summaryrefslogtreecommitdiffstats
path: root/vorlagen/thesis/src/kapitel_x.tex
blob: 6821449fa23fe64f97fe6215ce437275f522d4d8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
\setchapterpreamble[u]{%
  \dictum[Stobaeus] {What use is knowledge if there is no understanding?}
}
\chapter{Introduction to GSM and GPS}
\section{Motivation}
\section{Goals of the thesis}
The goal of the following thesis is to:
- implement the Radio Resource Location Protocol inside of OpenBSC, to the extent of 
delivering correct GPS assistance data to cell phone subscribers
inside the GSM network
- test the protocol on 5-10 different smart phones
- describe and analyse the background processes taking place inside of the cell phone
\chapter{Assisted GPS}
\section{GPS Principles}
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/GPS-Principle.pdf}
  \caption[]{nanoBTS with its plastic cover. Image courtesy of ip.access ltd}
\label{img:gpsprinciple}
\end{figure}

\section{GPS signal modulation}
The transmitted signal after the RF frontend is given
in equation \eqref{eq:GPSSignalReceived} \citep{1656803}.
\begin{equation}
\label{eq:GPSSignalReceived}
S(t) = \sqrt{\frac{P}{2}}D(t)C(t)cos(2\pi f_{c}+\varphi_{SV}) + n(t)
\end{equation}
The received signal after the RF frontend is given
in equation \eqref{eq:GPSSignalReceived} \citep{1656803}.
\begin{equation}
\label{eq:GPSSignalReceived}
S(t) = \sqrt{\frac{P}{2}}d_{C/A}cos(2\pi f_{c}+\varphi_{SV}) + n(t)
\end{equation}

\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/GPS-Modulation.pdf}
  \caption[]{Modulation of the GPS signal L1}
\label{img:gpsmod}
\end{figure}

\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/NAV-Message.pdf}
  \caption[]{One frame of 1500 bits on L1 frequency carrier}
\label{img:gpsframe}
\end{figure}



\section{GPS signal demodulation}
The GPS satellites\footnote{Satellites are named as space vehicles 
and the abrevation SV is used in the equation notations
to denote a parameter related to the satellite itself.}
orbiting our planet, at a distance of approximately $20200 \, km$,
are equiped with precise atomic clocks \citep[Chapter 2.7]{diggelen2009a-gps}.
These atomic clocks are calibrated and maintained on
a daily basis by the U.S. Air Force \citep{GPS-Pentagon}. 
The time the atomic clock generates is refered as \textit{GPS
system time}, denoted as $t_{SV}$,
and it is generated as a time stamp at the moment
of the frame broadcast \citep{GPS-Interface-Specification}.
Each satellite signs the frame with its exact
broadcast time. The broadcast time is encapsulated in the
subframe 1 of the 1500 bit long frame. In addition to the
broadcast time, subframe 1 contains parameters to account
for the deterministic clock errors embedded in the
broadcasted GPS system time stamp. These errors can be
characterized as bias, drift and aging errors
\citep{GPS-Interface-Specification}. The correct broadcast
time, denoted as $t$, can be estimated using the model given in equation
\eqref{eq:timecorrection1} \citep{GPS-Interface-Specification}. 
In equation \eqref{eq:timecorrection2}, where the GPS
receiver is required to calculate the satellite clock
offset, denoted as $\Delta t_{SV}$, a number of unknown terms can be
seen. These terms are encapsulated inside of the transmitted frames. The polynomial
coefficients: $a_{f0}$ - \textit{clock offset}, $a_{f1}$ - 
\textit{fractional frequency offset}, $a_{f2}$ - \textit{
fractional frequency drift}; and
$t_{0c}$ - \textit{reference epoch} are encapsulated inside
of subframe 1. The only remaining unknown term left in equation 
\eqref{eq:timecorrection2} is the \textit{relativistic correction
term}, denoted as $\Delta t_{r}$. $\Delta t_{r}$ can be evaluated
by applying the equation given in \eqref{eq:timecorrection3}.
$F$ is a constant calculated from the given parameters
in \eqref{eq:paramconst1} and \eqref{eq:paramconst2},
whereas $e$, $\sqrt{A}$ and $E_{k}$ are \textit{orbit
parameters} encapsulated in subframe 2 and 3
\citep{GPS-Interface-Specification}. 

\begin{equation}
\label{eq:timecorrection1}
\centering
t=t_{SV}-\Delta t_{SV} 
\end{equation}

\begin{alignat}{4}
 & \Delta t_{SV} &= \;& a_{f0} + a_{f1}(t_{SV}-t_{oc}) + a_{f2}(t_{SV}-t_{oc})^{2} + \Delta t_{r} \label{eq:timecorrection2} \\
 & \Delta t_{r}  &= \; & Fe\sqrt{A}\sin{E_{k}} \label{eq:timecorrection3} \\
 & F &= \;& \frac{-2\sqrt{\mu_{e}}} {c^{2}} = -4.442807633 \cdot 10^{-10} \frac{s}{\sqrt{m}} \label{eq:timecorrection4} 
\end{alignat}

