Join Us!

5G Cell Site Analys...
 
Notifications
Clear all

5G Cell Site Analysis (Positioning)  

Page 1 / 2
  RSS
TinyBrain
(@tinybrain)
Active Member

What is the preferred 5G method for Cell Site Analysis in your Police corps? Do you also use a simulation suite (e.g. Remcom) and 3D-GIS-Modelling including weather and air humidity parameters (permittivity) to simulate sub-meter positioning and direction of movement?

Which Police corps (except Israeli Police) runs 5G CSA live positioning?

Quote
Posted : 25/03/2019 12:21 am
TinyBrain
(@tinybrain)
Active Member

5G mobiles will have inertial measurement (e.g. CAT). Combined with 3D-City-Maps 5G brings new accuracy of postioning in Dual Connectivity mode. Who runs tests about 5G positioning and VoWiFi CDR geomovements logging?

ReplyQuote
Posted : 28/03/2019 3:22 am
trewmte
(@trewmte)
Community Legend

A situation of interest is when a signal can be produced due to physical movement or orientation variation of a mobile target, including but not limited to acceleration, speed, heading angle, and turning rate. Inertial sensors (such as accelerators and gyroscopes) and magnetometers are usually used to measure these parameters. Typically, in modern implementation these accelerators and gyroscopes are integrated into a small solid-state sensor packages, which collectively is termed an inertial measurement unit (IMU). An IMU, or a group of IMUs in some cases, is an essential part of an inertial navigation system (INS). Due to the great advances in microelectromechanical system (MEMS), modern INS equipment can be manufactured using a tiny chip which can be easily embedded into small devices such as mobile phones. The principle of such an INS is that integration of the acceleration produces a velocity and a further integration provides a position estimate. Angular data from integrating the gyroscope data are also required, as the accelerometer measurements include the acceleration due to the Earth’s gravity, so that angular information is required for correct interpretation of the accelerometer data. Such integration processes only provide relative movement, and also small sensor measurement offsets result in a slow drift in position, even when stationary. Thus an INS is rarely used independently, but is integrated with another positioning technology.

Helpful image ?

Helpful outline where 5G is launched or intends to be launched - https://www.lifewire.com/5g-availability-world-4156244

ReplyQuote
Posted : 28/03/2019 7:36 am
hcso1510
(@hcso1510)
Active Member

Which Police corps (except Israeli Police) runs 5G CSA live positioning?

TB,
I was thinking if you are asking this sort of question that you are probably law enforcement yourself? Why don't you try logging into your Interpol forum account and querying the other law enforcement agencies. I can only imagine the number of law enforcement agencies from around the globe that would be willing to assist with your inquiry. Please let us know what you find out.

Cheers!

ReplyQuote
Posted : 28/03/2019 2:44 pm
TinyBrain
(@tinybrain)
Active Member

The ciphering - mainly key exchanges in 5G is on my table. Currently studying 33.501 v15.4.0 (2019-03) Kseaf as step 12. on Figure 6.1.3.2-1 during authentiation. As I got told that in EN-DC 5GNR mixed positioning on LTE and 5G NR (3,7GHz) is possible different positioning protocols cross each other. I actually dont understand the positioning. The only thing I have is the Viavi 'Lighting the Path to 5G' poster and there studying the '5G Architecture Options' Option 7/7a/7x which is NSA with Multi Connectivity.

I first need the understand the physical/logical layers and then I can dive into the key exchange.

So I just ask - simple.

ReplyQuote
Posted : 28/03/2019 3:29 pm
trewmte
(@trewmte)
Community Legend

The only thing I have is the Viavi 'Lighting the Path to 5G' poster and there studying the '5G Architecture Options' Option 7/7a/7x which is NSA with Multi Connectivity.

I first need the understand the physical/logical layers and then I can dive into the key exchange.

I have that poster. It actually identifies the 3GPP NR standards to follow under 'Radio Protocols, Management & Procedures Specifications.'

ReplyQuote
Posted : 28/03/2019 4:34 pm
TinyBrain
(@tinybrain)
Active Member

Your dropbox pic is helpful too, thanks. Lets co-reference together from the poster. The Option 7/7a/7x mentions the 4G ng-eNB as master and the 5G SgNB as slave so multi connected. Both connected to the same 5G core. Does the 5G core coordinate the positioning? If yes, by which same positioning protocol (standard required to follow you, please)?

ReplyQuote
Posted : 29/03/2019 2:15 am
TinyBrain
(@tinybrain)
Active Member

Has anybody a method spotted to locate a UE with a single antenna?

ReplyQuote
Posted : 30/03/2019 7:58 am
TinyBrain
(@tinybrain)
Active Member

The beamfollowing aspect of positioning is not clear. Any police guy familiar with this topic?

ReplyQuote
Posted : 31/03/2019 5:58 am
trewmte
(@trewmte)
Community Legend

Your dropbox pic is helpful too, thanks. Lets co-reference together from the poster. The Option 7/7a/7x mentions the 4G ng-eNB as master and the 5G SgNB as slave so multi connected. Both connected to the same 5G core. Does the 5G core coordinate the positioning? If yes, by which same positioning protocol (standard required to follow you, please)?

