Aerosol Posted April 3, 2015 Report Posted April 3, 2015 GSM or Global System for Mobile Communication is a technology that’s widely used in mobile communications, especially mobile phones. This technology utilizes microwave and signal transmission divided by time, so that the signal information sent will arrive at the destination. The GSM standard for mobile communications as well as mobile technology is deployed more than its counterparts around the world, like CDMA. At this time we will discuss how to track a cell phone by using the Doppler effect, in other words we will make it easier to know the whereabouts of a person just by having information such as cell phone numbers.GSM Network ArchitectureTypical GSM network architecture is divided into 3 parts:Mobile Station (MS)Base Station Sub-system (BSS)Network Sub-system (NSS)All elements of the network at the top form a PLMN (Public Land Mobile Network).Picture 1. GSM network architectureMobile Station or MS is a device used by the customer for making phone calls. This device consists of:Mobile Equipment (ME) or the handset (UM) is a GSM device that is located on the user or customer end that serves as a terminal transceiver (transmitter and receiver) to communicate with other GSM devices.Subscriber Identity Module (SIM) or SIM card is a card that contains all customer information and some information about services. ME can’t be used without a SIM in it, except for emergency calls. The data stored in the SIM in general are:International Mobile Subscriber Identity (IMSI)Mobile Subscriber ISDN (MSISDN)Encryption mechanismBase Station System or BSS consists of:Base Transceiver Station (BTS), a GSM device that is directly related to MS and serves as the sender and receiver.Base Station Controller (BSC), a controller device for base stations which is located between the BTS and MSC.Network Sub System or NSS consists of:Mobile Switching Center (MSC), a central network element in a GSM network. The MSC works as the core of a cellular network, where its main role is for interconnection, both among the cellular or wired network PSTN or with the data network.Home Location Register (HLR), a database that saves the data and customer information permanently.Visitor Location Register (VLR), a database of the subscribers who have roamed into the jurisdiction of the Mobile Switching Center (MSC) which it serves.Authentication Center (AuC) authenticates each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). This also checks the validity of the customer.Equipment Identity Registration (EIR), is often integrated to the HLR. The EIR keeps a list of mobile phones (identified by their IMEI) which are to be banned from the network or monitored. This is designed to allow tracking of stolen mobile phones.GSM LayersThere are 3 layers in the GSM network:Layer 1 or the physical layer, for setting the channels.Layer 2 or the data-link layer’s main role is to identify the data that is sent from UM to BTS.Layer 3 consists of 3 parts: Radio Resource (RR), Mobility Management (MM) and Call Control (CC) that serve as regulators for radio, mobile management and call control.Picture 2. Illustration of how GSM worksMobile phone is input with the destination number and connects to the nearest BTS.BSC and BTS sends to MSC and proceeds to AuC for checking the user identification.MSC proceeds to the HLR / VLR to check for the existence of the mobile phone.BSC and MSC proceed to the nearest BTS where the destination mobile located.How Doppler WorksDoppler is a change in the frequency or wavelength of a wave source that is received by the observer. This is the Doppler effect formula which is not affected by wind:Doppler effect formula which is influenced by the wind:This is the illustration of Doppler effect:Picture 3. Doppler effect illustFrom the above picture, there are 3 persons: A, B and C. A is the person in the middle who could detect the source of the wave/sound from B or C. Because the wave/sound that came from B or C travels in a certain frequency and distance, the A person could distinct the source of the wave/sound.ConceptIn this article, we are proposing a GSM radar using the Doppler effect, where the Doppler effect itself will be used to listen for the mobile phone uplink. There are some literature and references that mention about the Doppler effect being used to identify a signal if the Doppler effect is combined with the right filter processing according to the signal characteristic being transmitted.Research1. OpenBTS InstallationThis article won’t go further step by step on this OpenBTS installation until it could be used, because there are already a lot of tutorials which cover the installation process. For this research, we are using USRP N200 from Ettus Research. But as we proceed using OpenBTS with USRP N200, we realize that there is an anomaly in the signal transmitted by USRP N200. So, we are using a spectrum analyzer to figure out and find a solution for the signal anomaly. This is the setup we are using:Picture 4. Using spectrum analyzer to figure out USRP N200 signal anomalyPicture 5. Signal anomaly as seen on spectrum analyzerAs you can see from the picture above, the signal generated by USRP N200 looks like a horn and the noise is quite high. The possible cause for that anomaly is USRP N200 clock is not accurate, and the solution for that is by adding a filter, so the final result will be a correct GSM modulation like this picture:Picture 6. Correct GSM modulation after adding a filter2. Doppler DesignAfter doing some research on Doppler design, we found out that some design is not capable for a frequency of 900 MHz, but we have a workaround and modified existing Doppler design so it capable of reaching 900 MHz and even higher. This is the block diagram for modified Doppler design (courtesy of Ramsey):Picture 7. Modified Doppler designPicture 8. Tracking mobile phone illustrationConclusionFrom the above explanation, we could conclude that the Doppler effect could be used to lookup the position of a device transmitting a signal in a certain frequency. We could take this research further to detect any kind of living creature (e.g. endangered species) that in some way is transmitting a signal in a certain frequency, as long as we have the sound sample of that creature.Source Quote