summaryrefslogtreecommitdiffstats
path: root/vorlagen/thesis/src/kapitel_x.tex
diff options
context:
space:
mode:
authorRefik Hadzialic2012-07-20 22:32:25 +0200
committerRefik Hadzialic2012-07-20 22:32:25 +0200
commit2e4ce2f092048f6b77dd70eb023cfedf9ab92db7 (patch)
tree9aabb1732ec2f69b9b01f2bc36dfa257abbc3a77 /vorlagen/thesis/src/kapitel_x.tex
parentWriting intro (diff)
downloadmalign-2e4ce2f092048f6b77dd70eb023cfedf9ab92db7.tar.gz
malign-2e4ce2f092048f6b77dd70eb023cfedf9ab92db7.tar.xz
malign-2e4ce2f092048f6b77dd70eb023cfedf9ab92db7.zip
RRLP Chapter started
Diffstat (limited to 'vorlagen/thesis/src/kapitel_x.tex')
-rw-r--r--vorlagen/thesis/src/kapitel_x.tex242
1 files changed, 228 insertions, 14 deletions
diff --git a/vorlagen/thesis/src/kapitel_x.tex b/vorlagen/thesis/src/kapitel_x.tex
index 6c1b697..5020dc3 100644
--- a/vorlagen/thesis/src/kapitel_x.tex
+++ b/vorlagen/thesis/src/kapitel_x.tex
@@ -47,7 +47,7 @@ In this section related technologies for estimating the position of a mobile use
and their working principle.
When the GSM network was designed, its primary goal was to enable wireless
full duplex telephony service \citep{gsmTelephony}.
-Over the past decade the GSM network became more popular and mature compared to the initial GSM standard so
+Over the past decade the GSM and its follower networks became more popular and mature compared to the initial GSM standard so
the demands grew for different services. One of the demands, was the demand from emergency services
to localize mobile user in emergency situations like snow avalanches or other not
typical daily emergency situations \citep{0849333490}. This demand led to the
@@ -90,7 +90,10 @@ can be achieved than the known shape of signal reception \citep[Chapter 8]{04700
\textit{timing advance} (TA) value is known. The TA is the rough prediction of the \textit{round trip time} (RTT), time
required for a data packet to be received and acknowleded by the MS. Using this measure a rough circle can be made between
the BTS and the bordering points of the Cell-ID region since TA multiplied with speed of light produces the radius distance
-of the circle. If there are more antennas than one, then it can be even further specified where the MS is positioned.
+of the circle. To get the TA value a connection between the MS and the BTS has to exist or a silent call can be made
+where the GSM subscriber does not even notice that he/she is being called since there is no ringing
+or any other sign that an idle connection is being performed on the MS \citep[Chapter 4]{3GPPTS03.71}.
+If there are more antennas than one, then it can be even further specified where the MS is positioned.
This can be still inaccurate because of the multipath signal reflections.
In urban environments it is usually the case that there is no optical line of sight between the BTS and MS,
so while the signal propagates from the BTS to the MS and vice versa it gets reflected from multiple buildings
@@ -131,20 +134,22 @@ in the cell phone. However, this method can be applied on any cell phone and doe
require a smart phone. It is a network based estimation technique.
\subsection{E-OTD and UL-TDOA}
-E-OTD and UL-TDOA are two similarly working positioning techniques and for this reason have been grouped
-as one. E-OTD stands for Enhanced Observed Time Difference. This technique requires the GSM network to be
+E-OTD and UL-TDOA are two similarly working positioning techniques, both use the time difference of
+signal arrival and for this reason have been grouped as one.
+E-OTD stands for Enhanced Observed Time Difference. This technique requires the GSM network to be
clock synchronized. The clock synchronization of the GSM network can be achieved with
a location measurement unit (LMU) \citep{ETSI.TS.125.111}. LMU's provide the precise time to the BTS's
by having an atomic clock synchronized with the BTS on a seperate location from the BTS or
by providing a special GPS device at the BTS location that can provide precise time \citep{ETSI.TS.125.111}.
