA is given by
-aG
-G
(1+a)
G(1+ae
)e
S
=
(4)
-aG
-G
(1+a)
th
(1+a)(1e
) +ae
In p persistent CSMA protocol, the time is slotted. In this protocol, the MS sen
ses
the medium when it has a packet to send. If the medium is busy, the MS waits unt
il
the next slot and checks the medium again. If the medium id idle, the MS transmi
ts
74

with probability p or deters transmission with probability (1-p) until the next
slot. If a
collision occurs, the MS waits for a random amount of time and starts all over a
gain.
Intuitively, this protocol is considered as an optimal access strategy. If N ter
minals
have a packet to send, Np, the expected number of terminals will attempt to tran
smit
once the medium becomes idle. If Np>1, then a collision is expected. Therefore,
the
network should make sure that Np=1.
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
In a typical CSMA protocol, if two terminals begin transmitting at the same time
, each
will transmit its complete packet even though they collide. This wastes the medi
um
for an entire packet time and can be addressed by a new protocol called CSMA
with collision detection. The main idea is to terminate transmission immediately
after
detection of a collision.
In this protocol, the terminal senses the medium when the terminal has a
packet to transmit. If the medium is not busy, the terminal will transmit the pa
cket
immediately. If the medium is busy, the terminal will wait until it becomes free
. If a
collision is detected during the transmission, the terminal aborts its transmiss
ion
immediately and it attempts to transmit later after waiting for a random amount
of
time. Fig 2 shows the collision mechanism in this protocol. Here two terminals A
and
B are considered. The propagation delay between them is t. Suppose A starts
transmission at time To, then its transmission reaches B at time To+t. Suppose B
initiates a transmission at To+t-e
(where e
is a small period such that 0<e=t). It takes
tcd for a terminal to detect collision, so at time To+t+ tcd B detects collision
. Then a
short jamming signal is transmitted to ensure that other stations know that coll
ision
has occurred before aborting the transmission, and a backoff algorithm is used t
o
schedule for future resensing time.
75

Fig 2. Collision mechanism in CSMA/CD

14. Explain the Scheduling approaches to medium access control
These approaches attempt to produce an orderly access to the transmission
medium. The different types of scheduling protocols are
iii. Reservation systems
iv. Polling
Reservation systems
Fig 1 shows the basic reservation system. The station takes turns transmitting
Fig.1 Basic reservation system
a single frame at the full rate R bps, and the transmissions from stations are
organized into cycles that can be variable in length. Each cycle begins with a
reservation interval. In the simplest case, the reservation interval consists of
M
76

minislots, one time slot per station. Stations use their corresponding minislot
to
indicate that they have a frame to transmit in a corresponding cycle. The statio
ns
announce their intention to transmit a frame by broadcasting their reservation b
it
during the appropriate minislot. By listening to the reservation interval, the s
tations
can determine the order of frame transmissions in the corresponding cycle. The
length of the cycle will the correspond to the number of stations that have a fr
ame to
transmit.
The basic reservation system improves the performance of a time division
multiplexing scheme by taking slots that would have gone idle and making them
available to other stations. Fig 2.a shows an example of the operation of the ba
sic
reservation system. In the initial portion only stations 3 and 5 have frames to
transmit. In the middle portion, station 8 becomes active, and the cycle is expa
nded
from two slots to three slots.
Fig 2. Operation of the reservation system with (a) negligible and
(b) nonnegligible delays
To find the maximum attainable throughput for this system, assume propagation
delay is negligible, the frame transmission times are X=1 time unit, the reserva
tion
minislot requires v time units, where v<1 and that one minislot is required per
frame
reservation. Each frame transmission then requires 1+v time units. The maximum
throughput occurs when all the stations are busy and is given by,
.max =1/1+v (1)
for one frame reservation/minislot. Very high throughputs can be achieved if v i
s very
small compared to 1.
77

Suppose the propagation delay is not negligible as shown in fig 2.b. The
stations transmit their reservations in the same way as before, but the reservat
ions
do not take effect until some fixed number of cycles later. If the cycle length
is
constrained to have some minimum duration that is greater than the round trip
propagation delay, then the reservations would take effect in the second followi
ng
cycle.
Polling
In this type of system, the stations take turns accessing the medium. At any giv
en
time, only one of the stations has the right to transmit into the medium. When a
station is done transmitting, some mechanism is used to pass the right to transm
it to
another station.
The different ways for passing the right to transmit from station to station is
shown
in fig 3. Fig 3.a shows the situation in which M stations communicate with the h
ost
computer. The host computer will act as the central controller that issues contr
ol
messages to co-ordinate the transmissions from the stations.
Fig.3. Polling systems (a) polling by central controller over lines
(b) polling
(c) polling
The central
polled, the
78

by central controller over radio transmissions

without a central controller
controller sends a polling message to the particular station. When
station sends its inbound frames and indicates the completion of its

transmission through a go-ahead message. The central controller might poll the
stations in round-robin fashion, or according to some other pre-determined order
.
Fig 3.b shows another situation where polling can be used. Here the central
controller may use radio transmissions in a certain frequency band to transmit
outbound frames and stations may share a different frequency band to transmit
inbound frames. This technique is called frequency division duplex (FDD) approac
h.
Again the centra l controllers can co-ordinate transmissions on the inbound chan
nel
by issuing polling messages. Another variation of fig 9.b involves having inboun
d and
outbound transmissions share one frequency band. This is the time division duple
x
(TDD) approach. In this case, there will be alternation between transmissions fr
om
the central controller and transmissions from polled stations. Fig3c shows a
situation where polling is used without a central controller. In such a case, th
e
stations will have a polling order developed using some protocol and all station
s will
be able to receive the signals from all other stations. After a station is done
transmitting, it is responsible for sending a polling message to the next statio
n in the
polling list.
79