Citizens’ Broadcast Radio Spectrum (CBRS) is a shared wireless broadband use of the 3550-3700 MHz band (also referred to as 3.5 GHz band). CBRS (commonly known as the “innovation band”) was envisioned to support a three-tier shared spectrum model to facilitate shared federal and non-federal use of this band using automated frequency coordinators, known as spectrum access systems (SASs).

Network elements

The core principle of CBRS is dynamic spectrum access in a tiered system. For that, a real-time spectrum coordination mechanism has been created to facilitate spectrum sharing. The spectrum coordination architecture for CBRS is based on a distributed system. At the top of the hierarchy is the FCC database which centralises spectrum allocation. The next tier is the SAS, which is a third-party certified vendor offering SAS services. The next tier is the sensor network referred to as the environmental sensing capability (ESC). The ESC system detects and communicates the presence of a signal from an incumbent user to a SAS to facilitate shared spectrum access. The next tier is the SAS user network which interacts with the SAS for priority access licence (PAL) and general authorised access (GAA) usage.

At the heart of the system is the SAS. It is the gatekeeper that takes information from the FCC database, other SASs, ESC, and CBRS broadband service devices (CBSD). Then it applies the FCC rules to allocate frequency and power resources to each of the CBSDs.

Network architecture

CBSDs are fixed base stations, or networks of such, and can only operate under the authority and management of a centralised SAS. Both PAL and GAA users are obligated to use only the certified FCC approved CBSDs, which must register with the SAS with the information required such as operator ID, device identification and parameters, and location information. In a typical MNO deployment scenario, the CBSD network is a managed network comprising the domain proxy (DP).

CBSDs are like LTE and NR base stations but the difference is that these base stations can only operate under the SAS authority. Both PAL and GAA users are supposed to be compliant with WinnForum technical specifications and must be tested in an approved lab for OnGo certification. After successful testing in an OnGo-certified lab, such CBSDs get FCC-approved IDs and serial numbers, which are also saved in the FCC database. Such approved CBSDs will also be registered with the SAS. In a large commercial deployment, it is advisable that all CBSD devices be managed by a new network element, the DP along with element management system (EMS) or network management system (NMS) functionality.

The DP may be a bidirectional information routing engine or a more intelligent mediation function enabling flexible self-control and interference optimisations in such a network. In addition, a DP enables combining – for example, that of the small cells of a shopping mall or sports venue with a virtual BS entity – or provides a translational capability to interface legacy radio equipment with a SAS. An EMS is a required component for provisioning and configuring CBSDs, like conventional LTE systems. The network management system is an optional but preferred approach for large deployments of CBSD (for example, MNO) to centralise communication to the SAS network while also offloading and simplifying the individual CBSDs.

The main role of SAS is to control interference in the environment, enforce protection criteria and exclusion zones to protect higher priority users, and dynamically determine and enforce CBSDs’ maximum power levels in space and time. The FCC requires all SASs to have consistent models for interference calculations. In addition to the above, SAS also takes care of registration, authentication and identification of user information and SAS-SAS message exchange.

In order to meet the mission-critical requirements of the DoD incumbent access, the FCC-adopted rules require ESCs in and adjacent to the CBRS band to detect incumbent radar activity in coastal areas and near inland military bases. Once incumbent access activity is detected, the ESC communicates that information to a SAS for processing, and if needed, the SAS orders commercial users to vacate an interfering channel within 300 seconds in frequency, location, or time.


As per the CBRSA-TS-1002 V1.0.0 (Rev. 13.0 moving to V2.0.0), multiple deployment models have been defined based on network infrastructure as noted below:

  • Public network (RAN + core) operating in 3GPP PLMN Access Mode (PLMN)
  • Private network (RAN + Core) operating in 3GPP Private CBRS-I (CBRS-ID as PLMN ID) Access Mode
  • CBRSA NHN (RAN + Core) operating in NHN Access Mode with CBRS-NID ONLY
  • Private CBRS network (RAN + Core) operating in NHN Access Mode with PSP-ID along with a USIM-based subscription or a certificate-based subscription associated with PSP-ID
  • CBRS network operating in 3GPP-based Access Mode to serve CBRS devices equipped with non-USIM-based subscription.

The architecture enables the CBRS NHN to operate as a trusted non-3GPP Access Network and/or untrusted non-3GPP Access Network for UEs associated with PSPs. In trusted mode, a CBRSA NHN uses the STa-N interface for UE authentication and enables one or more simultaneous home routed PDN connections between the UE and the PSP’s PDN-GW using the S2a interface. If the subscriber’s home operator allows, the CBRSA NHN may provide additional PDN connections for local breakout of data traffic. Legal intercept is not specified for local breakout.

In untrusted mode, a CBRSA NHN uses the SWa-N interface for UE authentication. In this mode, all PDN connections use local breakout of data traffic. Legal intercept is not specified in the untrusted case. In untrusted mode, a UE with a USIM-based subscription can establish a secure IPsec tunnel (for example, SWu in 3GPP TS 23.402) with its service provider’s ePDG using the subscription and receive the service provider’s services via the SWu interface.


New UE profile

The CBRS Alliance has defined new CBRS-profiles where each profile points to certain network compatibility as well as functional supports. A single UE may or may not support multiple profiles, depending on the case. CBRS core and policy network elements are responsible for policy and rule enforcement based on profile as in LTE. One such policy can be mapping of access mode to the relevant CBRS-profile and subscription. s

Based on the white paper, “5G Technologies in Private Networks” by 5G Americas