Nevertheless, the broadcast satellite time
information is not sufficient to estimate the precise
time at the moment of the signal arival. Even though the signal
arives in approximately\footnote{Propagation time
depends on user and GPS satellite position.} $77 \, ms$,
the precision of the atomic clock is in the
range of 10 ns \citep[Chapter 2]{diggelen2009a-gps}. 
Undoubtedly the signal propagation (travel)
time, denoted as $t_{prop}$, has to be taken into account.
In that case, the exact time at the moment of arival is known,
denoted as $t_{exact}$ and is given in equation \eqref{eq:exactTime}.
The signal propagation time must be known to
estimate the distance from the satellite
but is not sufficient to estimate the position of the GPS receiver. 
More importantly, $t_{exact}$ time will be later used 
to synchronize various time dependent systems like the
GSM, LTE, GNSS or other communication and ranging systems.
\begin{equation}
\label{eq:exactTime}
t_{exact} = t_{prop}+t
\end{equation}

\subsection{Carrier wave demodulation}
\label{sec:Carrierdemod}
In order to calculate the signal propagation time between
the satellite and the receiver, the internal sine 
wave synthesizer inside of the receiver has to be
synchronized with the carrier sine wave generator
of the GPS satellite \citep{4560215}. In other words,
the identical carrier wave replica has to be generated
on the receiver as on the satellite \citep{736341}. 
However, the received signal is not the equivalent
of the transmitted signal. Due to the nature of the
Doppler effect\footnote{Doppler effect is a
phenomenon that happens as a result of relative
motion of the two bodies, transmitter and
receiver, towards or away from each other and causes 
frequency shift of the electromagnetic wave
\citep[Chapter 4]{3540727140}.}
and wave propagation, the transmitted signal arives 
phase disordered at the receiver \citep{4560215}. 
This phase disorder is a consequence of the relationship 
between the instantaneous frequency and instantaneous phase
according to equations \eqref{eq:freqPhase} and \eqref{eq:phaseFreq}. 
\begin{equation}
\label{eq:freqPhase}
f(t)=\frac{1}{2\pi}\frac{d}{dt}\phi(t)
\end{equation}
\begin{equation}
\label{eq:phaseFreq}
\phi(t) = 2\pi \int_{-\infty}^{t} f(\tau) d\tau
\end{equation}