The clock synchronization of the MS and the BTS is required becase the E-OTD technique
takes advantage of measuring signal propagation time.
-A data signal with current time information is transmitted from two or more BTS's at the same time
-and then propagation time is measured on the MS \citep{200mRangeEOTD}. Once the difference in time is known between the time point
-when the signal was transmitted and when it was received, it is easy to estimate the relative position
-to the BTS's with trilateration \citep{200mRangeEOTD}. In order to estimate the absolute position, it is required to know
+A data signal with current time information is transmitted from three or more spatially distinct BTS's at the same time
+and then propagation time is measured on the MS (all these BTS's must be detecable by the MS itself) \citep{200mRangeEOTD}.
+Once the difference in time is known between the time point when the signal was transmitted and when it was received,
+it is easy to estimate the relative position to the BTS's with hyperbolic trilateration \citep{200mRangeEOTD}
+\citep[Chapter 4]{3GPPTS03.71}.
+In order to estimate the absolute position, it is required to know
the absolute location of the BTS's. The basic idea can be seen in figure \ref{img:eotdLoc}.
-
\begin{figure}[ht!]
\centering
\includegraphics[scale=1.20]{img/EOTD.pdf}
@@ -154,10 +159,24 @@ the absolute location of the BTS's. The basic idea can be seen in figure \ref{im
the MS.}
\label{img:eotdLoc}
\end{figure}
-
E-OTD requires the cell phone to be equiped with the firmware software to perform the measurements but does
not require new or external hardware. The accuracy of this method lies in the range between 50-200 m, depending
on the location of the MS \citep{malik2009rtls}. This method is not resistant to the multipath signal reflection problem.
+E-OTD is a handset based position estimation technique.
+
+UL-TDOA (Up-Link Time Difference of Arrival) is a similar localization technique as E-OTD \citep{malik2009rtls}.
+The basic difference between UL-TDOA and E-OTD is that the signal propagation time is observed on the BTS's and
+not on the MS itself. To estimate the position of the MS, the BTS responsible for the MS forces the MS to request
+for a handover to neighboring two or more BTS's. The MS sends a handover burst signal and the neighboring BTS
+measure the waiting time between the handover request signal itself and the transmitted burst from the MS.
+Using the observed time difference, the BTS's can compute the location of the MS. It is important to note, this
+position estimation technique takes place while there is an active call on the MS or the BTS makes a silent call
+to the MS where the mobile user is not aware of being tracked \citep{malik2009rtls}. This technique is slightly
+less accure than E-OTD, the accuracy lies between 50-300 m \citep{200mRangeEOTD}. Both of these techniques are
+challenged by the nature of the GSM network due to its unsynchronized operation. One microsecond error will produce
+an error of around 300 m. The advantage of UL-TDOA over E-OTD lies in the fact that no extra software modifications
+have to be made on the cell phone and this technique works on every cell phone. UL-TDOA is a network based position
+estimation technique.
\subsection{Assisted-GPS}
Another positioning technique named Assisted-GPS (AGPS) is recently gaining on popularity
@@ -194,7 +213,81 @@ position estimation technique is a hybrid based technique because the position i
with the help of the handset, that estimates the position, and the network provider since
it delivers the required data for faster acquisition time.
-\newpage
+\subsection{Other techniques}
+The earlier mentioned localization techniques are not the only existing methods but are the standardized ones.
+In this section, two more techniques will be briefly described, angle of arrival and Google maps WiFi tagging.
+\begin{figure}[ht!]
