Showing posts with label LTE. Show all posts
Showing posts with label LTE. Show all posts

Thursday, April 9, 2026

3GPP Release 19 Description and Summary of Work Items

As the journey towards 3GPP Release 20 and 6G (3GPP Rel-21) continues to gather pace, the recently concluded Release 19 comes with a clearer view of what the next phase of 5G evolution, often referred to as 5G-Advanced, will look like in practice. One of the most useful artefacts in this process is the recently published technical report 3GPP TR 21.919, which offers a consolidated snapshot of the features and work items currently shaping this release.

Rather than focusing on detailed specifications, this report takes a step back and provides accessible summaries of the agreed work items. Each summary is intended to answer two simple but important questions: what problem is being addressed, and what impact the feature will have on the overall system. This makes the document particularly valuable not only for specialists deeply involved in standardisation work, but also for a broader audience trying to keep track of where the industry is heading.

It is worth noting that this is still very much a work in progress (50% complete). At the time of publication, just over 60 summaries have been included, with many more expected in future updates. Even so, the current version already highlights the sheer breadth of activity in Release 19, spanning everything from energy efficiency and non-terrestrial networks to AI, immersive services, and advanced radio capabilities.

In this post, I will not attempt to reinterpret or condense the summaries themselves. Instead, I am sharing the full list of topics covered in the report below, which provides a useful index into the areas that 3GPP worked on as part of Release 19.

It should be noted that the technical report (TR) presents the "initial state" of the Features introduced in Release 19, i.e. as they are by the time of publication of this document. Each Feature is subject to be later modified or enhanced, over several years, by the means of Change Requests (CRs). To further outline a feature at a given time, it is recommended to retrieve all the CRs which relate to the given Feature, as explained in its Reference section. 

Below is the list of all topics covered in this report. Some of the topics may be missing a summary, which will be added later in the later updates.  

5 Rel-19 Energy Efficiency, Energy Saving
5.1   Enhancements of Network energy savings for NR
5.2   Low-power wake-up signal and receiver for NR (LP-WUS/WUR)
5.3   Energy Efficiency as Service Criteria

6   Rel-19 Satellite (5GSAT), NTN, UAS, Aerial
6.1   Satellite access Phase 3
6.1.1   Security Aspects of 5G Satellite Access Phase 3
6.1.2   Charging aspects of satellite access Phase 3
6.2   Non-Terrestrial Networks (NTN) for NR Phase 3
6.3   Enhancements for Air-to-ground network for NR
6.4   Inter-RAT mode mobility support from E-UTRAN TN to NR NTN
6.5   Non-Terrestrial Networks (NTN) for Internet of Things (IoT) Phase 3 (for LTE)
6.6   Introduction of IoT-NTN TDD mode
6.7   Enhanced requirements and test methodology for NR NTN and IoT NTN
6.8   On-demand broadcast of GNSS assistance data
6.9   Uncrewed Aerial System Phase 3
6.10   Support for PWS in Satellite E-UTRAN and Satellite NG-RAN
6.11   Introduction of BDS (BeiDou Navigation Satellite System) B2b Signal in A-GNSS for LTE and NR
6.12   Introduction of A-GNSS support for NavIC (Navigation with Indian Constellation) L1 SPS (Standard Positioning Service) in NR & LTE
6.13   Management Aspects of Rel-18's NTN Phase 2
6.14   Lower Selection-priority for PLMN Selection
6.15   New LTE band for 5G broadcast for region 3 utilizing a geosynchronous satellite
6.16   Satellite band-related items
6.16.1   Introduction of Ku bands for NR NTN
6.16.2   Introduction of additional operating NR bands for HAPS (High Altitude Platform Station)
6.16.3   Introduction of another NR NTN S-band (MSS band 2000-2020 MHz UL and 2180-2200 MHz DL)
6.16.4   New NR NTN bands to support Extended L-band and combined MSS L-band and Extended L-band ranges
6.16.5   Introduction of another IoT-NTN S-band (MSS band 2000-2020 MHz UL and 2180-2200 MHz DL)

7   Rel-19 Internet of Things (IoT) and Reduced Capability (RedCap) UE
7.1   NR power class 2 RedCap (Reduced Capability) UE in FR1
7.2   NAS layer overhead reduction for data transfer using CP CIoT
7.3   Management Aspects of RedCap features

8   Ambient power-enabled Internet of Things (IoT)
8.1   Ambient power-enabled Internet of Things (IoT) (SA and CT)
8.1.1   Charging for Ambient power-enabled Internet of Things
8.1.2   Security Aspects of Ambient IoT Services in 5G for Isolated Private Networks
8.2   Solutions for Ambient IoT (Internet of Things) in NR

9   Rel-19 Artificial Intelligence (AI)/Machine Learning (ML)
9.1   AI/ML Model Transfer Phase 2
9.2   Core Network Enhanced Support for Artificial Intelligence (AI)/Machine Learning (ML)
9.3   Application enablement for AI/ML services
9.4   Artificial Intelligence (AI)/Machine Learning (ML) for NR air interface
9.5   Artificial Intelligence (AI)/Machine Learning (ML) for NR air interface
9.6   Enhancements for Artificial Intelligence (AI)/Machine Learning (ML) for NG-RAN
9.7   AI/ML Management Phase 2
9.8   Protocol for AI Data Collection from UPF

10   Rel-19 Verticals and Non Public Network
10.1   Rel-19 Enhancements of 3GPP Northbound and Application Layer Interfaces and APIs
10.2   SEAL DD (Data Delivery) Phase 2
10.3   Common Application Programming Interface (API) Framework (CAPIF) Phase 3
10.4   Enhanced OAM for management service exposure to external consumers through CAPIF
10.5   Non-Public Network (NPN) security considerations
10.6   Security for PLMN hosting a NPN
10.7   Interconnect of SNPN
10.8   ProSe support in NPN