Considering that the GPS satellites orbit the Earth with
a speed of around $3.9 \, km/s$, the Earth rotates 
around its axis and the target user 
with the GPS receiver may move as well, the Doppler effect
is unavoidable.
The observed phase at the receiver antenna, 
denoted as $\varphi_{o}$, can be described using
the equation given in \eqref{eq:phaseShift}, 
where $\varphi_{GPS}$ represents the known satellite
carrier wave phase, $\delta \varphi_{SV}$ the clock
instabilities on the GPS satellite,
$\varphi_{a}$ the phase shift error
caused by propagation delays in the ionosphere
and troposphere respectively, $\delta \varphi_{DE}$ the phase shift 
caused by the Doppler effect and $\delta \varphi_{w}$
is the wideband noise phase shift. 
\begin{equation}
\label{eq:phaseShift}
\varphi_{o} = \varphi_{GPS}+ \delta\varphi_{SV} + \varphi_{a} +\delta \varphi_{DE} + \delta \varphi_{w} 
\end{equation}
The task of the demodulation process is to 
generate a replica carrier wave with the matching
phase shift and mix it with the incoming signal. 
In the ideal case the observed phase
on the antenna and the generated phase on the
receiver, denoted as $\varphi_{rec}$, cancel each other
out, that is to say, equation \eqref{eq:phaseIdealCase}
equals zero. The circuit responsible for generating the same
carrier wave is the phase locked loop (PLL). 
The PLL modifies the synthesized wave parameters
such that, $\lim \Delta \varphi \approx 0$.
\begin{equation}
\label{eq:phaseIdealCase}
\Delta \varphi = \varphi_{o} - \varphi_{rec}
\end{equation}
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.5]{img/Phase-Diff.pdf}
  \caption[]{Two equivalent carrier waves with the same frequency but different phase shift}
\label{img:phaseShift}
\end{figure}
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.5]{img/L1-Demodulation.pdf}
  \caption[]{Demodulation of the L1 GPS signal}
\label{img:L1Demod}
\end{figure}
 This is straightforward to understand by looking at the
 multiplication of two sine waves. The GPS L1 signal 
 demodulator at the receiver is depicted in figure
\ref{img:L1Demod}, the incoming signal L1 is multiplied with 
the synthesized sine wave (multiplication is the function of
a mixer, denoted as $\otimes$ in figure \ref{img:L1Demod}). 
For the purpose of easier analysis, cosine waves
will be used istead of sine waves, the difference between them 
is only in the phase shift, as denoted in equation
\eqref{eq:sineEqCosine}. 
\begin{equation}
\label{eq:sineEqCosine}
\sin(\pm x) = \cos\bigg(\frac{\pi}{2} \pm x\bigg)
\end{equation}
Multiplication of two cosine waves, as in equation \eqref{eq:multCosin},
can be derived by adding $\cos(A+B)$ and $\cos(A-B)$, as respectively
given in equations \eqref{eq:cos1} and \eqref{eq:cos2}.
\begin{equation}
\label{eq:multCosin}
\cos(A)\cdot\cos(B) = \frac{1}{2}\cos(A-B)+\frac{1}{2}\cos(A+B)
\end{equation}
\begin{equation}
\label{eq:cos1}
\cos(A+B) = \cos(A)\cos(B)-\sin(A)\sin(B)
\end{equation}
\begin{equation}
\label{eq:cos2}
\cos(A-B) = \cos(A)\cos(B)+\sin(A)\sin(B)
\end{equation}
The incoming GPS L1 signal with a frequency $f_{1}$, given in figure \ref{img:L1Demod}, 
can be written as $d_{C/A}\cos(\omega_{1}t)$, where $\omega_{1}=2\pi f_{1}$ is
the angle frequency and
$d_{C/A}$ is the C/A data (navigation message modulated with the PRN code),
$d_{C/A}=d_{PRN}\oplus d_{NAV}$.
If equation \eqref{eq:multCosin} is rewritten with the received GPS signal L1
and synthesized wave with a frequency $f_{2}$, the equation results the one
given in \eqref{eq:cosResult}
\begin{equation}
\label{eq:cosResult}
d_{C/A}\cdot\cos(\omega_{1}t)\cos(\omega_{2}t) = \frac{1}{2}d_{C/A}\cdot\cos(\omega_{1}t-\omega_{2}t) + \frac{1}{2}d_{C/A}\cos(\omega_{1}t+\omega_{2}t)
\end{equation}
This leaves the resulting signal with two frequency terms, a low frequency 
term $(\omega_{1}t-\omega_{2}t)$
and a high frequency term $(\omega_{1}t+\omega_{2}t)$,
the $t$ can be taken in front of the bracket as it
is a common multiplier.
The high frequency term, $(\omega_{1}+\omega_{2})$, can be filtered out using
a low-pass filter\footnote{A low-pass filter passes
low frequency signals and attenuates
high frequency signals. In other words, signals higher than the
specified cutoff frequency of the low-pass filter, are cut off by reducing their amplitudes.}.
Ideally, the difference of the angle frequencies is zero,
as in equation \eqref{eq:delaOmega}, since $\cos(\Delta \omega)=\cos(0)=1$
and the remaining left signal is only the C/A code multiplied
with the DC term (zero frequency producing a constant voltage) leaving only $\frac{1}{2}d_{C/A}$. 
\begin{equation}
\label{eq:delaOmega}
\Delta \omega = \omega_{1}-\omega_{2} = 0
\end{equation}
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.5]{img/PRN-PhaseShiftAfterDemod.pdf}
  \caption[]{Effects of the low frequency term on the demodulated output
  C/A wave on the GPS receiver (the explanations and figures are from top to bottom).
  If the synthesized frequency is correct, $f_{1}=f_{2}$, the low 
  frequency term becomes a DC term and does not modify the output
  $d_{C/A}$ wave (first figure). If the frequency matches but the
  phase not, in this case the phase is shifted for $\pi$, then
  $d_{C/A}$ is inverted (second figure).
  If the phase shifts with time, then the amplitude and phase of $d_{C/A}$
  will vary as well (third figure).}
\label{img:multCAPhase}
\end{figure}
However, if the frequencies do not match, $f_{1}\neq f_{2}$,
then the output signal $\frac{1}{2}d_{C/A}$ will be
modified by the residual frequency $f_{1}-f_{2}$, 
and subsequently will change the demodulated C/A output (also known as phase shift). Under those circumstances
the correlator will be unable to match the C/A code with the
correct PRN code. An illustration of this phenomenon is depicted
in figure \ref{img:multCAPhase}. 





\subsection{C/A wave demodulation}
\label{sec:CAdemod}
As a result of the previous step, one can continue with
the demodulation of the C/A wave.
Each tracked GPS satellite signal is demodulated seperately 
using the same PRN code, code chipping rate and carrier frequency-phase 
(which was determined above) for the given satellite
\citep[Chapter 4]{understandGPS}. 
The PRN codes for each GPS satellite is well defined and
known by the GPS receiver. The receiver has to generate the
same PRN code with matching code chipping rate (phase)
of the transmitted C/A code,
this is depicted in figure \ref{img:prnCodeCompare} 
\citep[Chapter 5]{understandGPS}.
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/PRN-ChipRate.pdf}
  \caption[]{Comparison between the original C/A code generated on the
  GPS satellite with two synthesized PRN codes with a different phase shift on the receiver.}
\label{img:prnCodeCompare}
\end{figure}
For the particular example, the matching phase shift was achieved with
the second replica PRN code, with a phase shift of $\tau=0$ but
there could be a case with any other value of $\tau$, $\tau\in[0,1023]$.
Implementation of the PRN code synthesizer depends on the GPS receiver
manufacturer but it is usually implemented as a linear feedback shift
registers (LFSR) that produces an output according to a predefined function $f(\tau)$. 
This function, $f(\tau)$, generates an PRN code, that is
delayed in phase by $\tau$, where $\tau$ is a multiple of the chipping
rate period $T_{c}=977.5 \,ns$. The chipping period $T_{c}$
can be derived from equation \eqref{eq:chipPeriod}.
The time required to find a matching PRN code shift, $\tau$,
is proportional to the amount of LFSR on the system
\citep[Chapter 3]{bensky2008wireless}. Clearly with more LFSRs
the required time for finding the matching phase shift increases.
\begin{equation}
\label{eq:chipPeriod}
T_{c} = \frac{1}{f_{PRN}} = \frac{1}{1.023\cdot 10^6}
\end{equation}