+ \centering
+ \includegraphics[scale=1.20]{img/AOA.pdf}
+ \caption[]{Basic idea of the Angle of Arrival positioning technique. The angle of the reception signal
+ on the BTS antenna is measured. By knowing at least two angles on two BTS's, it is possible to
+ interpolate the intersection point where the MS is located.}
+\label{img:aoadLoc}
+\end{figure}
+
+Angle of Arrival (AOA) is a localization technique that exploits a geometric fact that by knowing at least
+two angles from two known points, i.e. BTS's, it is possible to construct the third triangle point (intersection point).
+The intersection point represents the location of the MS. The angle is derived by a burst
+signal transmitted from the MS and the time difference of arrival for different elements of the burst
+signal. Once the angle is computed, it is straightforward to find the intersection point.
+This technique requires the BTS's to be synchronized with LMU's and to be in line of sight with the BTS's,
+otherwise this method will develiver poor position results. It belongs to the group of network based
+position estimation techniques.
+
+\begin{figure}[ht!]
+ \centering
+ \includegraphics[scale=0.50]{img/WiFiTag.pdf}
+ \caption[]{Wireless Access Point tagging. The MS could be located anywhere where all three access points
+ are visible, this area has a wavy background and is between access points 1, 2 and 4.}
+\label{img:WiFiTag}
+\end{figure}
+
+Another technique gaining on popularity is used by Google maps to identify the position of the user by
+simply tagging an area with all visible wireless access points \citep{googleLBS}. Since each access point has a unique MAC address
+it is not hard to identify them while driving through urban areas with a WiFi scanning device. The basic idea is
+depicted in figure \ref{img:WiFiTag}, where the MS in this particular example is located where access points
+1, 2 and 4 are visible at the same time stamp.
+This technique works efficiently indoors as well as outdoors in cities since
+ranges of wireless networks 801.11 b/g are not more than 30-150 m, though the new standard 801.11 n has a wider coverage area.
+A simple overview of all the mentioned techniques is given in
+table \ref{tbl:overviewLoc}.
+
+\begin {table}[tp!]
+\caption{Overview of the localization techniques.}
+\label{tbl:overviewLoc}\centering
+%\rowcolor{2}{light-gray}{}
+\begin{tabular}{clccc}
+\toprule
+%$D$&&$P_u$&$\sigma_N$\\
+Method&Sync.&Advantage\&Disadvantage&Accuracy&Type\\\toprule
+\rowcolor{light-gray}Cell-ID& No& Works on any cell phone,& Anywhere in cell& Network\\
+\rowcolor{light-gray} & &Imprecise&&\\%\midrule
+Cell-ID + TA& No& Works on any cell phone,& Anywhere in cell& Network\\
+ & &Imprecise but better& but with a radius\\
+ & &than Cell-ID alone&\\%\midrule
+\rowcolor{light-gray}RSS & No& Works on any cell phone,& $\approx 300$ m& Network\\
+\rowcolor{light-gray} & &Depends on cell phone&&\\
+\rowcolor{light-gray} & &model and environment&&\\ %\midrule
+E-OTD &Yes& Works on most new& $\approx 50-200$ m& Handset\\
+ & &cell phone models,&\\
+ & &Expensive because LMU&\\ %\midrule
+\rowcolor{light-gray}UL-TDOA&Yes&Works on any cell phone& $\approx 50-300$ m& Network\\
+\rowcolor{light-gray} & &Expensive because LMU&&\\ %\midrule
+AGPS&Yes/No&Works on some cell& $\approx 5-20$ m& Hybrid\\
+ & &phones with AGPS&\\
+ & &receivers, Very precise&\\ %\midrule
+\rowcolor{light-gray}AOA &Yes&Works on any cell phone,& Depends if MS is& Network\\
+\rowcolor{light-gray} & &Expensive because LMU&in line of sight&\\%\midrule
+Google maps&No&Requires a smart phone&$\approx 5-30$ m& Handset\\
+with WiFi& &with Google maps and& &with aid\\
+ & &Wireless 801.11 b/g/n,& &of\\
+ & &Does not work outside & &Network\\
+ & &of cities or missing \&& \\
+ & &unknown WiFi signal&\\\bottomrule
+\end {tabular}
+\end {table}
+
+\clearpage
\section{Goals of the thesis}
In this thesis the author will give an attempt to provide theoretical and practical
background knowledge required for building a localization system inside of a 2G GSM network by
@@ -207,9 +300,10 @@ since it will provide strong evidence on the advantages and limitations
of this method. This will provide the correlation for the observed results.