11   Rel-19 communications services
11.1   Media Messaging Enhancements
11.2   Terminal Audio quality performance and Test methods for Immersive Audio Services, Phase 2
11.3   EVS Codec Extension for Immersive Voice and Audio Services, Phase 2
11.4   5GMSG Service phase 3
11.5   Video Operating Points - Harmonization and Stereo MV-HEVC
11.6   Advanced Media Delivery
11.7   5G Real-time Transport Protocol Configurations, Phase 2
11.8   Next Generation Real time Communication services Phase 2
11.8.1   System architecture for Next Generation Real time Communication services Phase 2
11.8.2   Security support for the Next Generation Real Time Communication services Phase 2
11.8.3   Application enablement aspects for MMTel

12   Rel-19 XR (eXtended Reality), Augmented Reality (AR), Metaverse, Edge Computing
12.1   Localized Mobile Metaverse Services
12.2   Extended Reality and Media
12.3   XR (eXtended Reality) for NR Phase 3
12.4   Avatar Communications in AR Calls
12.5   Split rendering over IMS
12.6   Enhancement of support for Edge Computing in 5G Core network - Phase 3
12.7   Edge Computing for Industrial Scenarios
12.8   Edge Computing Considering the Operational Needs of Service Hosting Environment
12.9   Architecture for enabling Edge Applications Phase 3

13   Rel-19 High Power UEs (HPUE)
13.1   Rel-19 High power UE (power class 1.5 or 2) for NR intra-band CA or NR inter-band CA/DC band combinations with/without NR Supplementary Uplink (UL)
13.2   Rel-19 High power UE (power class 1.5 and 2) for NR FR1 TDD/FDD single band for handheld/FWA UEs, and high power UE operation (power class 1) for FWVM (fixed-wireless/vehicle-mounted) use cases in a single NR band
13.3   Introduction of Power Class 2 and UE 40MHz Channel Bandwidth in NR band n28
13.4   Rel-19 High power UE (power class 1.5 or 2) for DC combinations of LTE band(s) and NR band(s)
13.5   Rel-19 High power UE (power class 2) and high power operation (power class 1) for fixed-wireless/vehicle-mounted use cases in a single LTE band

14   Rel-19 RAN topology
14.1   5G NR Femto
14.2   Additional topological enhancements for NR
14.3   Vehicle Mounted Relays Phase 2

15   Rel-19 Sidelink, Proximity
15.1   NR sidelink multi-hop relay
15.2   UE-to-UE multi-hop relay
15.3   NR Sidelink: Intra-band Carrier Aggregation in ITS band
15.4   Charging Aspects of Ranging and Sidelink Positioning
15.5   Multi-path relay
15.6   Proximity-based Services in 5GS Phase 3

16   NR and LTE Dual Connectivity (DC)
16.1   UE RF enhancements for NR FR1/FR2 and EN-DC, Phase 4
16.2   Support of intra-band non-collocated EN-DC/NR-CA deployment Phase2: new receiver type(s)
16.3   Rel-19 downlink interruption for NR and EN-DC band combinations at dynamic Tx Switching in Uplink
16.4   Rel-19 DC of x LTE band(s), y NR band(s) (1<=x<6, 1<=y<6, x+y<=6) and single or two NR Supplementary Uplink (SUL) bands
16.5   Simultaneous Rx/Tx band combinations for NR CA/DC, NR SUL and LTE/NR DC in Rel-19
16.6   UE Conformance - Rel-19 NR CA and DC; and NR and LTE DC Configurations

17   Rel-19 Other NR and LTE Radio
17.1   Adding channel bandwidth(s) support to existing NR bands and CA/ENDC combinations in REL-19
17.2   Data collection for SON (Self-Organising Networks)/MDT (Minimization of Drive Tests) in NR standalone and MR-DC (Multi-Radio Dual Connectivity) Phase 4

18   Rel-19 NR Radio
18.1   NR mobility enhancements Phase 4
18.2   Evolution of NR duplex operation: Sub-band full duplex (SBFD)
18.3   NR Radio Resource Management (RRM) Phase 5
18.4   Multi-carrier enhancements for NR Phase 3
18.5   NR demodulation performance Phase 5
18.6   NR MIMO Phase 5
18.7   FR1 TRP, TRS and MIMO OTA testing enhancement Phase 3
18.8   Rel-19 NR CA/DC for x bands DL with y bands UL (x<7, y<3) and SUL/CA band combinations with a single SUL or two SUL cells
18.9   Low band carrier aggregation via switching
18.10  NR channel BW less than 5MHz for FR1 Phase 2
18.11  mmWave in NR: UE spurious emissions and EESS (Earth Exploration Satellite Service) protection
18.12  NR base station (BS) RF requirement evolution for FR1/FR2 and testing
18.13  UE Conformance - New Rel-19 NR licensed bands and extension of existing NR bands
18.14  Other band-related items
18.14.1   7MHz Channel Bandwidth for n26 and n5
18.14.2   Introduction of the NR FDD 1.4 GHz band
18.14.3   Introduction of NR bands n87 and n88
18.14.4   Introduction of NR band n68
18.14.5   Additional NR bands for NR features in Rel-19
18.15  Study on spatial channel model for demodulation performance requirements for NR

19   Rel-19 LTE Radio
19.1   LTE-based 5G Broadcast Phase 2
19.2   Rel-19 LTE-Advanced Carrier Aggregation for x bands (1<=x<= 6) DL with y bands (y=1, 2) UL
19.3   Band-related items
19.3.1   New bands for LTE based 5G terrestrial broadcast for early deployments
19.3.2   Introduction of LTE FDD band in 1800–1830 MHz for Canada

20   Rel-19 Mission Critical, eCall, Emergency
20.1   Enhanced Mission Critical Architecture
20.2   Enhanced Mission Critical Location Management
20.3   Alignment of eCall over IMS with CEN
20.4   UE Conformance - Alignment of eCall over IMS with CEN
20.5   Multiple Location Procedure for Emergency LCS Routing
20.6   Multimedia Priority Service (MPS) for Messaging services
20.7   Mission Critical (MC) services for generic support on Isolated Operation for Public Safety (IOPS) mode of operation
20.8   Sharing of administrative configuration between interconnected MC service systems
20.9   Future Railway Mobile Communication System (FRMCS) Phase 5
20.10   Mission critical security enhancements for release 19
20.11   Protocol enhancements for Mission Critical Services

21   Rel-19 Network Slicing
21.1   Network Controlled Network Slice Selection

22   Rel-19 Service-Based Architecture (SBA)
22.1   UPF enhancement for Exposure And SBA Phase 2
22.2   Automatic Certificate Management Environment (ACME) for the Service Based Architecture (SBA)
22.3   Reducing Information Exposure over SBI
22.4   Service Based Interface Protocol Improvements Release 19

23   Rel-19 QoS and Policy
23.1   Rel-19 Enhancements of UE Policy
23.2   Rel-19 Enhancements of Session Management (SM) Policy
23.3   Minimize the Number of Policy Associations
23.4   Spending Limits for UE Policies in Roaming scenario
23.5   Enhancing Parameter Provisioning with static UE IP address and UP security policy
23.6   Providing per-subscriber VLAN instructions from UDM and DN-AAA
23.7   QoS monitoring enhancement

24   Rel-19 multi-access
24.1   Upper layer traffic steering and switching over dual 3GPP access
24.2   Multi-Access (ATSSS_Ph4)
24.3   ATSSS Rule Provisioning via 3GPP access connected to EPC
24.4   Local traffic routing for multi-access UE

25   Other topics
25.1   Deferred 5GC-MT-LR Procedure for Periodic Location Events based NRPPa Periodic Measurement Reports
25.2   Subscription control for reference time distribution in EPS
25.3   Rel-19 IMS:
25.3.1   PS Data Off for IMS Data Channel Service
25.3.2   IMS Disaster Prevention and Restoration Enhancement
25.3.3   IMS Stage-3 IETF Protocol Alignment
25.4   Identifying non-3GPP Devices Connecting behind a UE or 5G-RG
25.5   Integrated Sensing and Communication
25.6   Rel-19 Application Data Analytics Enablement Service
25.7   Interworking of Non-3GPP Digital Terrestrial Broadcast Networks with 5GS Multicast Broadcast Services
25.8   Minimization of Service Interruption During Core Network Failure Phase 2
25.9   Measurement Data Collection
25.10  Enhanced application layer support for location services
25.11  NF discovery and selection by target PLMN
25.12  MSISDN verification operation support to Nnef_UEId Service
25.13  Rel-19 Enhancements of Network Automation Enablers
25.14  Enhancement of controlling RAT utilization
25.15  CT Aspects for IP Domain usage
25.16  Indirect Network Sharing
25.17  Management of Network Sharing Phase 3
25.18  Roaming Value-Added Services
25.19  Monitoring of signalling traffic in 5G
25.20  Roaming traffic offloading via session breakout in HPLMN
25.21  Stage-3 5GS NAS protocol development 18
25.22  Stage-3 SAE Protocol Development
25.23  Harmonization of test case definitions for cross-RAT usability
25.24  Data management regarding subscriptions and reporting
25.25  PRU Usage Extension supported by Core Network

26   Rel-19 miscellaneous Security
26.1   Security Assurance Specification for maintenance of 5G features
26.2   5G Security Assurance Specification (SCAS) for the Unified Data Repository (UDR)
26.3   5G Security Assurance Specification (SCAS) for the Short Message Service Function (SMSF)
26.4   Addition of 256-bit security Algorithms
26.5   Addition of Milenage-256 algorithm
26.6   Roaming and interconnect authorization aspects in indirect communication
26.7   Public key distribution and Issuer claim verification of the Access Token
26.8   3GPP profiles for cryptographic algorithms and security protocols
26.9   Mobility over non-3GPP access to avoid full primary authentication
26.10  LI Handling of Protected Services
26.11  Lawful Interception Rel-19
26.12  Lawful Interception Guidance Rel-19
26.13  Specification of example algorithm for alternative f5* (f5**) function

27   Rel-19 miscellaneous OAM&charging
27.1   Charging aspects for Multi-Operator Core Network (MOCN) Network Sharing
27.2   Service Based Management Architecture enhancement phase 3
27.3   Management Data Analytics phase 3
27.4   Intent driven management services for mobile network phase 3
27.5   Management of planned configurations
27.6   Management aspects of Network Digital Twins
27.7   Closed Control Loop Management
27.8   Data management phase 2
27.9   5G performance measurements and KPIs phase 4
27.10  5G Advanced NRM features phase 3
27.11  Subscriber and Equipment Trace and QoE collection management
27.12  Management of IAB nodes
27.13  Enhancement of Management Aspects Related of NWDAF Phase 2
27.14  CHF Segmentation
27.15  Subscriber Data Migration

You can download the latest version of the specs from here.

Related Post

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , ,

Tuesday, January 20, 2026

Telecom Security Realities from 2025 and Lessons for 2026

Telecom security rarely stands still. Each year brings new technologies, new attack paths, and new operational realities. Yet 2025 was not defined by dramatic new exploits or spectacular network failures. Instead, it became a year that highlighted how persistent, patient and methodical modern telecom attackers have become.

The recent SecurityGen Year-End Telecom Security Webinar offered a detailed look back at what the industry experienced during 2025. The session pulled together research findings, real world incidents and practical lessons from across multiple domains, including legacy signalling, eSIM ecosystems, VoLTE vulnerabilities and the emerging world of satellite-based mobile connectivity.

