Sunday, January 27, 2019
LTE Attach and Default Bearer Setup Messaging
Prior to the LTE mobile phone being tracked in the LTE network their is still the setup process that enables the handset to gain access to network services. This useful guide illustrates the steps involved which a CSA investigator should have an understanding, not least of which is knowing S1AP: when the IMSI and GUTI are used; S11: The IP assigned to the mobile station and current location of the user; and a host of other useful information that often crops up in investigations.
LTE Tracking Area Update
This useful guide produced using EventStudio System Designer drives home the processes and procedures involved to understand how LTE Tracking Area Update works. Every CSA investigator will need to have knowledge in this area to be able to define in a statement, report or at Court how a mobile phone is tracked whilst switched ON and moving around in an LTE network.
3G Networks position techniques.pdf
For those CSA investigators interested in a skeleton outline on 3G Networks position techniques, this info should help as a starting point.
Cell Site Analysis - location and radio coverage signals
It still holds true with LTE radio coverage that signals arrive in a scattered manner detected at the mobile phone handset. A good CSA investigator will know how to explain how coverage might inconceivably be thought by the untrained not to be detected at a particular location, may well be possible due to the location of the phone at the material time.
As mentioned in a previous post understanding density of masts in an area must equally be understood not simply from the point of calls handled by a single mast. There is also the instance where a call's start and end masts are different that can be involved, which may involve the network having to deal with 'hard handover'. Advancements with 3G and 4G enables calls (data) being handled by several masts delivering data to the smartphone in a seamless fashion. This maybe due to the amount of data involved or fast-fading etc. These types of handovers are called 'soft-handover'. When understood correctly the use of these combined masts in soft-handover because they are often in very close proximity can narrow down the location through improved triangulation (etc.).
There is the occasion where the operator only has one mast in a particular area but several sectors of the same mast might be used seamlessly for an e.g. data call, and this is called softer-handover. When thinking about soft and softer handover think in terms of 'inter' and 'intra'.
Furthermore, smartphones, which I call 'ultra-smarts' due to their increased embedded communications capabilities, use close proximity masts or access points (Wi-Fi) to enable uninterrupted communication and network access. Network operators have deployed microcells, as you (may) know. Microcells deployment help remove the burden of signalling and traffic on macro-cells by directing slow-moving mobiles to short range coverage. These microcells can be useful for slow-moving users, walking down the high street or located in one area for a period of time. Remaining in an area for a period of time is called 'dwell time'. The latter is a term CSA investigators should know as it can have important bearing upon a case. In some instances, small coverage points have been deployed called pico-cells and nano-cells which can refine location distances between the mobile phone and the cell to a few meters.
The 'ultra-smarts' Wi-Fi capability creates an additional attractive proposition for cell site analysis investigations as the investigator will need to be keenly aware that dual usage of cellular and Wi-Fi coverage can produce a rich resource of location positioning. The image below has been used at this blog before but it is still a useful reminder what should be considered when conducting radio surveys.
And if further illustration is needed to illuminate a survey assessment criteria then hopefully this image below will provide the investigator with some ideas.
Cell site analysis has evolved so much more from the days of GSM and early days of WCDMA. It is not enough to use call records and CDRs in isolation and/or going to a particular geographical location to conduct tests at one single location; the wider area needs to be taken into context as to what impact that might have on a call or calls being handled by a cell or cells etc. (mast, masts or access points).
LTE Positionng Methods
As with GSM and WCDMA, LTE is no different. Cell Site Analysis investigators still need to have a general understanding of location positioning methods in order to refine how using static and drive test radio test measurements do not clearly define radio boundaries alone. There are a enormous range of strategies that can be adopted and should be adopted based on a case-by-case basis.
If network operator adopted methods for determining location (and they have the infrastructure to do that) an external investigator cannot use CDRs and radio test measurements to pinpoint call location at the material time. It still requires knowing how each operator has planned their network radio coverage and still does no harm to request single cell prediction maps and best server plots -density maps.
Remember the density-map is important as it provides an underlying indication of potential cell usage or handover.
Subscribe to:
Posts (Atom)