RRLP » History » Version 7
fixeria, 10/19/2018 11:08 PM
| 1 | 1 | admin | h1. RRLP |
|---|---|---|---|
| 2 | 6 | admin | |
| 3 | 7 | fixeria | {{>toc}} |
| 4 | 6 | admin | |
| 5 | RRLP is the _Radio Resource LCS (Location Service) Protocol_ as specified first in GSM TS 04.31 |
||
| 6 | |||
| 7 | 1 | admin | It allows the GSM network operator to obtain very precise location information about a mobile phone, |
| 8 | much more precise than is required for normal operation of the cellular network. |
||
| 9 | |||
| 10 | The use of RRLP has been specified for emergency calls. However, nothing in its specification |
||
| 11 | restricts its use to this application. |
||
| 12 | |||
| 13 | In all known phones, RRLP operation is completely invisible to the user of the phone. |
||
| 14 | |||
| 15 | 6 | admin | As GSM networks do not need to authenticate themselves, anyone can run a _false BTS_ attack and |
| 16 | 1 | admin | successively obtain precise position information on a given mobile phone. |
| 17 | 2 | admin | |
| 18 | 6 | admin | The popular Free Software implementations of the GSM network "OpenBSC":http://openbsc.osmocom.org/ |
| 19 | and "OpenBTS":http://openbts.sourceforge.net/ both support RRLP inquiries to mobile phones |
||
| 20 | 1 | admin | |
| 21 | 6 | admin | Contrary to the user-plane based [[SUPL]], RRLP works entirely in the signaling plane of the network. As such, the |
| 22 | 1 | admin | RRLP protocol level is not accessible to user applications on a phone. For a discussion of RRLP, SUPL |
| 23 | and the various different location measurement methods for mobile phones, please check this excellent |
||
| 24 | article: http://www.gpsworld.com/gps/wireless-choices-lbs-control-plane-and-user-plane-architectures-1576 |
||
| 25 | |||
| 26 | |||
| 27 | 6 | admin | h2. RRLP Modes |
| 28 | 1 | admin | |
| 29 | |||
| 30 | 6 | admin | RRLP operates in different _modes_. |
| 31 | |||
| 32 | |||
| 33 | h3. MS-based GPS |
||
| 34 | |||
| 35 | |||
| 36 | 1 | admin | In this method, the phone operates a stand-alone GPS receiver like it can be found in personal navigation devices. |
| 37 | |||
| 38 | The GPS receiver will do the regular GPS receive process, i.e. |
||
| 39 | 6 | admin | * iterate over the list of 64 possible scrambling codes and acquire the C/A signal |
| 40 | * decode the actual data signal modulated onto the C/A carrier |
||
| 41 | * measure the timing difference of arrival (TDOA) of the various satellite signals |
||
| 42 | * compute a location estimate (GPS coordinates) based on the measurements |
||
| 43 | 1 | admin | |
| 44 | This complete GPS position fix is then communicated to the SMLC inside the GSM core network. |
||
| 45 | |||
| 46 | |||
| 47 | 6 | admin | h4. Assistance Data |
| 48 | |||
| 49 | |||
| 50 | 1 | admin | Most RRLP capable phones will request GPS assistance data from the network. |
| 51 | 2 | admin | |
| 52 | 1 | admin | The operation of the GPS receiver is similar to the regular MS-based GPS aporach described above, |
| 53 | however the GPS receiver is now an A-GPS receiver that already knows the almanac/ephemeris data and |
||
| 54 | can thus much more quickly acquire the signal. |
||
| 55 | 2 | admin | |
| 56 | 6 | admin | "osmocom-lcs.git":http://git.osmocom.org/gitweb?p=osmocom-lcs.git;a=summary contains a program |
| 57 | 1 | admin | that obtains the ephemeris data from an u-blox GPS receiver and structures/encodes it in the format |
| 58 | needed by RRLP |
||
| 59 | |||
| 60 | |||
| 61 | 6 | admin | h3. MS-assisted GPS |
| 62 | |||
| 63 | |||
| 64 | 1 | admin | In MS-assisted GPS, the MS does not compute the actual location. Instead, the location/position |
| 65 | of the phone is computed in the SMLC (part of the GSM core network). |
||
| 66 | |||
| 67 | The SMLC provides detailed information about the current GPS signal to the phone, such as: |
||
| 68 | 6 | admin | * which satellites are currently in the visible part of the hemisphere (and implicitly their scrambling code) |
| 69 | * the expected _doppler shift_ observed at the MS location, caused by satellite movement relative to MS |
||
| 70 | * the expected _code phase_, i.e. the difference between a specified GSM bit and the GPS signal chip / bit |
||
| 71 | * the azimuth and elevation of the satellite |
||
| 72 | 3 | admin | |
| 73 | Based on this information, the phone does not have to do a full search/acquisition like a stand-alone GPS receiver. |
||
| 74 | |||
| 75 | Instead, it can do a very narrow search for each satellite in question, as it already knows |
||
| 76 | 6 | admin | * at which doppler shift / range to expect the signal |
| 77 | * which pseudo-random scrambling sequence to use |
||
| 78 | * a very narrow position within the scrambling sequence |
||
| 79 | 1 | admin | |
| 80 | 3 | admin | This significantly reduces the need for cross-correlation inside the phone. |
| 81 | |||
| 82 | 6 | admin | |
| 83 | h3. E-OTD |
||
| 84 | |||
| 85 | 1 | admin | |
| 86 | FIXME |
