Jump to content
Sign in to follow this  

Mobile Phone Tracking

Recommended Posts

GSM or Global System for Mobile Communication is a technology that’s widely used in mobile communications, especially mobile phones. This technology utilizes microwave and signal transmission divided by time, so that the signal information sent will arrive at the destination. The GSM standard for mobile communications as well as mobile technology is deployed more than its counterparts around the world, like CDMA. At this time we will discuss how to track a cell phone by using the Doppler effect, in other words we will make it easier to know the whereabouts of a person just by having information such as cell phone numbers.

GSM Network Architecture

Typical GSM network architecture is divided into 3 parts:

  • Mobile Station (MS)
  • Base Station Sub-system (BSS)
  • Network Sub-system (NSS)

All elements of the network at the top form a PLMN (Public Land Mobile Network).


Picture 1. GSM network architecture

Mobile Station or MS is a device used by the customer for making phone calls. This device consists of:

Mobile Equipment (ME) or the handset (UM) is a GSM device that is located on the user or customer end that serves as a terminal transceiver (transmitter and receiver) to communicate with other GSM devices.

Subscriber Identity Module (SIM) or SIM card is a card that contains all customer information and some information about services. ME can’t be used without a SIM in it, except for emergency calls. The data stored in the SIM in general are:

International Mobile Subscriber Identity (IMSI)

Mobile Subscriber ISDN (MSISDN)

Encryption mechanism

Base Station System or BSS consists of:

Base Transceiver Station (BTS), a GSM device that is directly related to MS and serves as the sender and receiver.

Base Station Controller (BSC), a controller device for base stations which is located between the BTS and MSC.

Network Sub System or NSS consists of:

Mobile Switching Center (MSC), a central network element in a GSM network. The MSC works as the core of a cellular network, where its main role is for interconnection, both among the cellular or wired network PSTN or with the data network.

Home Location Register (HLR), a database that saves the data and customer information permanently.

Visitor Location Register (VLR), a database of the subscribers who have roamed into the jurisdiction of the Mobile Switching Center (MSC) which it serves.

Authentication Center (AuC) authenticates each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). This also checks the validity of the customer.

Equipment Identity Registration (EIR), is often integrated to the HLR. The EIR keeps a list of mobile phones (identified by their IMEI) which are to be banned from the network or monitored. This is designed to allow tracking of stolen mobile phones.

GSM Layers

There are 3 layers in the GSM network:

Layer 1 or the physical layer, for setting the channels.

Layer 2 or the data-link layer’s main role is to identify the data that is sent from UM to BTS.

Layer 3 consists of 3 parts: Radio Resource (RR), Mobility Management (MM) and Call Control (CC) that serve as regulators for radio, mobile management and call control.


Picture 2. Illustration of how GSM works

Mobile phone is input with the destination number and connects to the nearest BTS.

BSC and BTS sends to MSC and proceeds to AuC for checking the user identification.

MSC proceeds to the HLR / VLR to check for the existence of the mobile phone.

BSC and MSC proceed to the nearest BTS where the destination mobile located.

How Doppler Works

Doppler is a change in the frequency or wavelength of a wave source that is received by the observer. This is the Doppler effect formula which is not affected by wind:


Doppler effect formula which is influenced by the wind:


This is the illustration of Doppler effect:

Picture 3. Doppler effect illust


From the above picture, there are 3 persons: A, B and C. A is the person in the middle who could detect the source of the wave/sound from B or C. Because the wave/sound that came from B or C travels in a certain frequency and distance, the A person could distinct the source of the wave/sound.


In this article, we are proposing a GSM radar using the Doppler effect, where the Doppler effect itself will be used to listen for the mobile phone uplink. There are some literature and references that mention about the Doppler effect being used to identify a signal if the Doppler effect is combined with the right filter processing according to the signal characteristic being transmitted.


1. OpenBTS Installation

This article won’t go further step by step on this OpenBTS installation until it could be used, because there are already a lot of tutorials which cover the installation process. For this research, we are using USRP N200 from Ettus Research. But as we proceed using OpenBTS with USRP N200, we realize that there is an anomaly in the signal transmitted by USRP N200. So, we are using a spectrum analyzer to figure out and find a solution for the signal anomaly. This is the setup we are using:

Picture 4. Using spectrum analyzer to figure out USRP N200 signal anomaly


Picture 5. Signal anomaly as seen on spectrum analyzer


As you can see from the picture above, the signal generated by USRP N200 looks like a horn and the noise is quite high. The possible cause for that anomaly is USRP N200 clock is not accurate, and the solution for that is by adding a filter, so the final result will be a correct GSM modulation like this picture:

Picture 6. Correct GSM modulation after adding a filter


2. Doppler Design

After doing some research on Doppler design, we found out that some design is not capable for a frequency of 900 MHz, but we have a workaround and modified existing Doppler design so it capable of reaching 900 MHz and even higher. This is the block diagram for modified Doppler design (courtesy of Ramsey):

Picture 7. Modified


Doppler design


Picture 8. Tracking mobile phone illustration


From the above explanation, we could conclude that the Doppler effect could be used to lookup the position of a device transmitting a signal in a certain frequency. We could take this research further to detect any kind of living creature (e.g. endangered species) that in some way is transmitting a signal in a certain frequency, as long as we have the sound sample of that creature.


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...