01.02.2011
Uplink - a communication channel from a subscriber (phone or modem) to a base station of a mobile operator. Downlink - communication channel from the base station to the subscriber.
General table of radio frequencies
TELE2, a new operator for the Moscow region, has only LTE800, WCDMA2100, LTE2600 frequencies.
Accordingly, if you want to amplify the TELE2 signal, then you need to install 3G repeaters, because. only in this range there is voice communication.
3G frequency:
Cellular communication of the 3rd generation 3G / UMTS2100 in Russia operates at Uplink 1920 - 1980 MHz and Downlink 2110 - 2170 MHz.
Instead of a skylink, TELE2 currently uses these frequencies. Since there are not enough frequencies due to the growth of subscribers, they began to launch 3G at GSM900 and E-GSM frequencies, i.e. Uplink 880-915MHz and DownLink 925-960MHz.
Example 3G/UMTS900 for Moscow region (frequencies are indicated by DownLink, in UpLink everything is the same):
Both GSM and 3G cannot be in the same piece of frequencies at the same time, for example, like Megafon has the 2nd band in E-GSM frequencies. 3G has a frequency band of 5 MHz always and everywhere. In the Moscow region, Megafon has 3G / UMTS900 almost everywhere. MTS and Beeline are mainly used only in the South of the Moscow Region due to the military ban on operating on 2000 frequencies. (updated as of January 2015).
4G/LTE2600 frequency:
4G/LTE2500 - 4th generation communication, operates at frequencies of 2500-2700 MHz.
Information current as of January 2013.
FDD (frequency division duplex - frequency division of channels) is like incoming and outgoing channels in GSM go at different frequencies.
TDD (time division duplex - time division of channels) is outgoing and incoming channels on the same frequency!
Beeline got only 10 MHz.
TELE2 also received only 10 MHz. (look at Ros frequencies)
MTS - 35 MHz in the Moscow region and 10 MHz throughout the country.
And Megafon and Yota (this is the same holding) got as much as 65 MHz for two in the Moscow region and 40 MHz throughout Russia!
Through Yota in Moscow, only Megafon works in the 4G standard, in other regions - Megafon and MTS. Television (Cosmos-TV, etc.) will operate in the TDD range throughout Russia, except for Moscow.
4G/LTE800 frequencies:
Based on the results of the SCRF competition dated July 12, 2012:
DownLink / UpLink (MHz)
TELE2: 791-798.5 / 832 - 839.5
MTS: 798.5-806 / 839.5 - 847.5
Megaphone: 806-813.5 / 847 - 854.5
Beeline: 813.5 - 821 / 854.5 - 862
This network is actively developing.
4G frequencies "other operators"
Frequencies 4G "Osnova Telecom" LTE TDD 2300-2340 MHz Frequencies 4G "Antares" LTE TDD 1900-1920 MHz - who are they and to whom they provide communication is unclear)
GSM frequency:
GSM is a 2nd generation communication. GSM frequencies: uplink 890-915MHz, downlink 935-960MHz.Frequency CDMA450(SkyLink):
Skylink operates on CDMA 450 and W-CDMA (UMTS) is operated by Big Three operators. Slylink CDMA frequency - uplink 453-457.5 MHz and downlink 463-467.5 MHz. W-CDMA (UMTS) - Uplink 1920 - 1980 MHz and Downlink 2110 - 2170 MHz.
UMTS frequencies:
UMTS (English Universal Mobile Telecommunications System - a universal mobile telecommunication system). Strictly speaking, this is 3G. UMTS frequencies: Uplink 1920 - 1980 MHz and Downlink 2110 - 2170 MHz.
Repeater frequencies:
If you need only voice communication, then choose GSM repeaters with frequencies of 900 MHz or DCS 1800 MHz. If you also need the Internet, then the frequency of the repeater must match the frequencies of 3G / UMTS.
GSM frequency range:
GSM 900: uplink 890-915 MHz, downlink 935-960 MHz. There is an additional GSM frequency range, the so-called E-GSM - this is an additional 10 MHz. E-GSM: uplink 880-890MHz, downlink 925-935MHz.
GSM frequencies in Russia:
GSM 900: uplink 890-915 MHz, downlink 935-960 MHz. Total 124 channels in GSM900. In each region of Russia, GSM frequencies are distributed among cellular operators individually.
3G MTS frequency:
Uplink 1950 - 1965 MHz and Downlink 2140 - 2155 MHz. MTS, like other cellular operators in the 3G range, has a width of 15 MHz.
3G modem frequencies:
As a rule, all 3G modems operate on 3G / UMTS frequencies: Uplink 1920 - 1980 MHz and Downlink 2110 - 2170 MHz., And support 2G network frequencies, that is, GSM900: uplink 890-915 MHz, downlink 935-960 MHz and DCS 1800 (aka GSM1800) Uplink 1710-1785 MHz and Downlink 1805-1880 MHz.
3G frequency range:
3G - in Russia it is CDMA450 (Skylink) and UMTS 2100. UMTS frequency range: Uplink 1920 - 1980 MHz and Downlink 2110 - 2170 MHz, a CDMA450 - uplink 453-457.5 MHz and downlink 463-467.5 MHz
Skylink frequency:
The existing CDMA450 network is uplink 453-457.5 MHz and downlink 463-467.5 MHz. In September 2010, Skylink received a license for 2100 frequencies, namely 1920 - 1935 MHz and Downlink 2110 - 2125 MHz.
