GSM procedures
GSM procedures are sets of steps performed by the GSM network and devices on it in order for the network to function. GSM (Global System for Mobile Communications) is a set of standards for cell phone networks established by the European Telecommunications Standards Institute and first used in 1991. Its procedures refers to the steps a GSM network takes to communicate with cell phones and other mobile devices on the network. IMSI attach refers to the procedure used when a mobile device or mobile station joins a GSM network when it turns on and IMSI detach refers to the procedure used to leave or disconnect from a network when the device is turned off.
IMSI attach
In a GSM network, when a Mobile Station (MS) is switched ON, the International Mobile Subscriber Identity (IMSI) attach procedure is executed. This procedure is required for the Mobile Switching Center (MSC) and Visitor Location Register (VLR) to register the MS in the network. If the MS has changed Location area (LA) while it was powered off, then the IMSI attach procedure will lead to a Location update.
When the MS is switched on, it searches for a mobile network to connect to. Once the MS identifies its desired network, it sends a message to the network to indicate that it has entered into an idle state. The Visitor Location Register (VLR) checks its database to determine whether there is an existing record of the particular subscriber.
If no record is found, the VLR communicates with the subscriber's Home Location Register (HLR) and obtains a copy of the subscription information. The obtained information is stored in the database of the VLR. Then an acknowledge message is sent to the MS.
Steps for IMSI attach procedure are as follows:
- The MS will send a Channel Request message to the BSS (base station subsystem) on the RACH (random access channel).
- The BSS responds on the AGCH (access grant channel) with an Immediate Assignment message and assigns an SDCCH to the MS.
- The MS immediately switches to the assigned SDCCH (stand-alone dedicated control channel) and sends a Location Update Request to the BSS. The MS will send either an IMSI or a TMSI (Temporary Mobile Subscriber Identity) to the BSS.
- The BSS will acknowledge the message. This acknowledgement only tells the MS that the BTS has received the message, it does not indicate the location update has been processed.
- The BSS forwards the Location Update Request to the MSC/VLR.
- The MSC/VLR forwards the IMSI to the HLR and requests verification of the IMSI as well as Authentication Triplets (RAND, Kc, SRES).
- The HLR will forward the IMSI to the Authentication Center (AuC) and request authentication triplets.
- The AuC generates the triplets and sends them along with the IMSI, back to the HLR.
- The HLR validates the IMSI by ensuring it is allowed on the network and is allowed subscriber services. It then forwards the IMSI and Triplets to the MSC/VLR.
- The MSC/VLR stores the SRES and the Kc and forwards the RAND to the BSS and orders the BSS to authenticate the MS.
- The BSS sends the MS an Authentication Request message. The only parameter sent in the message is the RAND.
- The MS uses the RAND to calculate the SRES and sends the SRES back to the BSS on the SDCCH in an Authentication Response. The BSS forwards the SRES up to the MSC/VLR.
- The MSC/VLR compares the SRES generated by the AuC with the SRES generated by the MS. If they match, then authentication is completed successfully.
- The MSC/VLR forwards the Kc for the MS to the BSS. The Kc is NOT sent across the Air Interface to the MS. The BSS stores the Kc and forwards the Set Cipher Mode command to the MS. The CIPH_MOD_CMD only tells the MS which encryption to use (A5/X), no other information is included.
- The MS immediately switches to cipher mode using the A5 encryption algorithm. All transmissions are now enciphered. It sends a Ciphering Mode Complete message to the BSS.
- The MSC/VLR sends a Location Updating Accept message to the BSS. It also generates a new TMSI for the MS. TMSI assignment is a function of the VLR. The BSS will either send the TMSI in the LOC_UPD_ACC message or it will send a separate TMSI Reallocation Command message. In both cases, since the Air Interface is now in cipher mode, the TMSI is not compromised.
- The MS sends a TMSI Reallocation Complete message up to the MSC/VLR.
- The BSS instructs the MS to go into idle mode by sending it a Channel Release message. The BSS then unassigns the SDCCH.
- The MSC/VLR sends an Update Location message to the HLR. The HLR records which MSC/VLR the MS is currently in, so it knows which MSC to point to when it is queried for the location of the MS.
IMSI detach
IMSI detach is the process of detaching a MS from the mobile network to which it was connected. The IMSI detach procedure informs the network that the Mobile Station is switched off or is unreachable.
At power-down the MS requests a signaling channel.
Once assigned, the MS sends an IMSI detach message to the VLR.
When the VLR receives the IMSI detach-message, the corresponding IMSI is marked as detached by setting the IMSI detach flag. The HLR is not informed of this and the VLR does not acknowledge the MS about the IMSI detach.
If the radio link quality is poor when IMSI detach occurs, the VLR may not properly receive the IMSI-detach request. Since an acknowledgment message is not sent to the MS, it does not make further attempts to send IMSI detach messages. Therefore, the GSM network considers the MS to be still attached.
Implicit IMSI detach
The GSM air-interface, designated Um, transmits network-specific information on specific broadcast channels. This information includes whether the periodic location update is enabled. If enabled, then the MS must send location update requests at time intervals specified by the network. If the MS is switched off, having not properly completed the IMSI detach procedure, the network will consider the MS as switched off or unreachable if no location update is made. In this situation the VLR performs an implicit IMSI detach.
Location update
This procedure is used to update the location of the Mobile Station in the network and is described in more detail here.
Cancel location
When a mobile station registers in a new VLR, the subscriber's data is deleted from the previous VLR in a cancel location procedure. The HLR initiates the procedure when it receives an 'update location' message from a VLR other than the one in which the MS was located at the time when its location information was last updated in the HLR database. The cancel location procedure can also be initiated with MML commands, with those, for example, that are used for changing the area, or deleting the MS from the HLR.
References
Moe Rahnema (April 1993). "Overview of the GSM system and protocol architecture" (PDF). IEEE Communications Magazine. Archived from the original (PDF) on 2011-07-20. Retrieved 2010-04-14.