For anyone working in mobile networks, the message was clear. The threats are evolving, but many of the core problems remain stubbornly familiar.

A Year of Stealth Rather Than Spectacle

One of the most important themes from the webinar was that 2025 did not bring a wave of highly visible disruptive telecom attacks. Instead, it was characterised by quiet, low profile intrusions that often went undetected for long periods.

Operators around the world reported that attackers increasingly favoured living-off-the-land techniques. Rather than deploying noisy malware, intruders looked for ways to gain legitimate access to core systems and remain hidden. Lawful interception platforms, subscriber databases such as HLR and HSS, and internal management platforms were all targeted.

The primary objective in many cases was intelligence collection. Attackers were interested in call data, subscriber information and network topology rather than immediate disruption. This shift in motivation makes detection far more difficult, as there are often few obvious signs of compromise.

At the same time, automation has become a defining feature on both sides of the security battle. Operators are investing heavily in AI and machine learning to identify abnormal behaviour. Attackers are doing exactly the same, using automation to scale phishing campaigns and to accelerate exploit development.

Despite all this technology, basic security discipline continues to be a major challenge. A significant proportion of incidents still originate from human error, poor operational practices or simple failure to apply patches. The industry continues to invest billions in cybersecurity, but much of that effort is consumed by reporting and compliance activities rather than direct threat mitigation.

eSIM Security Comes into Sharp Focus

The transition from physical SIM cards to eSIM and remote provisioning is one of the most significant structural changes in the mobile industry. It offers clear benefits in terms of flexibility and user experience. However, the webinar highlighted that it also introduces entirely new security concerns.

Traditional SIM security models relied heavily on physical control. Fraudsters needed access to large numbers of real SIM cards to operate at scale. With eSIM, many of those physical constraints disappear. Remote provisioning expands the number of parties involved in the connectivity chain, including resellers and intermediaries who may not always operate under strict regulatory oversight.

During 2025 several major SIM farm operations were dismantled by law enforcement. These infrastructures contained tens of thousands of active SIM cards and were used for large scale fraud, smishing campaigns and automated account creation. While such operations existed long before eSIM, the technology has the potential to make them even easier to deploy and manage.

Research discussed in the session pointed to additional concerns. Analysis of travel eSIM services revealed issues such as cross-border routing of management traffic, excessive levels of control granted to resellers, and lifecycle management weaknesses that could potentially be abused by attackers. In some cases, resellers were found to have capabilities similar to full mobile operators, but without equivalent governance or transparency.

The conclusion was not that eSIM is inherently insecure. The technology itself uses strong encryption and robust mechanisms. The problem lies in the wider ecosystem of trust boundaries, partners and processes that surround it. Securing eSIM therefore requires cooperation between operators, vendors, regulators and service providers.

SS7 Remains a Persistent Weak Point

Few topics in telecom security generate as much ongoing concern as SS7. Despite being a technology from a previous era, it remains deeply embedded in global mobile infrastructure. The webinar dedicated significant attention to why SS7 continues to be exploited in 2025 and why it is likely to remain a problem for many years to come.

Throughout the year, media reports and research papers continued to demonstrate practical abuses of SS7 signalling. Attackers probed networks, attempted to bypass signalling firewalls and looked for new ways to manipulate protocol behaviour. Techniques such as parameter manipulation and protocol parsing tricks were highlighted as methods that can sometimes evade existing protections.

One particularly interesting demonstration showed how SS7 messages could be used as a covert channel for data exfiltration. By embedding information inside otherwise legitimate signalling transactions, attackers can potentially move data across networks without triggering traditional security alarms.

Perhaps the most striking point raised was how little progress has been made in eliminating SS7 dependencies. Analysis of global network deployments showed that only a handful of countries operate mobile networks entirely without SS7. Everywhere else, the protocol remains a foundational element of roaming and interconnect.

As a result, even operators that have invested heavily in 4G and 5G security can still be undermined by weaknesses in this legacy layer. The uncomfortable reality is that SS7 vulnerabilities will continue to be exploited well into 2026 and beyond.

VoLTE and Modern Core Network Risks

While legacy protocols remain a problem, modern technologies are not immune. VoLTE infrastructure in particular was identified as an increasingly attractive target.

VoLTE relies on complex interactions between signalling systems, IP multimedia subsystems and subscriber databases. Weaknesses in configuration or interconnection can open the door to call interception, fraud or denial of service. Several real world incidents during 2025 demonstrated that attackers are actively exploring these paths.

The move toward fully virtualised and cloud-native mobile cores also introduces new operational challenges. Telecom networks now resemble large IT environments, complete with the same risks around misconfiguration, insecure APIs and exposed management interfaces.

The Emerging Security Challenge of 5G Satellites

One of the most forward-looking parts of the webinar focused on non-terrestrial networks and direct-to-device satellite connectivity. What was once a concept for the distant future is rapidly becoming a commercial reality.

Satellite integration promises to extend 5G coverage to remote areas, oceans and disaster zones. However, it also changes the security model in fundamental ways. Satellites can act either as simple relay systems or as active components of the mobile radio access network. In both cases, new threat vectors emerge.

Potential issues discussed included the risk of denial of service against shared satellite resources, difficulties in applying traditional radio security controls in space-based equipment, and the possibility of more precise user tracking due to the way satellite systems handle location information.

Experts from the space cybersecurity community explained how vulnerabilities in mission control software and ground segment infrastructure could be exploited. Much of this software was originally designed for isolated environments and is only now being connected to wider networks and the internet.

As telecom networks expand beyond the boundaries of the Earth, security responsibilities extend with them. Operators will need to think not only about terrestrial threats but also about risks originating from space-based components.

The Human Factor and the Skills Gap

Technology was only part of the story. Another recurring theme was the global shortage of skilled telecom cybersecurity professionals.