GSM 1800 frequencies:
The GSM 1800 standard is more correctly called DCS1800. Its frequencies are Uplink 1710-1785 MHz and Downlink 1805-1880 MHz.What frequency does 3G work on:
3G operates on UMTS frequencies - Uplink 1920 - 1980 MHz and Downlink 2110 - 2170 MHz. For example, the mobile operator Beeline in the Moscow region is testing its 3G in the GSM900 frequency band.
3G frequencies in Russia:
3G frequencies for all regions of Russia are the same: Uplink 1920 - 1980 MHz and Downlink 2110 - 2170 MHz.
3G megaphone frequency:
Megaphone in the 3G / UMTS range operates at frequencies: Uplink 1935 - 1950 MHz and Downlink 2125 - 2140 MHz.
GSM standardBrief description of the GSM-900/1800 (DCS) standard
GSM (Global System for Mobile Communications) is also known as DCS (Digital Cellular System) and PCN (Personal Communications Network), second generation public cellular mobile radio systems. One of the most popular cellular communication standards in Europe and Russia, it was put into operation in 1992. The standard was developed as a replacement for the old analog standards, mainly for large cities with a high population density. There are several modifications of this standard: GSM-900, GSM-1800 and GSM-1900 (American version).
The GSM standard is digital and provides high quality and confidentiality of communication and provides subscribers with a wide range of services: automatic roaming, data reception / transmission, SMS service, voice and fax mail. The main drawbacks of the standard are: voice distortion during digital processing and its transmission over a radio channel, a small range of the base station, a GSM phone cannot work at a distance of 35 km from the base station.
The frequency range in which GSM-900 operates: 890-915 MHz - for communication from the phone to the base station, 935-960 MHz - for communication from the base station to the phone. For the GSM-1800 standard: 1710-1785 MHz and 1805-1880 MHz, respectively. The channel grid spacing is 200 kHz, the maximum capacity of one base station is 992 subscribers. The power of transmitters of subscriber devices GSM-900 is about 2 W, GSM-1800 - 1 W.
The GSM-900 standard is now the most widespread in Russia, however, its effect mainly applies only to urban areas. 1800 is still less common. Roaming both in Russia and in Europe is well developed.
Phases of the GSM standard and the evolution of the SIM card
Necessary introduction
The development of the GSM standard - the first digital standard for cellular communications - began in 1985. The deployment of GSM networks, which began only in 1991, included several stages (phases) of development. In total, 3 technological phases have been recorded to date (and there will be no more), each of which is characterized by a certain set of telephone and additional services, according to which they are, in fact, distinguished. Naturally, the development of GSM cellular networks required the improvement of SIM cards - each subsequent phase is characterized by a larger information capacity of the SIM card compared to the previous one and a large number of functions.
Thus, instead of writing two articles - "Phases of the GSM standard" and "Evolution of the SIM card" - we will bring all the material into one and will not divide the indivisible.
GSM networks: Phase 1
Implementation of the Phase 1 specification began in 1991 and was fully completed in 1993. The information capacity of a SIM card is 8 KB.
Main functions:
Incoming and outgoing calls.
Call forwarding. Ability to transfer incoming calls to another phone number in cases where the number is busy or the subscriber does not answer; when the phone is turned off or out of network coverage, etc. In addition, fax and computer data forwarding is possible.
Call barring. Barring all incoming/outgoing calls; barring outgoing international calls; barring incoming calls, except for intranet calls.
Call waiting. This service allows you to receive an incoming call while you are talking to someone. In this case, the first subscriber will either still be in touch, or the conversation with him can be completed. Call holding. This service allows you to call (or answer an incoming call) another subscriber without breaking the connection with one subscriber.
Card blocking. The subscriber can "close" the card with a PIN code (4-8 characters) and thus restrict access to the network using his SIM card. After entering three incorrectly typed PIN codes, the card is blocked. The subscriber can unblock it by himself by entering the PUK (PIN Unblocking Key) code, which is 8 characters long. After ten incorrectly typed PUK codes, the card is permanently blocked, and it can no longer be used in the future.
Network selection PLMN (Public Land Mobile Network) - roaming function. The SIM card can select for communication a network available in a given location from a list of preferred networks with which the operator - the owner of the network card has entered into roaming agreements.
Short Message Service - SMS (Short Message Service). Allows the subscriber to receive text messages with a maximum length of 160 characters. A short message is stored in the SIM card memory under a certain number, from where it can be retrieved at a convenient time for the subscriber. Messages are broadcast through the short message service center supported by the operator - SMSC (Short Message Service Center).
Speed dialing - ADNs (Abbreviated Dialing Numbers). The SIM-card is capable of storing several phone numbers in memory, which are dialed by pressing any one key on the device.
Sending and receiving fax messages.
Prohibition of work in networks with which a roaming agreement has not been signed - FPLMN (Forbidden Public Land Mobile Networks).
GSM networks: Phase 2
Implementation of the Phase 2 specification began in 1994 and was fully completed in 1997. The information capacity of a SIM card is 8 KB.
Phase 2 supports all the features of Phase 1 plus a few additional features:
PIN2 code, which is a means of protecting data fields to which user access is prohibited.
"Advice on payment" - AoC (Advice of Charge). This function allows the subscriber to track the cost of the call and informs about the amount of money spent. The information is displayed on the phone screen. The subscriber can not only find out the cost of the last calls that were made, but also transfer this amount from one currency to another, as well as program the card to limit the total amount of funds spent. The feature is typically activated by the operator in prepaid service plans.