To determine whether the synthesized PRN code,
matches the incoming C/A code of the received satellite
signal, known correlation properties of PRN codes are used. 
Since the PRN code is modeled as a sequence of +1's and
-1's, the autocorrelation of
a signal is at its maximum if it is in phase, i.e. 
summing up the sequence products yields the absolute
maximum value. As an illustration of the idea, an example is
given in figure \ref{img:correlatingSignals}. The cross-correlation
of the incoming C/A code with the first synthesized PRN code produces a 
result of $-3=(+1)\cdot(-1)+(-1)\cdot(+1)+(+1)\cdot(-1)+(+1)\cdot(+1)+(-1)\cdot(+1)$,
whereas the cross-correlation of the incoming C/A code
and the second synthesized PRN code yields a result of 
$+5=(+1)\cdot(+1)+(-1)\cdot(-1)+(+1)\cdot(+1)+(+1)\cdot(+1)+(-1)\cdot(-1)$.
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/Correlation.pdf}
  \caption[]{Cross-correlation on three different signals}
\label{img:correlatingSignals}
\end{figure}
The same principle applies to the sent C/A and 
PRN code sequences in the GPS receiver and thus can be modeled using
the equation given in \eqref{eq:autocorrelationProperty}, 
where $G_{i}(t)$ is the C/A code Gold code sequence as a
function of time $t$, for the GPS satellite $i$; $T_{C/A}$ is the
C/A chipping period of $977.5 \,ns$ and $\tau$ is the phase shift 
in the auto-correlation function \citep[Chapter 4]{understandGPS}.
\begin{equation}
\label{eq:autocorrelationProperty}
R_{i}(t) = \frac{1}{1023\cdot T_{C/A}} \int_{t=0}^{1023} G_{i}(t)G_{i}(t+\tau)d\tau
\end{equation}
Another correlation property of the PRN codes comes in useful,
the fact that in the ideal case the cross-correlation of two
different PRN codes yields a result of zero. The ideal case 
can be modeled as in equation \eqref{eq:prnIdealCaseZero},
\begin{equation}
\label{eq:prnIdealCaseZero}
R_{ij}(\tau) = \int_{-\infty}^{+\infty} PRN_{i}(t)PRN_{j}(t+\tau)d\tau = 0
\end{equation}
where $PRN_{i}$ is the PRN code waveform for GPS satellite $i$ and 
$PRN_{j}$ is the PRN code waveform for every other GPS satellite other
than $i$, $i\neq j$ \citep[Chapter 4]{understandGPS}. Equation
\eqref{eq:prnIdealCaseZero} ``states that the PRN waveform of satellite
$i$ does not correlate with PRN waveform of any other satellite $j$ for
any phase shift $\tau$'' \citep[Chapter 4]{understandGPS}.
Without the property given in \eqref{eq:prnIdealCaseZero},
the GPS receiver would not be able to smoothly 
differentiate between different GPS satellite signals. 
Once the phase shift, $\tau$, has been found, the C/A code is modulated
(XORed) with it. The resulting binary code will be the navigation message.
The implementation problem of finding correct C/A and carrier wave demodulation will be
further explained in the following section \ref{sec:2dSearch}.

\subsection{Implementation of the 2D search space problem}
\label{sec:2dSearch}
In the following paragraphs an introduction will be given on 
the implementation problems of the previously mentioned concepts. 
As it can be seen, 
from subsections \ref{sec:CAdemod} and
\ref{sec:Carrierdemod}, decoding the GPS navigation message is a 2D 
search space problem for each GPS satellite
signal acquisition. The 2D search space is limited by well known
physical properties of the GNSS system such as the motion speed of GPS satellites
and the receiver as well as the frequency oscillator on the receiver. 

GPS satellites move toward or away
from the GPS receiver with a speed of $800 \, \mathrm{m/s}$
\citep[Chapter 3]{diggelen2009a-gps}. The Doppler effect on the frequency
of the satellite can be estimated using equation \eqref{eq:dopplerEffectSpeed},
where $f_{e}$ is the emitting frequency (L1), $v_{SV}$ is the speed of the
satellite towards (away from) the receiver and $c$ is the speed of light.
\begin{equation}
\label{eq:dopplerEffectSpeed}
f_{DE} = f_{e}\frac{v_{SV}}{c}
\end{equation}
Inserting the appropriate values in equation \eqref{eq:dopplerEffectSpeed}
yields a result of $\approx4.2 \, \mathrm{kHz}$, for $800 \, \mathrm{m/s}$ and
$\approx-4.2 \, \mathrm{kHz}$ (if the satellite moves away from the GPS receiver
then the speed is taken as negative). This makes a range of $\approx8.4 \mathrm{kHz}$.
The Doppler effect of the GPS receiver motion can be ignored since for
each $1 \, \mathrm{km/h}$ of movement, it affects the frequency
range for $\approx 1.46 \mathrm{Hz}$.

