Learning Resource

Cellular Network Characteristics

Within the United States, different types of digital cellular networks follow distinct incompatible sets of standards. The following sections discuss digital cellular networks, Mobile IP, and satellite phones.

The two most dominant types of digital cellular networks are known as Code Division Multiple Access (CDMA) and Global System for Mobile Communications (GSM) networks. Other common cellular networks include Time Division Multiple Access (TDMA) and Integrated Digital Enhanced Network (iDEN). iDEN networks use a proprietary protocol designed by Motorola, while the others follow standardized open protocols. A digital version of the original analog standard for cellular telephone phone service, called Digital Advanced Mobile Phone Service (D-AMPS), also exists.

CDMA refers to a technology designed by Qualcomm in the United States, which employs spread spectrum communications for the radio link. Rather than sharing a channel as many other network air interfaces do, CDMA spreads the digitized data over the entire bandwidth available, distinguishing multiple calls through a unique sequence code assigned. Successive versions of the IS-95 standard define CDMA conventions in the United States, which is the reason why the term CDMA is often used to refer to IS-95 compliant cellular networks. IS-95 CDMA systems are sometimes referred to as cdmaOne. The next evolutionary step for CDMA to 3G services was CDMA2000. CDMA2000 is backward compatible with its previous 2G iteration IS-95 (cdmaOne). The successor to CDMA2000 is Qualcomm's Long Term Evolution (LTE). LTE adds faster data transfer capabilities for mobile devices and is commonly referred to as 4G LTE. Verizon and Sprint are common CDMA network carriers in the United States.

GSM is a cellular system used worldwide that was designed in Europe, primarily by Ericsson and Nokia. AT&T and T-Mobile are common GSM network carriers in the United States. GSM uses a TDMA air interface. TDMA refers to a digital link technology whereby multiple phones share a single carrier, radio frequency channel by taking turns—using the channel exclusively for an allocated time slice, then releasing it and waiting briefly while other phones use it. A packet switching enhancement to GSM called General Packet Radio Service (GPRS) was standardized to improve the transmission of data. The next generation of GSM, commonly referred to as the third generation or 3G, is known as Universal Mobile Telecommunications System (UMTS) and involves enhancing GSM networks with a Wideband CDMA (W-CDMA) air interface. 4G LTE is also available to GSM mobile devices providing higher data transmission rates to its customers. Guidelines on Mobile Device Forensics TDMA is also used to refer specifically to the standard covered by IS-136. Using the term TDMA to refer to a general technique or a specific type of cellular network can be a source of confusion. For example, although GSM uses a TDMA air interface (i.e., the general technique), as does iDEN, neither of those systems is compatible with TDMA cellular networks that follow IS-136. Many mobile forensic tools refer to these devices as iDEN/TDMA phones. Mobile devices operating over the iDEN network often utilize a Push-To-Talk (PTT) function provide subscribers with the ability to communicate with one another over a cellular network in a "walkie-talkie" fashion.

Integrated Digital Enhanced Network (iDEN)—a mobile telecommunications technology developed by Motorola—provided the benefits of a two-way radio system and a cellular telephone. The iDEN project originally began as MIRS (Motorola Integrated Radio System) in early 1991 and was phased out in the summer of 2013 for the US markets although coverage still exists in Mexico and Canada.

Digital AMPS (D-AMPS), IS-54, and IS-136 are 2G mobile phone systems once prevalent within the United States and Canada in the 1990s. Existing networks were mostly replaced by GSM/GPRS or CDMA2000 technologies.

Mobile devices work with certain subsets of the network types mentioned, typically those associated with a service provider from whom the phone was obtained and with whom a service agreement was entered. Mobile devices may also be acquired without service from any manufacturer, vendor, or other source and subsequently have their service set up separately with a service provider or network operator. Mobile devices that are permitted to be provisioned to more than one specific carrier are commonly referred to as "unlocked" as they may be used on a variety of carriers by switching UICC's for GSM mobile devices.

Mobile devices do exist that provide the user with both GSM and CDMA capabilities. Such devices are sometimes referred to as hybrid phones or global phones. These types of mobile devices contain two types of cellular radios for voice and data, providing the ability to operate over either the GSM or CDMA network.

As the name implies, cellular networks provide coverage based on dividing up a large geographical service area into smaller areas of coverage called cells. Cells play an important role in reuse of radio frequencies in the limited radio spectrum available to allow more calls to occur than otherwise would be possible. As a mobile device moves from one cell to another, a cellular arrangement requires active connections to be monitored and effectively passed along between cells to maintain the connection. To administer the cellular network system, provide subscribed services, and accurately bill or debit subscriber accounts, data about the service contract and associated service activities is captured and maintained by the network system.

Despite their differences in technology, cellular networks are organized similarly to one another, in a manner illustrated in Figure 1. The main components are the radio transceiver equipment that communicates with mobile devices, the controller that manages the transceiver equipment and performs channel assignment, and the switching system for the cellular network. The technical names for these components are respectively Node B, representing a Base Transceiver Station (BTS), the Radio Network Controller (RNC), and the Mobile Switching Center (MSC). The RNCs and the Node B units controlled are sometimes collectively referred to as a Radio Access Network (RAN).

Diagram illustrating the organization of a cellular network. One branch is the one originating with the Public Switch Telephone Network.
Figure 1: Cellular Network Organizaion

Each MSC controls a set of RNCs and manages overall communications throughout the cellular network, including registration, authentication, location updating, handovers, and call routing. An MSC interfaces with the public switch telephone network (PSTN) via a Gateway MSC (GMSC). To perform its tasks, an MSC uses several databases. A key database is the central repository system for subscriber data and service information, called the Home Location Register (HLR). Another database used in conjunction with the HLR is the Visitor Location Register (VLR), which is used for mobile devices roaming outside of their service area. An SGSN (Serving GPRS Support Node) performs a similar role as that of MSC/VLR, but instead supports General Packet Radio Service (GPRS) (i.e., packet-switched services) to the Internet. Likewise, GGSN (Gateway GPRS Support Node) functionality is close to that of a GMSC, but for packet-switched services.

Account information, such as data about the subscriber (e.g., a billing address), the subscribed services, and the location update last registered with the network are maintained at the HLR and used by the MSC to route calls and messages and to generate usage records called Call Detail Records (CDR). The subscriber account data, CDRs, and related technical information obtained from the network carrier are often a valuable source of evidence in an investigation.

Licenses and Attributions

Guidelines on Mobile Device Forensics by Rick Ayers, Sam Brothers, and Wayne Jansen comprises public domain material from the National Institute of Standards and Technology, U.S. Department of Commerce. UMGC has modified this work.