Fixed dialing - FDNs (Fixed Dialing Numbers) - allows the subscriber to enter a list of "allowed" numbers into the phone's memory and then transfer the device to another person. The user who received the phone will be able to call only those numbers that are included in this list.
Sending short messages (in Phase 1, only receiving them is provided).
Display the status of short messages.
The function of automatic dialing of the last number (redial function).
Menu language selection function.
Message personalization feature that allows the operator to send text messages (for example, weather, sports, traffic, etc.) only to those subscribers who are in a certain area of the cellular network.
Support for multiple telephone numbers (for voice, digital, facsimile).
Redial last dialed number.
Enter numbers with more than 20 digits (this function is important, for example, when providing additional services to subscribers, such as telephone banking).
Display the name of the service provider on the phone display.
Calling Line Identification Presentation. When there is an incoming call, the caller's number is displayed on the screen.
Calling Line Identification Restriction. Using this service, you can prohibit the identification of your own number when connecting with another subscriber.
Group call (Multi party). The teleconference or conference call mode allows you to combine up to five subscribers into a group and conduct negotiations between all members of the group at the same time.
Creating a closed group of up to ten subscribers (Closed User Group). Allows you to create a user group whose members can only communicate with each other. Most often, this service is used by companies that provide terminals to their employees for work.
The system of voice messages (Voice mail). The service allows you to automatically transfer incoming calls to a personal answering machine (voice mail). You can use this only if the subscriber has activated the "call forwarding" service.
GSM networks: Phase 2+
It is difficult to say when the implementation of Phase 2+ began, since there is still no specification - new services and functions are standardized and implemented immediately after the preparation and approval of their technical descriptions by the European Telecommunication Standards Institute (ETSI). For those who care about the date, let's say that the first descriptions of Phase 2+ services appeared in 1997, and their implementation by operators began in 1998.
To date, the number of new services has exceeded fifty. It makes no sense to consider them in detail, we will note a few of the most interesting and promising ones. First of all, of course, this is the SIM Application Toolkit, which allows you to remotely update the contents of the SIM card to change or supplement the set of services. In addition: improved EFR (Enhanced Full Rate) speech coding and interoperability between GSM and DECT systems.
The SIM card itself has undergone major changes - firstly, in Phase 2+, support for cards with a reduced supply voltage (not 5 V, but 3 V) appeared, which is quite good, since it allows you to extend the battery life of the phone; secondly, the information capacity of the card has increased to 16-32 KB.
TELE2.GSM-"anomaly"
The station is most likely located on the street. Borovaya, house 61, has 3 sectors (in any case, it could only be visually determined), the signal level at the station itself is ch 526 -36..-40 dBm, ch 566 -50..-55 dBm, 528 channel failed " identify" in which direction it "shines" -80 dBm.
Two telephones were used in the test: Nokia 6210, Nokia 8210, without an external antenna with the standard NetMonitor turned on. At all control points (signal level -100..-105 dBm) it was possible to call and send a message.
6210 was initially "hooked" on this BS in the area of Leninsky Prospekt when moving to the center along Moskovsky, 8210 was switched off from time to time in order to "hook" on other stations ... As soon as the signal from these stations "faded", the phone jumped to Borovaya :-) 6210, meanwhile, did not even "pay" attention to neighboring stations;-)
Channel 526 hits the entire Obvodny channel to the west, Stepan Razin has a signal level of -90dBm, you can call and talk without problems! Again, he confidently holds the entire Moskovsky Prospekt. Kuznetsovskaya to the stop, Warsaw - there is a signal. Leninsky pr x Kubinskaya - there is a signal, -102 dBm, messages and calls go through. At the Leninsky Prospekt metro station, the network disappeared, at Zina Portnova it again hooked on the same BS. I got to the Veteranov metro station, the signal disappeared almost behind the metro ... you could call near the metro, excellent sound quality :-)
This morning my path lay from Leninsky Prospekt to Petrogradskaya. The phone hooked again on channel 526 in the Elektrosila area (LAC 500, CID 533), and so it "lasted" right up to the Trinity Bridge! Then the phone switched to channel 566, ignoring more powerful neighboring stations (by the way, which were not in the neighboring screens of NetMonitor), at the level of -111 dBm near the Petrogradskaya metro station, the phone lost the network for a second, then switched to another BS.
Distances: -109 dBm for Veteranov metro station and -108 dBm at Troitsky bridge 526 channel - 11.5 km!!!
from Veteranov metro station to Borovaya - 7.4 km (in a straight line on the city map)
Channel 566 is a bit more modest ;-)
Question: HOW IS THIS POSSIBLE for 1800 MHz within the city? And not only the distance, but also the range of one cell! By the way, on Borovaya 61, on the roof of the building, an awesome "shield-screen" was noticed, this is not a special one. what kind of design? I often notice such things at the stations of cellular operators in the region, it looks like a "visor" over the antennas.
Those. in the field of Tele2 can compete with the 900 MHz range? ;-)
shUra" s
Tele2 received GSM-900 in Udmurtia
Tele2 received a license for GSM-900 in Udmurtia in addition to the existing license for GSM-1800. This is the first time that an AMPS operator with a license for GSM-1800 has been able to get hold of frequencies in the 900 MHz band, which will allow it to significantly reduce the cost of network deployment.