On the other hand, the frequency offset induced by the reference
oscillator in the GPS receiver can not be ignored.
The frequency search space is ``additionaly affected for $1.575 \, \mathrm{kHz}$
of unknown frequency offset for each $1 \, \mathrm{ppm}$
(\textit{parts per million}) of the unknown receiver
oscillator offset'' \citep[Chapter 3]{diggelen2009a-gps}. The reference oscillators
in GPS receivers have typically an offset of 
$\pm0.5, \pm1, \pm2, \pm3, \mathrm{or} \pm5 \,\mathrm{ppm}$
\citep{daishinku}, \citep[Chapter 3]{diggelen2009a-gps}, the standard in 
smart phone design has been set to $\pm 2.5 \, \mathrm{ppm}$
\citep{oscillatorGPSSmarthPhone}. In the worst case this makes the
unknown frequency to be in range of $10 \, \mathrm{kHz}-25 \, \mathrm{kHz}$.
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.70]{img/2D-SearchSpaceInk.pdf}
  \caption[]{Segment of the frequency/code delay search space for a single GPS satellite}
\label{img:prnSearchSpace3d}
\end{figure}

A typical receiver searches in frequency bands, bins of several hundred Hz regions \citep{1656803}.
Commonly used frequency bin size is $500 \, \mathrm{Hz}$,
therefore there are about 20-50 bins to search \citep[Chapter 3]{diggelen2009a-gps}.
The frequency search bin (band) size is a function of the desired peak magnitude loss (signal to noise ration)
due to the frequency mismatch and integration time period. Larger frequency
bands mean a smaller number of bins to search but
a greater correlation peak magnitude loss. 
The frequency search bin size can be
estimated using the frequency 
mimsmatch loss sinc function given in equation \eqref{eq:mistunigLoss} \citep{implSoftGPSRec},
\citep[Chapter 6]{diggelen2009a-gps},
where $\Delta f$ is the frequency mismatch in $\mathrm{Hz}$,
in other words it represents the difference
between the received signal frequency and
the synthesized carrier frequency on the receiver;
and $T_{c}$ is the coherent integration time (usually $0.5\, ms$ according to \citep{implSoftGPSRec}
and \citep[Chapter 3]{diggelen2009a-gps} but depends on the implementation).
\begin{equation}
\label{eq:mistunigLoss}
D_{F} = \left\vert \frac{\sin(\pi \Delta fT_{c})}{\pi \Delta fT_{c}} \right\vert
\end{equation}
The frequency mimsmatch loss sinc function, $D_{F}$, is evaluated in dB,
therefore for a loss of $\approx 0.98 \,\mathrm{dB}$, the frequency mismatch ought to be
$\Delta f = 250\, \mathrm{Hz}$,
due to the fact that the maximum loss will occur when the frequency is differing
by 1/2 of the bin spacing. That is to say, for a bin space of 500 Hz, it is 250 Hz. 

``The total range of possible GPS code delays is $1\, ms$. This is because the GPS C/A
PRN code is $1 \,ms$ long, and then it repeats. The PRN code chipping rate is $1.023
\,\mathrm{MHz}$, and there are 1023 chips in the complete $1\, ms$ epoch'' \citep[Chapter 3]{diggelen2009a-gps}.

%Size of the frequency 
%bin is inversely proportional to the ratio between the amplitude of the detected
%peak and other non-peak values, 
%the smaller the bins are the higher the peak will be.

For the purpose of better understanding, a segment of the
frequency/code delay search space is shown in figure \ref{img:prnSearchSpace3d}.
The peak implies the correct frequency and code delay have been found. In figure
\ref{img:prnSearchSpace3d} smaller frequency bins have been used so that the concept
becomes understandable to the reader. 

The speed of searching the 2D search space (finding the peak)
depends on the complexity and strategy of the 
implemented algorithm \citep[Chapter 6]{9780817643904}. In the worst case,
there are in total 102300 conbinations in the search space,
this can be derived from equation \eqref{eq:totalSearch}, visually shown 
in figure \ref{img:SearchSpace2d}.
\begin{equation}
\label{eq:totalSearch}
\mathrm{Search \, Space} = 50 \,\mathrm{(bins)} \cdot 1023\, \mathrm{(C/A \,codes)} \cdot 2\, \mathrm{(Phases\, per\, C/A\, chip)}
\end{equation}
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/2DSearchSpace.pdf}
  \caption[]{The total search space}
\label{img:SearchSpace2d}
\end{figure}