Studies referenced in the session suggested that millions of additional specialists are needed worldwide, yet only a fraction of that demand can currently be filled. Many security teams are overwhelmed by the sheer volume of alerts and data they must process.

This shortage has real consequences. When teams are stretched thin, patching is delayed, anomalies are missed and complex investigations become difficult to sustain. The panel emphasised that throwing more tools at the problem is not enough. Organisations must focus on training, automation and smarter operational processes.

Automation and AI-driven analysis were presented as essential enablers. Given the scale of modern mobile networks, it is simply not feasible for human analysts to monitor every signalling protocol, every core interface and every emerging technology manually.

Preparing for 2026

Looking ahead, the experts agreed on several broad trends. Attacks on legacy systems such as SS7 will continue. Fraudsters will increasingly target eSIM provisioning processes. VoLTE and 5G core components will face growing scrutiny. Satellite-based connectivity will introduce new and unfamiliar security questions.

Perhaps most importantly, the line between traditional telecom security and general cybersecurity will continue to blur. Mobile networks are now large, distributed IT platforms, and they inherit all the complexities that come with that transformation.

Operators, regulators and vendors must therefore adopt a holistic view. Investment must go beyond compliance reporting and focus on practical defences, real time monitoring and collaborative intelligence sharing.

Final Reflections

The SecurityGen webinar provided a valuable snapshot of an industry at a crossroads. Telecom networks are becoming more advanced and more capable, but also more complex and interconnected than ever before.

2025 demonstrated that attackers do not always need new vulnerabilities. Often they succeed simply by exploiting old weaknesses in smarter ways. The challenge for 2026 is to close those gaps while also preparing for the technologies that are only just beginning to emerge.

For those involved in telecom security, the full discussion is well worth watching. The complete webinar recording can be viewed below:

Related Posts:

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , , , , , , , , ,

Thursday, May 8, 2025

3GPP Release 18 Signal level Enhanced Network Selection (SENSE) for Smarter Network Selection in Stationary IoT

As 5G evolves and the number of deployed IoT devices increases globally, efficient and reliable network selection becomes ever more critical. Particularly for stationary devices deployed in remote, deep-indoor or roaming environments, traditional selection mechanisms have struggled to provide robust connectivity. This has led to operational challenges, especially for use cases involving low-power or hard-to-reach sensors. In response, 3GPP Release 18 introduces a new capability under the SA2 architecture work, Signal level Enhanced Network Selection (SENSE), designed to tackle this exact issue.

In today’s cellular systems, when a User Equipment (UE), including IoT modules, switches on or recovers from a loss of coverage, it performs automatic network selection. This typically prioritises networks based on preferences such as PLMN priority lists and broadcast cell selection criteria, while largely ignoring the actual signal strength at the device’s location. This approach works reasonably well for mobile consumer devices that can adapt through user movement or manual intervention. However, for stationary IoT UEs, which are often unmanned and deployed permanently in locations with limited or fluctuating radio conditions, this method can result in persistent suboptimal connectivity.

The issue becomes most evident when a device latches onto a visited PLMN (VPLMN) with higher priority despite poor signal quality. The UE might remain connected to this weak network, struggling to maintain bearer sessions or repeatedly failing data transfers. These failures often go undetected by the operator's monitoring systems and may require expensive manual intervention in the field. The cumulative impact of such maintenance activities adds significantly to operational expenditure, especially in mass-scale IoT deployments.

SENSE aims to fix this problem by making signal level an integral part of the automatic network selection and reselection process. Rather than simply following preconfigured priority rules, UEs enabled with SENSE will now assess the received signal quality during network selection. This allows them to favour networks that offer stronger and more stable radio conditions, even if they have lower priority, when such conditions are essential for reliable connectivity.

The capability is particularly targeted at stationary IoT UEs that support NB-IoT, EC-GSM-IoT, or LTE Cat-M1/M2. These devices are often used in applications such as water level monitoring, power grid sensors, and remote metering, installations where physical access post-deployment may be difficult or even infeasible.

To implement SENSE, the Home PLMN (HPLMN) can configure the UE to apply Operator Controlled Signal Thresholds (OCST) for each supported access technology. These thresholds are stored within the USIM and define the minimum signal quality required for a network to be considered viable. The OCST settings can be provisioned before deployment or updated later via standard NAS signalling mechanisms, including the Steering of Roaming (SoR) feature.

When a SENSE-enabled UE attempts to select a network, it checks whether the signal level from any candidate network meets or exceeds the configured OCST for its supported radio access technologies. If it does, the UE proceeds to register with that PLMN. If no suitable network meets the signal thresholds, the UE falls back to the legacy selection process, which excludes signal strength as a factor. This dual-iteration method ensures backward compatibility while enabling more robust performance where SENSE is supported.

Additionally, SENSE influences periodic network reselection. If the average signal quality from a registered PLMN drops below the OCST threshold over time, the UE will proactively seek alternative PLMNs whose signals meet the configured criteria. This continuous evaluation helps avoid long-term connectivity issues that may otherwise remain unnoticed.

SENSE is not intended to disrupt roaming steering or PLMN preferences altogether. Instead, it introduces a smart, context-aware filter that empowers the UE to make better decisions when radio conditions are poor. By integrating signal level awareness early in the selection logic, operators gain a powerful new tool to reduce failure rates and minimise costly field maintenance.

As the IoT landscape expands across industries and geographies, features like SENSE will play a vital role in supporting dependable, scalable and autonomous deployments. In Release 18, 3GPP has taken a meaningful step towards improving network availability for devices that need to just work, no matter where they are.