Tele2 is not going to stop there. As Yuri Dombrovsky, Acting President of the Tele2 representative office in Russia, said in an interview with a ComNews.ru reporter, the company is currently actively working on frequency conversion in the 900 MHz band, but it is too early to make any forecasts. There is every reason to believe that this process will be effective. Andrei Beskorovayny, director of the FSUE Main Radio Frequency Center (GRFC), told ComNews.ru reporter that the GRFC is considering applications for frequencies in the 900 MHz band from many GSM-1800 licensees. "Not all regions have the opportunity to find free frequencies in this range, - says Andrey Beskorovayny. - But where there are frequencies, we will issue them to GSM-1800 operators." The potential opportunities for holders of GSM-1800 licenses are even greater: according to the GRFC, they can also apply for E-GSM frequencies that are "above" and "below" the traditional GSM-900. In this case, everything will depend on the experiments carried out by the radio frequency authorities in the field.
Yury Dombrovsky told a ComNews.ru reporter that the GSM network in Udmurtia is planned to be launched in the third quarter of 2003. According to ACM-Consulting, an analytic company, Tele2 currently has 21,000 AMPS subscribers in the region. At the same time, MTS serves 72 thousand users, and Udmurt Cellular Networks (NMT-450) - 14.6 thousand. According to ACM-Consulting, the penetration of cellular communications in the region will eventually amount to just over 20%. By the end of 2003, 11% of the population in Udmurtia will use the services of one or another cellular operator.
^ ComNews.ru dossier
Tele2 owns stakes in 11 Russian AMPS operators. In addition, the company launched four networks in Russia in the GSM-1800 standard: in Irkutsk, Rostov, St. Petersburg and Kemerovo
About company
In the beginning was the word. Not Tele2, but Handicap. To be more precise, OJSC "Saint-Petersburg Telecom", an operator operating in the N-AMPS standard and operating under the trademark FORA Communications. A bit of history.
OJSC Saint Petersburg Telecom was founded in 1992. The operation of the network began in July 1994. Since March 1996, the company has been operating under the trademark FORA Communications. In 1998, the company entered Len. region.
According to the memorandum signed in the spring of 2001 by the Ministry of Communications and Association 800, all Russian AMPS operators received GSM 1800 licenses. The license was issued to Fore on April 17, 2002. According to ComNews, Fora received a 13.4 MHz bandwidth and numbers in the DEF code 902. In February 2003, Fora became a member of the International Association of GSM Networks.
The private holding Tele2 AB (until February 16, 2001 - NetCom AB) was founded in 1981 in Sweden. It is currently a major European operator providing fixed and mobile telephony, data transmission and Internet access services in 22 countries. The group operates under the trademarks Tele2, Tango, Comviq. The subscriber base of Tele2 is about 18 million people (both mobile and fixed subscribers are taken into account). Tele2 owns a 60.6% stake in OAO St. Petersburg Telecom and the same stake in the authorized capital of OAO Oblkom operating under the FORA brand in the Leningrad region. These assets were acquired in November 2001 from the Luxembourg group Millicom International Cellular (in total, 12 subsidiaries of cellular companies in Russia were acquired from MIC for over 80 MUSD). Fora's shareholders also include the administration of St. Petersburg represented by KUGI (14% of the shares).
"Tele2 is always cheaper" - this is the motto under which the company enters the St. Petersburg market. Everyone who received the relevant certificates in two Tele2 offices in the first half of June was promised two weeks of free calls, inexpensive mobile communications, simple and understandable tariffs. Initially, the network will cover St. Petersburg, then the coverage area will expand. In the autumn appeal, the management also promised benefits to current subscribers of the analog network.
In December 2002, Tele2 received the millionth code 904 3.
This is a brief historical note. Now I will allow myself some personal (Andrew SWH) comments, please do not consider them as some kind of analytics - this is just the view of an "advanced" mobile subscriber. Fora is not the first time trying to switch to the digital standard. A few years ago, you could see posters with a giraffe depicted on them: "Digital Handicap - a cut above." Then the company wanted to build an IS-95 network (cdmaOne 800 MHz). A section with questions and answers on CDMA-800 was posted on Fora's website, several base stations were installed ... But things did not go further than this. What was the reason - lack of funding, problems with frequencies, the futility of the standard in Russia (the confrontation between CDMA-800 operators and the Ministry of Communications - this is a completely different, rather sad story) - alas, I do not know. In an interview with Kommersant in the spring of 2002, Fora's management confirmed that there were no plans to further develop the CDMA network. When acquiring SPb Telecom, Tele2 was most likely not interested in the company itself, which had not distinguished itself by particular success in the St. Petersburg market, but in particular the GSM-1800 license assigned to it, as a member of the Association-800. However, even after the appearance of such a solid foreign investor, Fora's business did not go quickly. The dates for the commissioning of the network have been repeatedly postponed. "Shareholders have set the task to start work before the end of 2002," the leadership of the Russian representative office of Tele2 said. However, neither by the New Year, nor even by the 300th anniversary of the city, this task was completed. The launch of the network took place only on June 30.
It is difficult to say what Tele2 can offer to the rather saturated St. Petersburg market. Both numerous business clients and the general population are "swarmed" by market leaders - MegaFon and MTS, offering a fairly large selection of quite affordable tariff plans, an extensive geography of intra-network roaming. The most talkative, but at the same time seeking to spend money wisely, choose the SkyLink network (cdma2000 450 MHz), which provides not only inexpensive unlimited tariff plans, but also high-speed Internet access. A somewhat different niche is occupied by the previous brainchild of Delta Telecom, the NMT-450 standard network: a regional tariff without a monthly fee, an on-net unlimited traffic service for $5, a line of Optimal tariffs allow the operator to maintain a subscriber base. Beeline entered the market not so long ago. Per-second billing of city calls, which became a classic after the arrival of MTS, 1 cent per on-net minute, cheap - $ 7 for unlimited - and quite "frisky" GPRS also found its fans. And the old N-AMPS network of Fora has not yet become empty. In addition to such an impressive list of competitors, one should not forget that SPb Telecom has frequencies only in the 1800 MHz band (competitors have 900/1800 licenses), which will make it very difficult for it to cover the region, and not everything can go smoothly in the city.