The common strategy is to start searching from the middle frequency bins and to jump
up and down until the entire search space has been exhausted (first 500 Hz,
second -500 Hz, then in the 1000 Hz bin and then in the -1000 Hz bin) 
\citep[Chapter 3]{diggelen2009a-gps}.
This procedure is performed when no extra information are known by the receiver, i.e. 
first time the GPS receiver is turned on. It is known under the name of cold start.
There are three different working mechanisms when it comes to searching
for the GPS satellites. If no information are known,
when some information are known and when almost all information are
known. These three modes are known as cold (as mentioned earlier),
warm and hot start. They differ from each other by the amount of known
information by the GPS receiver. Cold start indicates the GPS receiver
has no almanac\footnote{Almanac information are rough estimation parameters for
predicting the orbital position of the GPS satellites.}, ephemeris\footnote{Ephemeris
information are precise parameters for predicting the orbital position of the GPS satellite.}, 
oscillator offset and time data. In order to track the satellites faster next time
the GPS receiver is started, it stores the previously mentioned data (last known almanac, 
ephemeris, oscillator offset, time and position data) in its electrically erasable
programmable read only memory (EEPROM). This type of start is known as a warm start,
provided that the data in the receivers' EEPROM are not older than 180 days and
its real time clock counter was constantly updated.
In this case, the receiver uses the previously saved information
to estimate the position of the satellites, therefore the Doppler effects can be estimated. 
As a consequence of the known Doppler effect, the frequency bin where to start
the search first is known as well \citep[Chapter 3]{diggelen2009a-gps}.
In the same way works the hot start, only the time is precisely
known in accuracy of submilliseconds. 

\section{Distance and position estimation}

\section{Assisted GPS in Wireless networks}
\label{sec:agps}
In the following paragraphs Assisted GPS (A-GPS) will be presented and how it works. 
A-GPS receivers work on a ``similar principle'' as warm/hot start on GPS receivers.
Instead of loading the recently saved data from the EEPROM, an external
transfer medium is used to deliver the same type of information that are known 
at a warm/hot start \citep{755159}, \citep{901174}, \citep{springerlink:10.1007/s10291-002-0028-0}.
In this work, the external transfer medium is air and the information are transfered using electromagnetic
waves. The existing GSM interface was utilised for the purpose of delivering the data to the smart phone
with the A-GPS receiver. The basic scenario can be seen in figure \ref{img:agpsPrinciple}.

The BTS station is connected to the global navigation satellite system (GNSS) server, which is directly
connected to the GPS reference station. The GPS reference station delivers the GNSS server exact time stamps,
approximate location, satellite clock corrections, ephemeris and navigation data

\citep{springerlink:10.1007/s10291-002-0028-0}. 
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/A-GPS.pdf}
  \caption[]{Basic A-GPS principle}
\label{img:agpsPrinciple}
\end{figure}

Time stamp is not used in GSM networks since it can be
off by several seconds and would require additional equipment for synchronizing the network
\citep{springerlink:10.1007/s10291-002-0028-0}, \citep{901174}. However in CDMA networks the time stamp is 
accurate to within $100 \, \mu s$ \citep{springerlink:10.1007/s10291-002-0028-0}.Approximate
location is typically taken to be the location of the BTS from which the target A-GPS receiver
acquires the assistance data. Ephemeris and navigation data obtained by the A-GPS receiver 
help it to estimate the positions of the satellites and they can greatly
enhance the sensitivity of the receiver especially in urban environments \citep{springerlink:10.1007/s10291-002-0028-0}.

Conventional GPS receivers require at least up to extra $18$ to $30\,s$ to receive and decode the navigation data
and to generate a location fix \citep{springerlink:10.1007/s10291-002-0028-0}. 
The bit error rate associated with gathering and decoding data dramatically decreases since the acquired signals 
can be attenuated by $10$ to $20\, \mathrm{dB}$ indoors \citep{springerlink:10.1007/s10291-002-0028-0} of the nominal
$-130 \,\mathrm{dB}$ on a $3\, dBi$ linearly polarized user receiving antenna\footnote{3 dBi antenna indicates
an antenna with a gain of $3\, \mathrm{dB}$ with respect to an isotropic (omnidirectional) antenna
\citep[Chapter 2]{diggelen2009a-gps}.} (located near ground) at worst normal orientation
\citep{GPS-Interface-Specification}.




\chapter{Radio Resource Location Protocol}

\chapter {Working}
\section{Zitieren..}
citep: \citep{kopka1997latex} \\
citet: \citet{kopka1997latex}

\chapter{System}
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.\todo{Referenz für lorem ipsum}
Test test
\chapter{Software}

Author's test system operated on the ARFCN 877 channel. ARFCN (Absolute Radio
Frequency Channel Number) defines the uplink and downlink channel frequency insdide 
the GSM network \citep{Richard2011Master}. ARFCN 877 corresponds to the uplink frequency
of 1,783.2 MHz and a downlink frequency of 1,878.2 MHz, where the uplink direction
represents the direction from the nanoBTS to the mobile stations and downlink the
opposite direction. The decision to use the ARFCN 877 channel was derived from
the fact that the channel was free, measurements were carried out with a
spectrum analyser built on the USRP hardware. 

