From f0657db3d307619fafa20799c5c7cfca4f56b2ee Mon Sep 17 00:00:00 2001 From: Refik Hadzialic Date: Thu, 30 Aug 2012 17:11:27 +0200 Subject: implementation intro --- vorlagen/thesis/maindoc.pdf | Bin 17090304 -> 17094529 bytes vorlagen/thesis/src/kapitel_x.tex | 44 ++++++++++++++++++++++++++++++++++---- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/vorlagen/thesis/maindoc.pdf b/vorlagen/thesis/maindoc.pdf index 86a26e1..e103055 100644 Binary files a/vorlagen/thesis/maindoc.pdf and b/vorlagen/thesis/maindoc.pdf differ diff --git a/vorlagen/thesis/src/kapitel_x.tex b/vorlagen/thesis/src/kapitel_x.tex index 1ab6f73..dad2025 100644 --- a/vorlagen/thesis/src/kapitel_x.tex +++ b/vorlagen/thesis/src/kapitel_x.tex @@ -2628,12 +2628,48 @@ functions e.q. an FM radio, a GPS receiver, GSM and etc., all of them working on different standards and frequency spectrums \citep{fmRadio} \citep{openBTS}. Theoretically ``anything'' can be built using an SDR platform that is within the domain of the SDR hardware. + The exploited SDR platform in this thesis was the Universal Software Radio Peripheral (USRP) that already had an GSM and RRLP implementation. -The GSM implementation used on USRP was OpenBTS, a Linux application -that uses software radio to present a GSM air interface -and uses a software switch to connect calls \citep{openBTS}. After the -system has been successfully set in operation, the RRLP +The GSM implementation used on USRP was OpenBTS, a Linux application written in C++ +that uses software radio to provide a GSM air interface +and uses a software switch to interconnect calls \citep{openBTS}. After the +system has been successfully set up and set in operation. Initially the system was +tested with 2G cell phones (Nokia 3310 and Siemens M50). While the system was +tested with smart phones, a strange behaviour could be noticed. Sometimes +the smart phones ($iPhones$ $3GS$ and $4$) could not detect the GSM network +existance at all in the network search menu where all GSM networks in range are shown. +The reason for this strange phenomenon may be found in the unstable +operation of the cheap clock oscillator. Although the clock unstability issue can not be +confirmed by the author due to the missing frequency counter to measure the actual frequency. +Nevertheless these results, network undetectability behaviour, are consistent with those +of the developers of OpenBTS with the same clock oscillator\footnote{GSM not detecting station, USRP1, FA-SY1, WBX, DBS +\url{http://www.ruby-forum.com/topic/1876696}}. As previously stated in the GSM chapter, +the clock oscillator for the BTS is not allowed to deviate more than $\pm$5 ppm +(parts per million). This finding that older cell phones (the tested 2G phones) +have rather less problems than the newer ones suggest that newer generation +cell phones are not robust to the timing deviation issues. Meanwhile the RRLP +module was downloaded and installed. The module was written by Kurtis Heimerl in two +different programming languages, Erlang and Common Gateway Interface (CGI)\footnote{Kurtis +Heimerl's code can be found on \url{https://github.com/ttsou/RRLP}}. Once the +RRLP module was configured the new system configuration was tested with RRLP. +The first observation and finding was that not a single smart phone could +connect to the GSM network. In the log files it could be seen a time out was triggered +by OpenBTS while the smart phones tried to get a position fix after the RRLP request +was received by the MS. This result may be explained by the fact that the RRLP +request was immediatelly sent after the paging request has been sent by the BTS. Once +the option was found to disable the RRLP request sending each time the cell phones are +being paged. Next step was manually so send the RRLP requests from the OpenBTS terminal +to smart phones. Contrary to expectations, the smart phones sometimes received the +RRLP request as an SMS message. In the case where the smart phone did not receive the +RRLP request as an SMS message, it would still not respond its position back. +One of the consequences of such behaviour was that the RRLP could not be tested +inside of this set up because the system itself was unstable and had an unpredictive +behaviour. The conducted tests with OpenBTS lead to the decision to employ dedicated +hardware BTS with a tested and calibrated clock oscillator only for GSM. On the other +hand, the Erlang RRLP module was a starting point to understand the RRLP protocol. +The generated assistance data packets by the module were used as a template and +comparison to build author's RRLP assistance data generator. \section{OpenBSC} OpenBSC is an open source implementation of a GSM network by Osmocom. It was developed -- cgit v1.2.3-55-g7522