Despite this, Tele2 representatives are optimistic: they promise "social" tariffs, inexpensive roaming in their European networks, solving coverage problems using the latest antenna designs ...
So, on June 30, the network launched. Connecting to the network costs 500 rubles, while for an additional 2000 rubles the subscriber receives a telephone - Siemens A50. Until July 27 inclusive, all calls are free, but limited to 3 minutes (initially, the promotion was planned until July 14, but was extended). All subscribers who connected before July 31, after the commercial launch of the network, will be "donated" 2,000 rubles to their account. True, not immediately, but in equal installments of 111 rubles over 18 months. Further tariffs are quite good: 5 rubles per "urban" minute with per-second billing from the first second and 4 rubles - from the 61st. An intranet call will cost 3 rubles, SMS 2 rubles. All - including VAT. Incoming calls from all GSM operators are free. Replenishment of the account will be made by prepaid cards, the cheapest card with a face value of 100 rubles will be valid for 30 days. As part of the promotion in the Telecom-Point stores, the connection costs 250 rubles (ceteris paribus).
Tariffs are really very "social". Only now the new operator has problems with coverage. A stable reception was noticed at Tekhnolozhka and next to Gorkovskaya. In addition, the BS is located somewhere near the office on Myakovsky Street, but the quality of communication there is not up to par. In other areas of the city, including the main highways - Moskovsky Prospekt, Glory Ave., Nevsky Prospekt - it is quite difficult to find a network. However, queues have already been noticed in front of the Tele2 office ...
A little about the network: GSM 1800, code 250-20 (RUS-20), codec used - EFR. Number identification: with Megafon - in both directions, with Delta the number passes only from Delta to Tele2, with MTS the situation is the opposite (federal numbers were used for testing). When you first register on the network, the switch binds to the IMEI of the mobile phone, as a result of which SIM cards of other operators can be used in the phone, but the Tele2 SIM card with other phones cannot. Alas, I was not able to understand the meaning of such a strange lock "a. The Tele2 SIM card does not allow you to turn off the PIN code and, according to preliminary data, cannot be cloned, which makes it impossible to write it to Multi-SIM.
At one time, when Telecom-21 (MTS) offered one-cent calls to subscribers, they joked in mobile communication forums that the next operator wishing to conquer the St. Petersburg market would have to pay extra for calls to subscribers. This joke revealed a fair amount of truth: according to the assurances of the Tele2 service center, subscribers can use the "donated" 111 rubles monthly without any additional costs (which surprised me a little, I expected that the "gift" would only be valid if the Tele2 payment card was activated).
A call in the Tele2 network for the period of free test operation is limited to 3 minutes (in the middle of the second minute, the subscriber receives a warning about the imminent end of the conversation time). It's funny that a call to the Service Center using a "short" number from a mobile phone is also limited to the same three minutes. Often all three minutes are spent waiting for the operator's response. "Hello, Tele two..." - oops, time is up.
Service Center operators report that soon after the start of commercial operation of the network, a gate will be launched that will allow you to call federal numbers in the absence of access to the "eight" (all competitors have a similar service, and Delta Telecom was the first to provide it, and Fora itself has a similar principle dialing "virtual" numbers). No roaming service is planned for "card" subscribers, however contract tariff plans with roaming capability are expected in the future. The rather popular GPRS packet data service, which requires expensive equipment, is also not planned. Regarding the availability of such services as call waiting, conference calls, call forwarding, the Service Center found it difficult to answer.
Well, Tele2 manages to live up to its slogan - "always cheaper". But whether the new operator, following this principle, will be able to provide sufficient quality of services, primarily coverage - time will tell. It is still too early to judge this. article address.
The use in Western Europe of a number of analog cellular communication standards that are incompatible with each other and have significant drawbacks in comparison with digital standards has led to the need to develop a single pan-European digital cellular communication standard GSM-900. It provides high quality and confidentiality of communication, allows you to provide subscribers with a wide range of services. The standard allows for automatic roaming. As of July 1999, the share of GSM-900 subscribers was approximately 43% in the world and over 85% in Western Europe.
The GSM standard is also known as DCS (Digital Cellular System) or PCN (Personal Communications Network), as well as a modification of the GSM-900 standard for the 1800 MHz band: the GSM-1800 standard. The GSM standard includes the most complete set of services compared to others.
Cellular networks of the GSM standard are initially designed as high-capacity networks designed for the mass consumer and designed to provide a wide range of services to subscribers when using communications both inside buildings and on the street, including when traveling by car.
The GSM standard uses TDMA, which allows 8 voice channels to be placed simultaneously on one carrier frequency. The RPE-LTP speech codec with regular pulse excitation and a speech conversion rate of 13 kbps is used as a speech converting device.
Block and interleaved convolutional coding is used to protect against errors that occur in radio channels. The improvement in coding and interleaving efficiency at low MS speeds is achieved by slowly switching operating frequencies during a session at 217 hops per second.