\chapter{Hardware}
In the following chapter the author will introduce the reader to the hardware
components used in the thesis. The hardware components will be presented
according to their importance of building an operational and
functional GSM network with GPS localization capabilities. Firstly the nanoBTS
will be introduced since it is the main hardware component used for building a
basic GSM network infrastructure. Then a short insight into the used
GPS receiver will be given. Additionally the mobile stations used for
testing of the system will be reviewed. Finally, a hardware connection diagram
will be given.
 
\section{GSM BTS - nanoBTS}
In recent years, there has been an increasing interest in deployment of
private cellular networks in remote areas or for research which lead to
the devolopment of diverse ``low-cost'' GSM hardware solutions. According to 
ip.access\footnote{http://www.ipaccess.com}, the manufacturer of nanoBTS,
their hardware product is deployed for coverage of ``hard-to-reach places;
in-buildings; remote areas; marine and aviation; and public spaces''.
A nanoBTS with its plastic cover can be seen in Figure \ref{img:nanoBTSPlastic}. 
Our University GSM network consists of three nanoBTS stations. The deployed
nanoBTS in author's thesis works in the 1800 MHz frequency range,
for which the University of Freiburg had obtained a licence from the
Federal Network Agency (German: $Bundesnetzagentur$). The transmission frequencies
range between 1805-1880 MHz, with 200 kHz channel spacing and maximal output power
of +13 dBm ($\approx$20 mW)\todo{Check the output powere 20 dBm}, whereas the receiving frequencies
lie in the range between 1710-1785 MHz and same channel spacing as for transmission
of 200 kHz \citep{nanoGSM2007brochure}. \todo{Add the Abis over IP protocol}

\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.50]{img/nanoBTS.jpg}
  \caption[]{nanoBTS with its plastic cover. Image courtesy of ip.access ltd}
\label{img:nanoBTSPlastic}
\end{figure}

The nanoBTS is equiped with an internal 0 dBi (nominal) omni-directional antenna. However, 
two external antennas sized 30x36 mm, one for transmission (TX) and the other one for
reception (RX) of radio waves were used to extend the coverage area. These
antennas are connected via the SMA connectors. By using an RF amplifier
and larger antennas, for these frequency ranges, the covered area with the GSM signal
reception can be increased. For the gain estimation and radiation angle of the used antennas
the measurement equipment was missing and therefore was not conducted and described
in this work.\todo{Check for what NWL is}

At the bottom of the nanoBTS there are 5 ports, as seen in Figure \ref{img:nanoBTSPorts}.
The ports from left to right are: voltage supply, ethernet cable with power supply, USB
port, TIB-IN and TIB-OUT. In the next paragraph a brief overview of each port will be given. 

\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.15]{img/nanoBTSPorts.jpg}
  \caption[]{nanoBTS with two external antennas and five connection ports}
\label{img:nanoBTSPorts}
\end{figure}

The left most port is the power supply port used for supplying the nanoBTS with 48 V DC
and is optionally used depending on the cable configuration. In author's hardware
configuration the power supply port is not used. The following port is for the ethernet
connection with 48 V DC power supply. This port is connected to a power supply
that is supplied with the nanoBTS. It extends the ethernet connection with 48 V DC 
for the normal operation mode of the nanoBTS which is in the range between 38-50 V DC.
The power consumtion of the nanoBTS is 13 W. More details on how to interconnect the cables
will be given in section \ref{sec:hardwareConfig}. In the middle of the five port region,
the mini USB port can be found. It is used by the manufacturer to write the firmware software
to the nanoBTS. The last two ports are the TIB-IN and TIB-OUT port\footnote{TIB stands
for Timing Interface Bus}. These two ports are used if the GSM network operator requires more
than 11 channels to increase the overall capacity of the network. 
``Up to 4 nanoBTS can be combined into a multiple TRX cell, increasing the number of 
supported users per TRX by up to 200\%. The TIB-OUT from the Master TRX must be connected to
the TIB-IN of the slave TRX. This in turn has its TIB-OUT connected to the next TRX in the chain''
\citep{multipleTRX}. The multiple TRX cell configuration will not be further discussed in this work
since the purpose of the work was not to boost the capacity of a GSM network but implementation 
and testing of the RRLP protocol.

To determine the working state of the nanoBTS, an indicator status LED is located on the
left side of the five ports region. After the nanoBTS is connected to the power suplly
with the ethernet cable, it will change its color and blink speed according to the state
it is in. The states can be seen in the Table given in \ref{tbl:LEDStatus} \citep{installnanoBTS}.

One of the key limitations of gathering more technical data and the critical aspect of this
description lies in the fact, that nanoBTS is not an open source hardware platform and ip.access does not 
offer more details on their product. The lack of systematic hardware analysis can be seen as 
a major drawback of working with the nanoBTS hardware. However, the given technical data 
are sufficient for reproducing and conducting the RRLP tests described in this thesis. 


