RRLP » History » Version 7
fixeria, 10/19/2018 11:08 PM
1 | 1 | admin | h1. RRLP |
---|---|---|---|
2 | 6 | admin | |
3 | 7 | fixeria | {{>toc}} |
4 | 6 | admin | |
5 | RRLP is the _Radio Resource LCS (Location Service) Protocol_ as specified first in GSM TS 04.31 |
||
6 | |||
7 | 1 | admin | It allows the GSM network operator to obtain very precise location information about a mobile phone, |
8 | much more precise than is required for normal operation of the cellular network. |
||
9 | |||
10 | The use of RRLP has been specified for emergency calls. However, nothing in its specification |
||
11 | restricts its use to this application. |
||
12 | |||
13 | In all known phones, RRLP operation is completely invisible to the user of the phone. |
||
14 | |||
15 | 6 | admin | As GSM networks do not need to authenticate themselves, anyone can run a _false BTS_ attack and |
16 | 1 | admin | successively obtain precise position information on a given mobile phone. |
17 | 2 | admin | |
18 | 6 | admin | The popular Free Software implementations of the GSM network "OpenBSC":http://openbsc.osmocom.org/ |
19 | and "OpenBTS":http://openbts.sourceforge.net/ both support RRLP inquiries to mobile phones |
||
20 | 1 | admin | |
21 | 6 | admin | Contrary to the user-plane based [[SUPL]], RRLP works entirely in the signaling plane of the network. As such, the |
22 | 1 | admin | RRLP protocol level is not accessible to user applications on a phone. For a discussion of RRLP, SUPL |
23 | and the various different location measurement methods for mobile phones, please check this excellent |
||
24 | article: http://www.gpsworld.com/gps/wireless-choices-lbs-control-plane-and-user-plane-architectures-1576 |
||
25 | |||
26 | |||
27 | 6 | admin | h2. RRLP Modes |
28 | 1 | admin | |
29 | |||
30 | 6 | admin | RRLP operates in different _modes_. |
31 | |||
32 | |||
33 | h3. MS-based GPS |
||
34 | |||
35 | |||
36 | 1 | admin | In this method, the phone operates a stand-alone GPS receiver like it can be found in personal navigation devices. |
37 | |||
38 | The GPS receiver will do the regular GPS receive process, i.e. |
||
39 | 6 | admin | * iterate over the list of 64 possible scrambling codes and acquire the C/A signal |
40 | * decode the actual data signal modulated onto the C/A carrier |
||
41 | * measure the timing difference of arrival (TDOA) of the various satellite signals |
||
42 | * compute a location estimate (GPS coordinates) based on the measurements |
||
43 | 1 | admin | |
44 | This complete GPS position fix is then communicated to the SMLC inside the GSM core network. |
||
45 | |||
46 | |||
47 | 6 | admin | h4. Assistance Data |
48 | |||
49 | |||
50 | 1 | admin | Most RRLP capable phones will request GPS assistance data from the network. |
51 | 2 | admin | |
52 | 1 | admin | The operation of the GPS receiver is similar to the regular MS-based GPS aporach described above, |
53 | however the GPS receiver is now an A-GPS receiver that already knows the almanac/ephemeris data and |
||
54 | can thus much more quickly acquire the signal. |
||
55 | 2 | admin | |
56 | 6 | admin | "osmocom-lcs.git":http://git.osmocom.org/gitweb?p=osmocom-lcs.git;a=summary contains a program |
57 | 1 | admin | that obtains the ephemeris data from an u-blox GPS receiver and structures/encodes it in the format |
58 | needed by RRLP |
||
59 | |||
60 | |||
61 | 6 | admin | h3. MS-assisted GPS |
62 | |||
63 | |||
64 | 1 | admin | In MS-assisted GPS, the MS does not compute the actual location. Instead, the location/position |
65 | of the phone is computed in the SMLC (part of the GSM core network). |
||
66 | |||
67 | The SMLC provides detailed information about the current GPS signal to the phone, such as: |
||
68 | 6 | admin | * which satellites are currently in the visible part of the hemisphere (and implicitly their scrambling code) |
69 | * the expected _doppler shift_ observed at the MS location, caused by satellite movement relative to MS |
||
70 | * the expected _code phase_, i.e. the difference between a specified GSM bit and the GPS signal chip / bit |
||
71 | * the azimuth and elevation of the satellite |
||
72 | 3 | admin | |
73 | Based on this information, the phone does not have to do a full search/acquisition like a stand-alone GPS receiver. |
||
74 | |||
75 | Instead, it can do a very narrow search for each satellite in question, as it already knows |
||
76 | 6 | admin | * at which doppler shift / range to expect the signal |
77 | * which pseudo-random scrambling sequence to use |
||
78 | * a very narrow position within the scrambling sequence |
||
79 | 1 | admin | |
80 | 3 | admin | This significantly reduces the need for cross-correlation inside the phone. |
81 | |||
82 | 6 | admin | |
83 | h3. E-OTD |
||
84 | |||
85 | 1 | admin | |
86 | FIXME |