In which way the 'positioning protocol' are you thinking in terms of its use

[1] mobile>[2] V2V?
[3]?
and so on

ReplyQuote
Posted : 31/03/2019 11:47 am
TinyBrain
(@tinybrain)
Active Member

Positioning of mobiles only via MOCN by the INITIAL DIRECT TRANSFER parameter. All other options of V2V or Iot not important. The positioning failure of a 5GNR fake cell tower and how to detect the Kseaf keys false authentication I should contribute internally to the project team.

Positioning based on an involved fake 5GNR cell tower (EN-DC mode) I have to understand.

ReplyQuote
Posted : 02/04/2019 10:58 pm
TinyBrain
(@tinybrain)
Active Member

You will laugh. I asked to find this other guy Gutmann from Zurich Police. And - I found him. But he is old and not willing to share anything, he is contrite. 5G he knows very well but no chance.

Any 'new' (may younger) 5G expert here on FF?

ReplyQuote
Posted : 03/04/2019 3:44 pm
trewmte
(@trewmte)
Community Legend

Positioning of mobiles only via MOCN by the INITIAL DIRECT TRANSFER parameter. All other options of V2V or Iot not important. The positioning failure of a 5GNR fake cell tower and how to detect the Kseaf keys false authentication I should contribute internally to the project team.

Positioning based on an involved fake 5GNR cell tower (EN-DC mode) I have to understand.

TB whilst this is a very interesting subject the various lines of enquiry you are using for this matter (actually it is a language issue I think) creates complications as to what you see as possible connected evidence.

Although you mentioned inertial measurement unit (IMU) this alone is unlikely to achieve your goals. Regarding some suggested positioning protocols (e.g. GNSS) as you originally were looking at 4g-to-5g scenario

In LTE, the assistance data with respect to the following GNSS are supported
• GPS (Global Positioning System)
• SBAS (Satellite/Space Based Augmentation System)
• QZSS (Quasi-Zenith Satellite System)
• GLONASS (Global Navigation Satellite System)
• Galileo
• BDS (BeiDou Navigation Satellite System)

Therefore, you could if it is helpful to suggest clarify which mobile networks use which positioning protocols and what internal systems they deploy for RSS. This would be in addition to Cell ID etc.

I do believe the narrow vision of those that instruct you by singling out items, such as Kseaf, 5GNR fake base stations, etc, whilst interesting, you may think might be better served by looking at the network architecture and proposed architecture for network sharing. To that end can I invite you to review some of the following areas. For instance in the 5G poster you proposed we all look at, consider what is happening under New Radio (NR) End To End (E2E) Core Network. Consider e.g. 5G NSSF, 5G AMF. How would vSSF impact on your research question? That is to say you may wish to consider how the fake base station is to advertise itself?

Turning to Kseaf, there was a report back in February 2018 'Security vulnerability in 5G-AKA draft (3GPP TS 33.501 draft v0.7.0)' from researchers at the Department of Computer Science, University of Oxford which highlights issues of vulnerabilities and risks associated with false credentials.

All the above is not a secret and easily available in the public domain by researching.

You will laugh. I asked to find this other guy Gutmann from Zurich Police. And - I found him. But he is old and not willing to share anything, he is contrite. 5G he knows very well but no chance.

Any 'new' (may younger) 5G expert here on FF?

Just as an observation only. I note there was a suggestion put to you for you to communicate directly to Interpol which you didn't respond. Some of your posts here at FF suggest you work on behalf of or are a stakeholder to or work in association with law enforcement. It wasn't clear to me why you haven't gone down that route given the questions you ask (that is not a criticism) as you mentioned in another post here at FF (above) that you were able to assist the Zurich Police to track down 'Gutmann', presumably Rolf Gutmann (a previous poster here at FF). Surely with the same good-will approach as given to the Zurich Police maybe you could also see if Interpol or Europol or the UK National Crime Agency (NCA) would be interested in your research? Just a thought.

ReplyQuote
Posted : 03/04/2019 9:25 pm
TinyBrain
(@tinybrain)
Active Member

I appreciate your advice and support. The IMU is UE domain and just the second layer of evidence if a fake 5GNR cell tower is in operation. My focus is on the network side (fronthaul) not GNSS systems.

What is the 5GNR positioning protocol and where to learn in 3GPP?
If EN-DC 5GNR mode how do combine the LTE and 5GNR positioning protocols?

Please help me as a cryptographer to learn the 5G Cell Site Analysis methods.

ReplyQuote
Posted : 03/04/2019 10:52 pm
trewmte
(@trewmte)
Community Legend

I appreciate your advice and support. The IMU is UE domain and just the second layer of evidence if a fake 5GNR cell tower is in operation. My focus is on the network side (fronthaul) not GNSS systems.

What is the 5GNR positioning protocol and where to learn in 3GPP?
If EN-DC 5GNR mode how do combine the LTE and 5GNR positioning protocols?

Please help me as a cryptographer to learn the 5G Cell Site Analysis methods.

TB, YOU have had help. Review the standards, specifications, technical publications, books and white papers and conduct tests.

Good luck.

ReplyQuote
Posted : 03/04/2019 11:56 pm
Page 1 / 2
Share: