From 03e3e6d036127d290a8fdb5b825bf18f8141d432 Mon Sep 17 00:00:00 2001 From: Refik Hadzialic Date: Sat, 1 Sep 2012 12:18:02 +0200 Subject: Implementation OpenBSC description --- vorlagen/thesis/src/kapitel_x.tex | 60 +++++++++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 22 deletions(-) (limited to 'vorlagen/thesis/src/kapitel_x.tex') diff --git a/vorlagen/thesis/src/kapitel_x.tex b/vorlagen/thesis/src/kapitel_x.tex index 9602bf6..0ab4210 100644 --- a/vorlagen/thesis/src/kapitel_x.tex +++ b/vorlagen/thesis/src/kapitel_x.tex @@ -88,7 +88,7 @@ BTS has a unique identifier code name and hence can be distinguished from other Using this method even higher accuracies can be achieved than the known shape of signal reception \citep[Chapter 8]{0470092319}. Basically, provided that the \textit{timing advance} (TA) value is known. The TA is the rough prediction of the \textit{round trip time} (RTT), time -required for a data packet to be received and acknowleded by the MS. Using this measure a rough circle can be made between +required for a data packet to be received and acknowledged by the MS. Using this measure a rough circle can be made between the BTS and the bordering points of the Cell-ID region since TA multiplied with speed of light produces the radius distance of the circle. To obtain the TA value a connection between the MS and the BTS has to exist or a silent call can be made where the GSM subscriber does not even notice that he/she is being called since there is no ringing @@ -2677,24 +2677,10 @@ the RRLP protocol. The generated assistance data packets by the module were used for comparison and a template to build author's RRLP assistance data generator. The nanoBTS is operated by OpenBSC which is explained in the following section. -\section{OpenBSC} -OpenBSC is an open source implementation of a GSM network software by Osmocom. -It was developed for experimentation and security research of the GSM networks \citep{obsc1}. -OpenBSC is ``implementing the minimal necessary parts to build a small, -self-contained GSM network'' \citep{obsc}. This self-contained GSM network -consists of following functional components: Base Station Controller (BSC), -Mobile Switching Center (MSC), Home Location Register (HLR),Authentication -Center (AUC), Visitor Location Register (VLR) and Equipment Identity -Register (EIR). OpenBSC was written in C and operates on Linux. OpenBSC connects -to the BTS using the Abis or Abis/IP interface. At the moment OpenBSC -supports Voice calls, SMS, handovers, support for multiple BTS and other features -not of the interest for this work. OpenBSC has an implemented module for sending only -RRLP requests however without assistance data. This module was tested - \section{RRLP assistance data generator application} - -At the point of writing this thesis there was no working open source -implementation of generating RRLP assistance data. +At the point, two different RRLP implementations on two different hardware platforms have been tested +without successfully obtaining a GPS localization. +\ref{img:RRLPAlgFlowchart} In this work two programming languages have been employed, C and C++ whereas basic knowledge of Erlang was required to understand an implementation of a similar RRLP assistance data generation. The Erlang implementation by Kurtis Heimerl was used as a guide while the author @@ -2706,7 +2692,7 @@ sections. OpenBSC is an open source implementation of \begin{figure}[hb] \centering - \includegraphics[scale=0.4]{img/algorithmRRLP.pdf} + \includegraphics[scale=0.39]{img/algorithmRRLP.pdf} \caption{Flowchart for the RRLP assistance data generators} \label{img:RRLPAlgFlowchart} \end{figure} @@ -2725,6 +2711,37 @@ opposite direction. The decision to use the ARFCN 877 channel was derived from the fact that the channel was free, measurements were carried out with a spectrum analyser built on the USRP hardware. +\section{OpenBSC} +OpenBSC is an open source implementation of a GSM network software by Osmocom. +It was developed for experimentation and security research of the GSM networks \citep{obsc1}. +OpenBSC is ``implementing the minimal necessary parts to build a small, +self-contained GSM network'' \citep{obsc}. This self-contained GSM network +consists of following functional components: Base Station Controller (BSC), +Mobile Switching Center (MSC), Home Location Register (HLR),Authentication +Center (AUC), Visitor Location Register (VLR) and Equipment Identity +Register (EIR). OpenBSC was written in C and operates on Linux. OpenBSC binds +to the BTS using the Abis or Abis/IP interface. At the moment OpenBSC +supports Voice calls, SMS, handovers, support for multiple BTS and other features +not of the interest for this work. OpenBSC has an implemented module for +transmitting RRLP requests however without assistance data. This module was +tested but without successfully obtaining a position from the MS. +While the tests have been performed, no results were obtained due to a +watchdog time out produced by OpenBSC. In order to send an RRLP request in +OpenBSC, a silent SMS would be sent to the cell phone followed by the RRLP +request. Silent SMS is the equivalent of a normal SMS but without notifying +the user of its reception \citep{silentSMS}. When the silent SMS is received +on the cell phone, the message content is not displayed to the user +neither is it stored in the SMS inbox. In other words, its arrival +remains completely unknown to the user to whom it was sent \citep{silentSMS}. +An acknowledgement is sent back to the GSM network operator that the MS +received the silent SMS. The watchdog timer in OpenBSC has been triggered +because the acknowledgement was not received within a certain time limit +while the MS was attempting to obtain a GPS position. To overcome this problem +another approach had to be taken by the author to send RRLP assistance data +with position requests. This shall be further analysed and explained in more +details in the following sections. + + \chapter{Hardware} In the following chapter the author shall introduce the reader to the hardware components used in the thesis. The hardware components shall be presented @@ -3203,8 +3220,7 @@ thesis with other relevant studies due to the lack of any research studies compleyed using the equivalent hardware and type of assistance data. In the relevant studies different hardware test equipment is used while this thesis was carried -out without that test equipment \citep{agpsTests} \citep{agpsTests1} -\citep{gpsTest2}. +out without that test equipment \citep{gpsTest2}. In addition, no research has been found that surveyed the amount of time required to get a position response from a MS where only almanac, ephemeris, UTC model, ionospheric model and reference @@ -3253,7 +3269,7 @@ movement of GSM users \citep{predictMovements}. %Test if it can be tricked out by the software Dennis mentioned (protect my privacy)! -\chapter{Summary} +\chapter{Summary and security issues} \chapter*{Dictionary of acronyms} \begin{itemize} -- cgit v1.2.3-55-g7522