Related Posts

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , ,

Thursday, December 19, 2024

Evolution and Impact of Cellular Location Services (LCS)

Location Services (LCS) have been standardized by 3GPP across all major generations of cellular technology, including 2G (GSM), 3G (UMTS), 4G (LTE), and 5G. These services enable applications to determine the geographical location of mobile devices, facilitating crucial functions such as emergency calls, navigation, and location-based advertising. The consistent adoption of standardized protocols ensures interoperability, scalability, and reliability, empowering mobile operators and device manufacturers to implement location services in a globally consistent manner.

The evolution of LCS technology has seen remarkable advancements with each generation of cellular networks. Early implementations in 2G and 3G relied on basic techniques such as Cell-ID, Timing Advance, and triangulation, which offered limited accuracy and were suitable only for rudimentary use cases. 

The introduction of LTE in 3GPP Release 9 marked a significant improvement, integrating support for regulatory services like emergency call localization and commercial applications such as mapping. LTE networks commonly employ global navigation satellite systems (GNSS), like GPS, to determine locations. However, alternative methods using the LTE air interface are crucial in scenarios where GNSS signals are obstructed, such as indoors or in dense urban environments. An LTE network can support horizontal positioning accuracy of 50m for 80% of mobiles and a vertical positioning accuracy of 5m and an end-to-end latency of 30 seconds.


In 5G, the introduction of high-bandwidth, low-latency communication and new architectural enhancements allows for even more accurate and responsive location services. These improvements support critical use cases like autonomous vehicles, smart cities, and industrial IoT applications. 

5G networks have further improved LCS with high-bandwidth, low-latency communication and architectural enhancements. These innovations enable critical applications like autonomous vehicles, smart cities, and industrial IoT. In Release 15, 5G devices support legacy LTE location protocols through the Gateway Mobile Location Centre (GMLC). From Release 16, the Network Exposure Function (NEF) streamlines location requests for modern applications. A 5G network is expected to deliver a horizontal positioning accuracy of 3m indoors and 10m outdoors, a vertical positioning accuracy of 3m in both environments and an end-to-end latency of one second.

The standardization efforts of 3GPP have ensured that location services meet stringent requirements for accuracy, privacy, and security. Emergency services, for instance, benefit from these standards through Enhanced 911 (E911) in the United States and similar mandates globally, which require precise location reporting for mobile callers. Furthermore, standardization fosters innovation by providing a common foundation on which developers can create new location-based services and applications. As cellular networks continue to evolve, 3GPP’s standardized LCS will remain a cornerstone in bridging connectivity with the physical world, enabling smarter, safer, and more connected societies.

Mpirical recently shared a video exploring the concepts and drivers of Location Services (LCS). It's embedded below:

If you want to learn more about LCS, check out Mpirical's training course on this topic which seeks to provide an end to end exploration of the techniques and technologies involved, including the driving factors, standardization, requirements, architectural elements, protocols and protocol stacks, 2G-5G LCS operation and location finding techniques (overview and specific examples).

Mpirical is a leading provider of telecoms training, specializing in mobile and wireless technologies such as 5G, LTE, and IoT. They boast a course catalogue of wide ranging topics and technologies for all levels, with each course thoughtfully broken down into intuitive learning modules. 

Related Posts

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , ,

Thursday, October 24, 2024

4G/LTE, 5G and Private Networks in Africa

The Global mobile Suppliers Association (GSA) recently released its "Regional Spotlight Africa – October 2024" report. It tracks 604 public mobile networks across North and Sub-Saharan Africa, including LTE, LTE-Advanced, 5G, and fixed wireless access networks. The report gives an up-to-date view of 4G and 5G deployment in Africa, using the latest data and insights from GSA's various reports on mobile networks and satellite services.

Africa has seen major progress in telecommunications in recent years. The expansion of 4G LTE networks has improved data speeds, enhanced connectivity, and supported the spread of mobile broadband services. Looking ahead, 5G technology promises even faster speeds, lower latency, and stronger security, opening the door to new possibilities in connectivity.

The report covers key areas of mobile network development, such as:

  • The current state of LTE and 5G rollouts
  • LTE-Advanced advancements
  • 5G standalone networks
  • The growth of private networks
  • Phasing out 2G and 3G technologies
  • Progress in satellite services

Alongside the report, GSA hosted a regional webinar where the research team shared insights on:

  • The status of LTE and LTE-Advanced in Africa and how it compares globally
  • Whether 5G development is being delayed by ongoing LTE rollouts and older devices
  • Recent spectrum auctions and assignments
  • The transition from 2G and 3G networks
  • The potential for satellite non-terrestrial (NTN) services in Africa and how operators are responding

The webinar video is available below.

Related Posts: 

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , ,

Wednesday, August 14, 2024

3GPP Release 18 Description and Summary of Work Items

The first official release of 3GPP TR 21.918: "Release 18 Description; Summary of Rel-18 Work Items" has been published. It's the first official version of 5G-Advanced. Quoting from the report: 

Release 18 specifies further improvements of the 5G-Avanced system. 

These improvements consist both in enhancements of concepts/Features introduced in the previous Releases and in the introduction of new topics.

Some of the key improvements are:

  • a further integration of the Satellite (NTN) access (introduced in Rel-17) in the 5G System (5GS), 
  • a more efficient support of Internet of Things (IoT), Machine-Type Communication (MTC), including by satellite coverage
  • and also several aspects of proximity communication and location (Sidelink, Proximity, Location and Positioning, better support of the industrial needs (Verticals, Industries, Factories, Northbound API), Multicast and Broadcast Services (MBS), Network Slicing or Uncrewed Aerial Vehicles (UAV).

As for the new topics, some of the key aspects are:

  • Energy Efficiency (EE)
  • Artificial Intelligence (AI)/Machine Learning (ML)
  • eXtended, Augmented and Virtual Reality (XR, AR, VR), immersive communications

The following list is from the v1.0.0 table of contents to make it easier to find the list of topics. If it interests you, download the latest version technical report from the directory here.