Once the GPS and GSM working principles have been explained, the author will proceed with introducing the reader
-to the Radio Resource Location services Protocol (RRLP), responsible for obtaining the location
-and transmission of the assistance data to the cell phone\footnote{RRLP can be seen as
-the connection point between the AGPS and GSM subsystems.}. Furthermore, the reader will be introduced to
+to the Radio Resource Location Protocol (RRLP), responsible for obtaining the location
+and transmission of the assistance data to the cell phone.
+%\footnote{RRLP can be seen as the connection point between the AGPS and GSM subsystems.}
+Furthermore, the reader will be introduced to
the software development process and the hardware connection schemes will be provided.
In the last part of this thesis, test results are reported and summary of the entire system is presented.
@@ -1257,7 +1351,127 @@ some do not require the exact time component and navigation data to be present i
+
+
+
+\chapter{GSM}
\chapter{Radio Resource Location Protocol}
+This chapter will focus on the Radio Resource Location Protocol (RRLP) and a description
+how it works inside of the GSM will be given. RRLP is a protocol from the family of Location Services (LCS)
+which were not part of the initial GSM standard. It is a widely used protocol in other cellular
+networks like UMTS, it was later introduced to the GSM system as well \citep{3GPPTS03.71}. It was
+developed by the request of government and rescue organizations to fulfill the wireless enhanced 911
+standard in the US, each mobile user had to be located within a range of 300 m in 95\% of cases and
+within 100 m in 67\% of cases \citep{E911Accuracy}.
+
+The standard supports three positioning mechanisms: E-OTD, UL-TDOA and AGPS \citep{3GPPTS03.71}.
+The LCS process can be divided into two seperate stages, signal measurements and
+position estimation from the derived data in the previous stage. In this chapter
+the description will be given how to make an RRLP request, how to send assistance
+data and then more information will be given on its response.
+
+
+\section{RRLP Request}
+In this section the RRLP protocol and its request will be reviewed in more detail.
+RRLP represents the connection/protocol between the Serving Mobile Location Center (SMLC)
+and the standalone handset, in this case the MS, in GSM networks \citep[Chapter 5]{harper2010server-side}.
+The SMLC node contains the functionaly to support
+location services for the GSM network \citep{3GPPTS03.71}. SMLCs primary function is to manage
+the overall coordination and scheduling of resources required to perform the localization of the MS
+and it is located on the Base Station Controller (BSC).\citep{3GPPTS03.71}.
+SMLC controls the LMU's as well but since in this work no LMU were available this part
+will be skipped as well as the description of E-OTD and UL-TDOA localization.
+
+Before an attempt is made, of requesting the SMLC to initialize an RRLP request, an SDDCH connection
+channel has to be initialized to the MS, this connection cannot be seen by the MS user\footnote{However,
+it is possible to take into consideration that something is going on the cell phone if the MSs battery
+is drained faster because an active RF connection drains the battery faster than a passive MS
+connected to the GSM network.}.
+
+\begin{figure}[ht!]
+ \centering
+ \includegraphics[scale=0.50]{img/RRLPRequest.pdf}
+ \caption[]{RRLP Request protocol. Assistance data can be sent before the request is made. If the assistance
+ data are sent, their reception acknowledgement is sent as a response from the MS.}
+\label{img:RRLPReqProt}
+\end{figure}
+
+Data/packets sent inside of a protocol is called Protocol Data Unit (PDU) and on different
+layer levels they may take a different shape \citep{kozierok2005the} \citep{stevens1994tcp/ip}.