\begin{table}[h!t!p!]
\begin{center}
\caption{Indicator LED status on the nanoBTS}

\begin{tabular}{|c||p{3cm}|p{5cm}|c|c|}
\hline
% \T and \B would not work if it is placed here (needs to go inside cell)
 State&Color \& Pattern&When&Precedence \\ \hline\hline
 Self-test failure&Red - Steady&In boot or application code when a power on self-test fails&1 (High) \\ \hline
 Unspecified failure&Red - Steady &On software fatal errors&2 \\ \hline
 No ethernet&Orange - Slow flash &Ethernet disconnected&3 \\ \hline
 Factory reset&Red - Fast blink &Dongle detected at start up and the factory defaults have been applied&4 \\ \hline
 Not configured&Alternating Red/Green - Fast flash &The unit has not been configured&5 \\ \hline
 Downloading code&Orange - Fast flash &Code download procedure is in progress&6 \\ \hline
 Establishing XML&Orange - Slow blink &A management link has not yet been established but is needed for the TRX to become operational. Specifically: for a master a Primary OML or Secondary OML is not yet established; for a slave an IML to its master or a Secondary OML is not yet established.&7 \\ \hline
 Self-test &Orange - Steady & From power on until end of backhaul powe on self-test&8 \\ \hline
 NWL-test &Green - Fast flash & OML established, NWL test in progress&9 \\ \hline
 OCXO Calibration &Alternating Green/Orange - Slow blink & The unit is in the fast calibrating state [SYNC]&10 \\ \hline
 Not transmitting &Green - Slow flash & The radio carrier is not being transmitted &11 \\ \hline
 Operational &Green - Steady & Default condition if none of the above apply&12 (Low) \\ \hline
 
\end{tabular}
\end{center}
\label{tbl:LEDStatus} 
\end{table}


\newpage
\section{GPS Receiver - NL-402U}
\label{sec:gpsDevice}
In the next paragraphs the used GPS device will be described. 
In contrast to the earlier described hardware, nanoBTS, which the University of Freiburg
already owned, the budget for the GPS receiver was limited and the Navilock NL-402U
was bought considering only the single criterion, the price. The Navilock NL-402U
GPS receiver is based on the u-blox UBX-G5000 single chipset and is a one 
chip solution \citep{ubxDatasheet}. It can be seen on Figure \ref{img:gpsNavilock}
with its passive ceramic patch antenna. 1575,42 MHz is the operating frequency of
the receiver which corresponds to the L1 civil frequencies and Coarse/Acquisition (C/A) code.
The GPS chipset consists of 50 channels,
each channel tracks the transmission from a single satellite \citep{understandGPS}.
It is important to note, the number of channels inside a GPS receiver interrelates 
with the amount of time required to get the first fix. Receiver tracking sensitivity is 
-160 dBm ($10^{-16}$ mW). 
The GPS receiver communicates with the computer ovet the USB port.
Although the GPS receiver uses an USB interface, on the computer it emulates 2 UART ports, 
which are serial communication interfaces.


\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.12]{img/gpsNavlock.jpg}
  \caption[]{Navilock NL-402U, opened up with the antenna and USB cable}
\label{img:gpsNavilock}
\end{figure}

\section{Cable configuration}
\label{sec:hardwareConfig}
In the next section, the author will focus on properly connecting the hardware. 
At least 4 ethernet cables with RJ45 connectors, on both sides, were required
and one switch or hub connected to the internet. One should
take notice of the cabling between the nanoBTS and the ethernet switch or hub,
since wrong cabling with the power supply unit (PSU) could damage one of
the devices. In Figure \ref{img:connectionDiagram}, the junction points are
label according to the used configuration setting. The ethernet cables
between the switch/hub, PSU and nanoBTS should not be longer
than 100 m \citep{installnanoBTS}.

\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.5]{img/hardwareConnection}
  \caption[]{Cable connections, showing interconnection diagram}
\label{img:connectionDiagram}
\end{figure}

\chapter{Implementation}

\chapter{Future work}

\chapter{Summary}

\chapter*{Dictionary of acronyms}
\begin{itemize}
\item \emph{ARFCN} - Absolute Radio Frequency Channel Number - The channel number specifies the physical frequency channel used for transmission and reception of radio waves inside of an BTS covered area.
\item \emph{BTS} - Base Transceiver Station - 
\item \emph{DC} - Direct Current
\item \emph{GNSS} - Global Navigation Satellite System - A satellite navigation system that allows a specialized receive to determine its location on Earth.
\item \emph{LED} - Light Emitting Diode - A diode that emitts light.
\item \emph{IP Address} - \todo{Write what an IP address is}.
\item \emph{PCB} - Printed Circuit Board - The board where electronic components are soldered onto and wired through conductive tracks.
\item \emph{RRLP} - Radio Resource Location Protocol - The employed protocol in GSM, UMTS and other wireless networks for providing and exchange of geolocation information. 
\item \emph{SMA} - SubMiniature version A - SMA is a connector used for interconnecting coaxial cables or PCB electronics that work in the frequency range between 0-18 GHz.
\item \emph{TIB} - Time Interface Bus - The TIB is used to provide the synchronization of the clock, frequency and frame number between the nanoBTS when operating in a single 2-4 BTS configuration.
\item \emph{TRX} - 
\item \emph{UART} - Universal Asynchronous Receiver Transmitter - A serial communication interface used by computers or other peripheral devices to communicate.
\item \emph{UMTS} - Universal Mobile Telecommunications System - Third generation mobile network based on the GSM standards. 
\end{itemize}