To combat interference fading of received signals caused by multipath propagation of radio waves in urban conditions, equalizers are used in communication equipment to equalize impulse signals with a standard deviation of delay time up to 16 μs. The equipment synchronization system is designed to compensate for the absolute signal delay time up to 233 µs. This corresponds to a maximum communication range of 35 km (maximum cell radius).
To modulate the radio signal, spectrally efficient Hussian frequency shift keying (GMSK) is used. Speech processing in this standard is carried out within the framework of the discontinuous speech transmission system DTX (Discontinuous Transmission).
The GSM standard achieves a high degree of message transmission security; messages are encrypted using a public key encryption algorithm (RSA).
In general, the communication system operating in the GSM standard is designed for its use in various fields. It provides users with a wide range of services and the ability to use a variety of equipment for voice and data communications, ringing and alarms; connect to public switched telephone networks (PSTN), data networks (PDN) and integrated services digital networks (ISDN).
Below are the main characteristics of the GSM standard:
Frequency of MS transmission and BTS reception, MHz 890–915;
MS reception frequency and BTS transmission frequency, MHz 935–960;
Duplex spacing of receiving and transmitting frequencies, MHz 45;
Message transfer rate in the radio channel, kbps 270.833;
Speech codec conversion rate, kbps 13;
Communication channel bandwidth, kHz 200;
Maximum number of communication channels 124;
Type of modulation GMSK;
Modulation index BT=0.3;
Premodulation bandwidth
Gaussian filter, kHz 81.2;
Number of frequency hops per second 217;
Maximum cell radius, km up to 35;
Channel organization scheme combined TDMA/FDMA;
The required carrier/interference ratio is 9 dB.
GSM network equipment includes mobile (radio telephones) and base stations, digital switches, control and maintenance center, various additional systems and devices. Functional pairing of system elements is carried out using a number of interfaces. The block diagram (Figure 1.1) shows the functional construction and interfaces adopted in the GSM standard.
Figure 1.1 - Structural diagram of the GSM network
MS consist of equipment that is designed to provide GSM subscribers with access to existing communication networks. Within the framework of the GSM standard, five MS classes have been adopted: from the 1st class model with an output power of up to 20 W, installed on vehicles, to the 5th class model with a maximum output power of up to 0.8 W (Table 1.1). When transmitting messages, an adaptive control of the transmitter power is provided, which ensures the required quality of communication. MS and BTS are independent of each other.
Read also:
Multistage AC Feedback Amplifier
Electronic devices are devices whose principle of operation is based on the use of phenomena associated with moving flows of charged particles. Depending on how the management...
Simulation of the operation of the receiver of the cyclic synchronization signal of the DSP equipment
Currently, digital methods of transmitting and processing information are becoming more widespread. In most developed countries, equipment is produced and constantly improved ...
Intrazonal FOL project on the Khabarovsk-Amursk section
Modern optical communication cables (OC) are practically replacing traditional copper-core communication cables in all sections of the Interconnected Communications Network of Russia. Thus, the construction of new l...
As a result, the physical channel between the receiver and the transmitter is determined by the frequency, allocated frames and the numbers of timeslots in them. Base stations typically use one or more ARFCN channels, one of which is used to identify the presence of the BTS on the air. The first timeslot (index 0) of this channel's frames is used as the base-control channel or beacon-channel. The remaining part of the ARFCN is distributed by the operator for CCH and TCH channels at its discretion.
2.3 Logical channels
Logical channels are formed on the basis of physical channels. Um-interface implies the exchange of both user information and service information. According to the GSM specification, each type of information corresponds to a special type of logical channels implemented through physical ones:
- traffic channels (TCH - Traffic Channel),
- service information channels (CCH - Control Channel).
Service information channels are divided into:
- Broadcast (BCH - Broadcast Channels).
- FCCH - Frequency Correction Channel (frequency correction channel). Provides the information needed by the mobile phone to correct the frequency.
- SCH - Synchronization Channel (synchronization channel). Provides the mobile phone with the information needed for TDMA synchronization with the base station (BTS) as well as its BSIC identity.
- BCCH - Broadcast Control Channel (broadcast channel service information). It transmits basic information about the base station, such as the way the service channels are organized, the number of blocks reserved for access grant messages, and the number of multiframes (51 TDMA frames in size) between Paging requests.
- General purpose channels (CCCH - Common Control Channels)
- PCH - Paging Channel. Looking ahead, I’ll tell you that Paging is a kind of ping of a mobile phone that allows you to determine its availability in a certain coverage area. This channel is for that.
- RACH - Random Access Channel (random access channel). Used by mobile phones to request their own service channel SDCCH. Exclusively uplink channel.
- AGCH - Access Grant Channel (access notification channel). On this channel, base stations respond to RACH requests from mobile phones by allocating SDCCH, or immediately TCH.
- Own channels (DCCH - Dedicated Control Channels)
Own channels, like TCH, are allocated to specific mobile phones. There are several subspecies:- SDCCH - Stand-alone Dedicated Control Channel. This channel is used for mobile phone authentication, encryption key exchange, location update procedure, as well as for voice calls and SMS messaging.
- SACCH - Slow Associated Control Channel. Used during a call or when the SDCCH is already in use. With it, BTS sends periodic instructions to the phone to change timings and signal strength. In the opposite direction, there are data on the received signal level (RSSI), TCH quality, as well as the signal level of the nearest base stations (BTS Measurements).
- FACCH - Fast Associated Control Channel. This channel is provided together with TCH and allows the transmission of urgent messages, for example, during the transition from one base station to another (Handover).