5 Satellite / Non-Terrestrial Network (NTN)
5.1 General aspects
5.1.1 User plane: “5G system with satellite backhaul”
5.1.2 Discontinuous coverage: “Satellite access Phase 2”
5.1.3 Radio: "NR NTN enhancements"
5.1.4 Charging and Management aspects of Satelite
5.2 Specific aspects
5.2.1 IoT (Internet of Things) NTN enhancements
5.2.2 Guidelines for Extra-territorial 5G Systems
5.2.3 5G system with satellite access to Support Control and/or Video Surveillance
5.2.4 Introduction of the satellite L-/S-band for NR
5.2.5 Other band-related aspects of satellite

6 Internet of Things (IoT), Machine-Type Communication (MTC)
6.1 Personal IoT and Residential networks
6.2 Enhanced support of Reduced Capability (RedCap) NR devices
6.3 NR RedCap UE with long eDRX for RRC_INACTIVE State
6.4 Application layer support for Personal IoT Network
6.5 5G Timing Resiliency System
6.6 Mobile Terminated-Small Data Transmission (MT-SDT) for NR
6.7 Adding new NR FDD bands for RedCap in Rel-18
6.8 Signal level Enhanced Network Selection
6.9 IoT NTN enhancements

7 Energy Efficiency (EE)
7.1 Enhancements of EE for 5G Phase 2
7.2 Network energy savings for NR
7.3 Smart Energy and Infrastructure

8 Uncrewed Aerial Vehicles (UAV), UAS, UAM
8.1 Architecture for UAV and UAM Phase 2
8.2 Architecture for UAS Applications, Phase 2
8.3 NR support for UAV
8.4 Enhanced LTE Support for UAV

9 Sidelink, Proximity, Location and Positioning
9.1 5GC LoCation Services - Phase 3
9.2 Expanded and improved NR positioning
9.3 NR sidelink evolution
9.4 NR sidelink relay enhancements
9.5 Proximity-based Services in 5GS Phase 2
9.6 Ranging-based Service and sidelink positioning
9.7 Mobile Terminated-Small Data Transmission (MT-SDT) for NR
9.8 5G-enabled fused location service capability exposure

10 Verticals, Industries, Factories, Northbound API
10.1 Low Power High Accuracy Positioning for industrial IoT scenarios
10.2 Application enablement aspects for subscriber-aware northbound API access
10.3 Smart Energy and Infrastructure
10.4 Generic group management, exposure and communication enhancements
10.5 Service Enabler Architecture Layer for Verticals Phase 3
10.6 SEAL data delivery enabler for vertical applications
10.7 Rel-18 Enhancements of 3GPP Northbound and Application Layer interfaces and APIs
10.8 Charging Aspects of B2B
10.9 NRF API enhancements to avoid signalling and storing of redundant data
10.10 GBA_U Based APIs
10.11 Other aspects

11 Artificial Intelligence (AI)/Machine Learning (ML)
11.1 AI/ML model transfer in 5GS
11.2 AI/ML for NG-RAN
11.3 AI/ML management & charging
11.4 NEF Charging enhancement to support AI/ML in 5GS

12 Multicast and Broadcast Services (MBS)
12.1 5G MBS Phase 2
12.2 Enhancements of NR MBS
12.3 UE pre-configuration for 5MBS
12.4 Other MBS aspects

13 Network Slicing
13.1 Network Slicing Phase 3
13.2 Enhancement of NSAC for maximum number of UEs with at least one PDU session/PDN connection
13.3 Enhancement of Network Slicing UICC application for network slice-specific authentication and authorization
13.4 Charging Aspects of Network Slicing Phase 2
13.5 Charging Aspects for NSSAA
13.6 Charging enhancement for Network Slice based wholesale in roaming
13.7 Network Slice Capability Exposure for Application Layer Enablement
13.8 Other slice aspects

14 eXtended, Augmented and Virtual Reality (XR, AR, VR), immersive
14.1 XR (eXtended Reality) enhancements for NR
14.2 Media Capabilities for Augmented Reality
14.3 Real-time Transport Protocol Configurations
14.4 Immersive Audio for Split Rendering Scenarios  (ISAR)
14.5 Immersive Real-time Communication for WebRTC
14.6 IMS-based AR Conversational Services
14.7 Split Rendering Media Service Enabler
14.8 Extended Reality and Media service (XRM)
14.9 Other XR/AR/VR items

15 Mission Critical and emergencies
15.1 Enhanced Mission Critical Push-to-talk architecture phase 4
15.2 Gateway UE function for Mission Critical Communication
15.3 Mission Critical Services over 5MBS
15.4 Mission Critical Services over 5GProSe
15.5 Mission Critical ad hoc group Communications
15.6 Other Mission Critical aspects

16 Transportations (Railways, V2X, aerial)
16.1 MBS support for V2X services
16.2 Air-to-ground network for NR
16.4 Interconnection and Migration Aspects for Railways
16.5 Application layer support for V2X services; Phase 3
16.6 Enhanced NR support for high speed train scenario in frequency range 2 (FR2)

17 User Plane traffic and services
17.1 Enhanced Multiparty RTT
17.2 5G-Advanced media profiles for messaging services
17.3 Charging Aspects of IMS Data Channel
17.4 Evolution of IMS Multimedia Telephony Service
17.5 Access Traffic Steering, Switch and Splitting support in the 5G system architecture; Phase 3
17.6 UPF enhancement for Exposure and SBA
17.7 Tactile and multi-modality communication services
17.8 UE Testing Phase 2
17.9 5G Media Streaming Protocols Phase 2
17.10 EVS Codec Extension for Immersive Voice and Audio Services
17.11 Other User Plane traffic and services items

18 Edge computing
18.1 Edge Computing Phase 2
18.2 Architecture for enabling Edge Applications Phase 2
18.3 Edge Application Standards in 3GPP and alignment with External Organizations