+In RRLP, the PDU's sent from the SMLC ought to be not greater than 242 bytes\footnote{Bytes of 8 bits!},
+although the standard defines that larger packets will be split in lower layers, in this work the
+rule of 244 bytes has been obeyed \citep{04.31V8.18.0}. In the RRLP standard terms, the messages are entitled
+as \textit{components} and fields in the messages (components) are labelled as \textit{information elements} (IE) \citep{04.31V8.18.0}.
+The SMLC may send only the request for the position of the MS or it may assist the MS with assistance data
+required to estimate the position (in case of a AGPS request, these data may be ephemeris, almanac or
+accurate timing data), as depicted in figure \ref{img:RRLPReqProt}. Once the MS gets the data delivered after some
+processing time it will respond to the SMLC with the position of the MS or with an error IE indicating what
+assistance data are missing \citep{04.31V8.18.0} \citep{49.031V8.1.0}. In the IE it is exactly indicated
+what type of data ought to be sent to the MS so that it can complete the RRLP request and respond its
+position. To save bandwidth space in the communication between the SMLC and MS, it can be proceeded in such a way that
+first the RRLP request is sent out for the position estimation and then if the MS requires some of the assistance data,
+it will send a request for those data back to the SMLC and then the SMLC can send the required data and expect an
+successful response from the MS. However, in this work the author had a different approach in that sense, that first
+he sent all the RRLP assistance data and then the RRLP position request. This way, sending all assistance data,
+was choosen over the other because in the OpenBSC it was not possible to access directly the response
+data without querying the database directly. Since this system is a real time system, waiting for the database
+to respond may have corrupted the state machine of the GSM network and this would led to the malfunction and
+eventually failure of the complete network!
+
+The structure of the RRLP messages (requests, assistance data and response) is well defined using
+Abstract Syntax Notation One (ASN.1) in the technical specifications 3GPP 04.31 V8.18.0
+and ETSI TS 144 031 \citep{49.031V8.1.0} \citep{ETSITS144031}. ASN.1 is a conventional notation
+for denoting the abstract syntax of data used inside of protocols or data
+structures \citep[Chapter 8]{sharp2008principles} \citep{ITU-TX.680}. In other words, using ASN.1 it is possible
+to describe data in an indepedent representation of programming languages in which a protocol is implemented.
+In this section only some of the used parts of the RRLP protocol
+inside of this thesis will be presented, more details can be found in the
+technical specifications \citep{49.031V8.1.0} \citep{ETSITS144031}. Structure
+of the RRLP message can be seen in listing \ref{lst:RRLP}.
+\newpage
+\begin{lstlisting}[label=lst:RRLP,
+caption={\textbf{Structure of RRLP message in ASN.1 notation}},
+backgroundcolor=\color{light-gray}]
+RRLP-Messages
+-- { RRLP-messages }
+
+DEFINITIONS AUTOMATIC TAGS ::=
+
+BEGIN
+
+
+IMPORTS
+ MsrPosition-Req, MsrPosition-Rsp, AssistanceData,
+ ProtocolError
+FROM
+ RRLP-Components -- { RRLP-Components }
+;
+
+PDU ::= SEQUENCE {
+ referenceNumber INTEGER (0..7),
+ component RRLP-Component
+}
+
+RRLP-Component ::= CHOICE {
+ msrPositionReq MsrPosition-Req,
+ msrPositionRsp MsrPosition-Rsp,
+ assistanceData AssistanceData,
+ assistanceDataAck NULL,
+ protocolError ProtocolError,
+ ...,
+ posCapabilityReq PosCapability-Req,
+ posCapabilityRsp PosCapability-Rsp
+}
+
+END
+\end{lstlisting}
+
+\subsection{RRLP Assistance data}
+
+
+\newpage
+\section{RRLP Response}
+
\chapter {Working}
\section{Zitieren..}