RRLP » History » Version 2
admin, 02/19/2016 10:52 PM
link to openbsc, openbts and osmocom-lcs
| 1 | 2 | admin | [[PageOutline]] |
|---|---|---|---|
| 2 | 1 | admin | = RRLP = |
| 3 | |||
| 4 | RRLP is the ''Radio Resource LCS (Location Service) Protocol'' as specified first in GSM TS 03.41 |
||
| 5 | |||
| 6 | It allows the GSM network operator to obtain very precise location information about a mobile phone, |
||
| 7 | much more precise than is required for normal operation of the cellular network. |
||
| 8 | |||
| 9 | The use of RRLP has been specified for emergency calls. However, nothing in its specification |
||
| 10 | restricts its use to this application. |
||
| 11 | |||
| 12 | In all known phones, RRLP operation is completely invisible to the user of the phone. |
||
| 13 | |||
| 14 | As GSM networks do not need to authenticate themselves, anyone can run a ''false BTS'' attack and |
||
| 15 | successively obtain precise position information on a given mobile phone. |
||
| 16 | |||
| 17 | 2 | admin | The popular Free Software implementations of the GSM network [http://openbsc.osmocom.org/ OpenBSC] |
| 18 | and [http://openbts.sourceforge.net/ OpenBTS] both support RRLP inquiries to mobile phones |
||
| 19 | |||
| 20 | 1 | admin | == RRLP Modes == |
| 21 | |||
| 22 | RRLP operates in different ''modes''. |
||
| 23 | |||
| 24 | == MS-based GPS == |
||
| 25 | |||
| 26 | In this method, the phone operates a stand-alone GPS receiver like it can be found in personal navigation devices. |
||
| 27 | |||
| 28 | The GPS receiver will do the regular GPS receive process, i.e. |
||
| 29 | * iterate over the list of 64 possible scrambling codes and acquire the C/A signal |
||
| 30 | * decode the actual data signal modulated onto the C/A carrier |
||
| 31 | * measure the timing difference of arrival (TDOA) of the various satellite signals |
||
| 32 | * compute a location estimate (GPS coordinates) based on the measurements |
||
| 33 | |||
| 34 | This complete GPS position fix is then communicated to the SMLC inside the GSM core network. |
||
| 35 | |||
| 36 | === Assistance Data === |
||
| 37 | |||
| 38 | Most RRLP capable phones will request GPS assistance data from the network. |
||
| 39 | |||
| 40 | The operation of the GPS receiver is similar to the regular MS-based GPS aporach described above, |
||
| 41 | however the GPS receiver is now an A-GPS receiver that already knows the almanac/ephemeris data and |
||
| 42 | can thus much more quickly acquire the signal. |
||
| 43 | 2 | admin | |
| 44 | [http://git.osmocom.org/gitweb?p=osmocom-lcs.git;a=summary osmocom-lcs.git] contains a program |
||
| 45 | that obtains the ephemeris data from an u-blox GPS receiver and structures/encodes it in the format |
||
| 46 | needed by RRLP |
||
| 47 | 1 | admin | |
| 48 | == MS-assisted GPS == |
||
| 49 | |||
| 50 | In MS-assisted GPS, the MS does not compute the actual location. Instead, the location/position |
||
| 51 | of the phone is computed in the SMLC (part of the GSM core network). |
||
| 52 | |||
| 53 | FIXME |
||
| 54 | |||
| 55 | == E-OTD == |
||
| 56 | |||
| 57 | FIXME |