2.4 What is burst?
Data over the air is transmitted as a sequence of bits, most commonly referred to as "burst", within timeslots. The term “burst”, the most appropriate analogue of which is the word “splash”, should be familiar to many radio amateurs, and most likely appeared when compiling graphical models for the analysis of radio air, where any activity looks like waterfalls and water splashes. You can read more about them in this wonderful article (image source), we will focus on the most important. A schematic representation of a burst might look like this:
Guard Period
To avoid interference (i.e. overlapping of two busrts), the burst duration is always less than the timeslot duration by a certain value (0.577 - 0.546 = 0.031 ms), called the "Guard Period". This period is a kind of time reserve to compensate for possible time delays in signal transmission.
tail bits
These markers define the beginning and end of the burst.
info
Burst payload, for example, subscriber data or service traffic. Consists of two parts.
Stealing Flags
These two bits are set when both parts of the TCH burst are transmitted on the FACCH. One transmitted bit instead of two means that only one part of the burst is transmitted on FACCH.
Training Sequence
This part of the burst is used by the receiver to determine the physical characteristics of the link between the phone and the base station.
2.5 Burst types
Each logical channel corresponds to certain types of burst:
normal burst
Sequences of this type implement traffic channels (TCH) between the network and subscribers, as well as all types of control channels (CCH): CCCH, BCCH and DCCH.
Frequency Correction Burst
The name speaks for itself. Implements a one-way FCCH downlink channel, allowing mobile phones to more accurately tune to the BTS frequency.
Synchronization Burst
Burst of this type, as well as Frequency Correction Burst, implements a downlink channel, only SCH, which is designed to identify the presence of base stations on the air. By analogy with beacon packets in WiFi networks, each such burst is transmitted at full power, and also contains information about the BTS necessary to synchronize with it: frame rate, identification data (BSIC), and others.
Dummy Burst
A dummy burst sent by the base station to fill unused timeslots. The fact is that if there is no activity on the channel, the signal strength of the current ARFCN will be significantly less. In this case, the mobile phone may appear to be far from the base station. To avoid this, BTS fills unused timeslots with meaningless traffic.
Access Burst
When establishing a connection with the BTS, the mobile phone sends a dedicated SDCCH request on the RACH. The base station, having received such a burst, assigns the subscriber his FDMA system timings and responds on the AGCH channel, after which the mobile phone can receive and send Normal Bursts. It is worth noting the increased duration of Guard time, since initially neither the phone nor the base station knows information about time delays. If the RACH request does not fall into the timeslot, the mobile phone sends it again after a pseudo-random period of time.
2.6 Frequency hopping
Quote from Wikipedia:Pseudo-random shifting of the operating frequency (FHSS - English frequency-hopping spread spectrum) is a method of transmitting information by radio, the peculiarity of which is the frequent change of carrier frequency. The frequency changes according to a pseudo-random sequence of numbers known to both the sender and the recipient. The method increases the noise immunity of the communication channel.
3.1 Main attack vectors
Since the Um-interface is a radio interface, all its traffic is "visible" to anyone who is within the range of the BTS. Moreover, you can analyze data transmitted over the air, even without leaving your home, using special equipment (for example, an old mobile phone supported by the OsmocomBB project, or a small RTL-SDR dongle) and direct hands of the most ordinary computer.There are two types of attack: passive and active. In the first case, the attacker does not interact in any way with the network or with the attacked subscriber - only the reception and processing of information. It is not difficult to guess that it is almost impossible to detect such an attack, but it does not have as many prospects as an active one. An active attack implies the interaction of the attacker with the attacked subscriber and/or cellular network.
We can single out the most dangerous types of attacks to which subscribers of cellular networks are exposed:
- Sniffing
- Leakage of personal data, SMS and voice calls
- Location data leak
- Spoofing (FakeBTS or IMSI Catcher)
- Remote SIM Capture, Arbitrary Code Execution (RCE)
- Denial of Service (DoS)
3.2 Subscriber identification
As mentioned at the beginning of the article, subscriber identification is performed by IMSI, which is recorded in the subscriber's SIM card and the operator's HLR. Mobile phones are identified by serial number - IMEI. However, after authentication, neither IMSI nor IMEI fly in the clear over the air. After the Location Update procedure, the subscriber is assigned a temporary identifier - TMSI (Temporary Mobile Subscriber Identity), and further interaction is carried out with its help.Attack methods
Ideally, the subscriber's TMSI is known only to the mobile phone and the cellular network. However, there are ways to bypass this protection. If you make a cyclic call to the subscriber or send SMS messages (or rather Silent SMS), monitoring the PCH channel and performing correlation, you can select the TMSI of the attacked subscriber with a certain accuracy.
In addition, having access to the SS7 interoperator network, you can find out the IMSI and LAC of its owner by the phone number. The problem is that in the SS7 network, all operators "trust" each other, thereby reducing the level of confidentiality of their subscribers' data.
3.3 Authentication
To protect against spoofing, the network authenticates the subscriber before starting its service. In addition to the IMSI, the SIM card stores a randomly generated sequence called Ki, which it returns only in hashed form. Ki is also stored in the operator's HLR and is never transmitted in the clear. In general, the authentication process is based on the principle of a four-way handshake:
- The subscriber performs a Location Update Request, then provides the IMSI.
- The network sends a pseudo-random RAND value.
- The phone's SIM card hashes Ki and RAND using the A3 algorithm. A3(RAND, Ki) = SRAND.
- The network also hashes Ki and RAND using the A3 algorithm.