19 Non-Public Networks
19.1 Non-Public Networks Phase 2
19.2 5G Networks Providing Access to Localized Services
19.3 Non-Public Networks Phase 2

20 AM and UE Policy
20.1 5G AM Policy
20.2 Enhancement of 5G UE Policy
20.3 Dynamically Changing AM Policies in the 5GC Phase 2
20.4 Spending Limits for AM and UE Policies in the 5GC
20.5 Rel-18 Enhancements of UE Policy

21 Service-based items
21.1 Enhancements on Service-based support for SMS in 5GC
21.2 Service based management architecture
21.3 Automated certificate management in SBA
21.4 Security Aspects of the 5G Service Based Architecture Phase 2
21.5 Service Based Interface Protocol Improvements Release 18

22 Security-centric aspects
22.1 IETF DTLS protocol profile for AKMA and GBA
22.2 IETF OSCORE protocol profiles for GBA and AKMA
22.3 Home network triggered primary authentication
22.4 AKMA phase 2
22.5 5G Security Assurance Specification (SCAS) for the Policy Control Function (PCF)
22.6 Security aspects on User Consent for 3GPP services Phase 2
22.7 SCAS for split-gNB product classes
22.8 Security Assurance Specification for AKMA Anchor Function Function (AAnF)
22.9 Other security-centric items

23 NR-only items
23.1 Not band-centric
23.1.1 NR network-controlled repeaters
23.1.2 Enhancement of MIMO OTA requirement for NR UEs
23.1.3 NR MIMO evolution for downlink and uplink
23.1.4 Further NR mobility enhancements
23.1.5 In-Device Co-existence (IDC) enhancements for NR and MR-DC
23.1.6 Even Further RRM enhancement for NR and MR-DC
23.1.7 Dual Transmission Reception (TxRx) Multi-SIM for NR
23.1.8 NR support for dedicated spectrum less than 5MHz for FR1
23.1.9 Enhancement of NR Dynamic Spectrum Sharing (DSS)
23.1.10 Multi-carrier enhancements for NR
23.1.11 NR RF requirements enhancement for frequency range 2 (FR2), Phase 3
23.1.12 Requirement for NR frequency range 2 (FR2) multi-Rx chain DL reception
23.1.13 Support of intra-band non-collocated EN-DC/NR-CA deployment
23.1.14 Further enhancements on NR and MR-DC measurement gaps and measurements without gaps
23.1.15 Further RF requirements enhancement for NR and EN-DC in frequency range 1 (FR1)
23.1.16 Other non-band related items
23.2 Band-centric
23.2.1 Enhancements of NR shared spectrum bands
23.2.2 Addition of FDD NR bands using the uplink from n28 and the downlink of n75 and n76
23.2.3 Complete the specification support for BandWidth Part operation without restriction in NR
23.2.4 Other NR band related topics

24 LTE-only items
24.1 High Power UE (Power Class 2) for LTE FDD Band 14
24.2 Other LTE-only items

25 NR and LTE items
25.1 4Rx handheld UE for low NR bands (<1GHz) and/or 3Tx for NR inter-band UL Carrier Aggregation (CA) and EN-DC
25.2 Enhancement of UE TRP and TRS requirements and test methodologies for FR1 (NR SA and EN-DC)
25.3 Other items

26 Network automation
26.1 Enablers for Network Automation for 5G phase 3
26.2 Enhancement of Network Automation Enablers

27 Other aspects
27.1 Support for Wireless and Wireline Convergence Phase 2
27.2 Secondary DN Authentication and authorization in EPC IWK cases
27.3 Mobile IAB (Integrated Access and Backhaul) for NR
27.4 Further NR coverage enhancements
27.5 NR demodulation performance evolution
27.6 NR channel raster enhancement
27.7 BS/UE EMC enhancements for NR and LTE
27.8 Enhancement on NR QoE management and optimizations for diverse services
27.9 Additional NRM features phase 2
27.10 Further enhancement of data collection for SON (Self-Organising Networks)/MDT (Minimization of Drive Tests) in NR and EN-DC
27.11 Self-Configuration of RAN Network Entities
27.12 Enhancement of Shared Data ID and Handling
27.13 Message Service within the 5G system Phase 2
27.14 Security Assurance Specification (SCAS) Phase 2
27.15 Vehicle-Mounted Relays
27.16 SECAM and SCAS for 3GPP virtualized network products
27.17 SECAM and SCAS for 3GPP virtualized network products
27.18 MPS for Supplementary Services
27.19 Rel-18 enhancements of session management policy control
27.20 Seamless UE context recovery
27.21 Extensions to the TSC Framework to support DetNet
27.22 Multiple location report for MT-LR Immediate Location Request for regulatory services
27.23 Enhancement of Application Detection Event Exposure
27.24 General Support of IPv6 Prefix Delegation in 5GS
27.25 5G Timing Resiliency System
27.26 MPS when access to EPC/5GC is WLAN
27.27 Data Integrity in 5GS
27.28 Security Enhancement on RRCResumeRequest Message Protection

28 Administration, Operation, Maintenance and Charging-centric Features
28.1 Introduction
28.2 Intent driven Management Service for Mobile Network phase 2
28.3 Management of cloud-native Virtualized Network Functions
28.4 Management of Trace/MDT phase 2
28.5 Security Assurance Specification for Management Function (MnF)
28.6 5G performance measurements and KPIs phase 3
28.7 Access control for management service
28.8 Management Aspects related to NWDAF
28.9 Management Aspect of 5GLAN
28.10 Charging Aspects of TSN
28.11 CHF Distributed Availability
28.12 Management Data Analytics phase 2
28.12 5G System Enabler for Service Function Chaining
28.13 Other Management-centric items

29 Other Rel-18 Topics

If you find them useful then please get the latest document from here.

Related Posts

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , , , , , , , ,
Subscribe to: Comments (Atom)