- If the SRAND value on the subscriber's side coincides with that calculated on the network side, then the subscriber has been authenticated.
Attack methods
Iterating over Ki, given the RAND and SRAND values, can take quite a long time. In addition, operators can use their own hashing algorithms. There is quite a bit of information on the web about brute force attempts. However, not all SIM cards are perfectly protected. Some researchers were able to directly access the file system of the SIM card and then extract the Ki.
3.4 Traffic encryption
According to the specification, there are three algorithms for encrypting user traffic:- A5/0- a formal designation for the lack of encryption, just like OPEN in WiFi networks. I myself have never seen networks without encryption, however, according to gsmmap.org, A5 / 0 is used in Syria and South Korea.
- A5/1 is the most widely used encryption algorithm. Despite the fact that his hack has already been repeatedly demonstrated at various conferences, it is used everywhere and everywhere. To decrypt the traffic, it is enough to have 2 TB of free disk space, a regular personal computer with Linux and the Kraken program on board.
- A5/2- an encryption algorithm with intentionally weakened protection. If where and is used, then only for beauty.
- A5/3- at the moment the strongest encryption algorithm, developed back in 2002. On the Internet, you can find information about some theoretically possible vulnerabilities, but in practice no one has yet shown how to crack it. I don't know why our operators don't want to use it in their 2G networks. After all, this is far from a hindrance, because. the encryption keys are known to the operator and the traffic can be quite easily decrypted on its side. And all modern phones support it perfectly. Fortunately, modern 3GPP networks use it.
As already mentioned, having sniffing equipment and a computer with 2 TB of memory and the Kraken program, you can quite quickly (a few seconds) find A5 / 1 session encryption keys, and then decrypt anyone's traffic. German cryptologist Karsten Nohl demonstrated in 2009 how to crack A5/1. A few years later Karsten and Sylvian Muno demonstrated the interception and method of decrypting a telephone conversation using several old Motorola phones (OsmocomBB project).
Conclusion
My long story has come to an end. You can get acquainted with the principles of operation of cellular networks in more detail and from a practical point of view in a series of articles Acquaintance with OsmocomBB, as soon as I finish the remaining parts. I hope I managed to tell you something new and interesting. I look forward to your feedback and comments! Add tagsDownLink - communication channel from the base station to the subscriber
UpLink is a communication channel from the subscriber to the operator's base station.
Standard 4G/LTE Frequency 2500
This type of communication is developing relatively recently and mainly in cities.
FDD (Frequency Division Duplex) - DownLink and UpLink operate on different frequency bands.
TDD (Time division duplex - time division of channels) - DownLink and UpLink operate on the same frequency band.
Yota: FDD DownLink 2620-2650 MHz, UpLink 2500-2530 MHz
Megaphone: FDD DownLink 2650-2660 MHz, UpLink 2530-2540 MHz
Megafon: TDD 2575-2595 MHz - this frequency band is allocated only in the Moscow region.
MTS: FDD DownLink 2660-2670 MHz, UpLink 2540-2550 MHz
MTS: TDD 2595-2615 MHz - this frequency band is allocated only in the Moscow region.
Beeline: FDD DownLink 2670-2680 MHz, UpLink 2550-2560 MHz
Rostelecom: FDD DownLink 2680-2690 MHz, UpLink 2560-2570 MHz
After the purchase of Yota by Megafon, Yota virtually began to work as Megafon.
Standard 4G/LTE Frequency 800
The network was launched into commercial operation at the beginning of 2014, mainly outside the city, in rural areas.
UpLink / DownLink (MHz)
Rostelecom: 791-798.5 / 832 - 839.5
MTS: 798.5-806 / 839.5 - 847.5
Megaphone: 806-813.5 / 847 - 854.5
Beeline: 813.5 - 821 / 854.5 - 862
Standard 3G/UMTS Frequency 2000
3G/UMTS2000 is the most widespread cellular communication standard in Europe and is mainly used for data transmission.
UpLink / DownLink (MHz)
Skylink: 1920-1935 / 2110 - 2125 - in the end, these frequencies are most likely to go to Rostelecom. The network is currently not in use.
Megaphone: 1935-1950 / 2125 - 2140
MTS: 1950-1965 / 2140 - 2155
Beeline: 1965 - 1980 / 2155 - 2170
Standard 2G/DCS Frequency 1800
DCS1800 - the same GSM, only in a different frequency range, mainly used in cities. But, for example, there are regions where the TELE2 operator operates only in the 1800 MHz band.
UpLink 1710-1785 MHz and Downlink 1805-1880 MHz
It doesn't make much sense to show division by operators, because in each region, the distribution of frequencies is individual.
Standard 2G/DCS Frequency 900
GSM900 is the most common communication standard in Russia today and is considered a second generation communication.
There are 124 channels in GSM900 MHz. In all regions of the Russian Federation, GSM frequency bands are distributed between operators individually. And there is E-GSM exists as an additional GSM frequency band. It is shifted in frequency relative to the base one by 10 MHz.
UpLink 890-915MHz and Downlink 935-960MHz
UpLink 880-890MHz and Downlink 925-935MHz
Standard 3G Frequency 900
Due to the lack of channels on the 2000 frequency, frequencies of 900 MHz were allocated for 3G. Actively used in the region.
CDMA Standard Frequency 450
CDMA450 - in the central part of Russia, this standard is used only by the SkyLink operator (Skylink).
UpLink 453 - 457.5 MHz and DownLink 463 - 467.5 MHz.
