Cellular Synchronization Assisted Refinement (CeSAR): A Method for Accurate Geolocation in LTE-A Networks

“…To this end, we intend to demonstrate how user location information is leaked through a vulnerability, viz. the timing advance (TA) parameter, in the LTE signaling plane and how the position estimate that results from that parameter can be refined through a previously introduced method called Cellular Synchronization Assisted Refinement (CeSAR) [1]. Our findings are validated through localization case studies conducted in real-world LTE network deployments.…”

“…Any deviation from the scheduled frame arrival time can result in inter-symbol interference which significantly degrades the wireless link. Because user mobility is a inseparable attribute of cellular networks, it is clear that the propagation delay between the UE and the Figure 2: The CeSAR method [1] is a completely passive enhancement to TA-based positioning which can be performed with a simple software defined radio implementation. eNB will not be constant.…”

“…CeSAR is a previously introduced and completely passive enhancement to TA-based positioning that has been shown in simulation to improve position estimates by up to 250 meters [1]. The method requires a sensor in the same cell as the UE.…”

“…The LTE standard has made great strides in protecting the confidentiality of the user's data plane over older technologies, such as the Universal Mobile Telecommunications System (UMTS), through means such as mutual authentication between the user equipment (UE) and the cellular infrastructure [4]. However, other architectural shifts have left less obvious parts of the radio link, such as the signaling plane, vulnerable to location privacy attacks [1].…”

“…To this end, we will demonstrate how user location information is leaked through a vulnerability, viz. the timing advance (TA) parameter, in the Long Term Evolution (LTE) signaling plane and how the position estimate that results from that parameter can be refined through a previously introduced method called Cellular Synchronization Assisted Refinement (CeSAR) [1]. With CeSAR, positioning accuracies that meet or exceed the FCC's E-911 mandate are possible making CeSAR simultaneously a candidate technology for meeting the FCC's wireless localization requirements and a demonstration of the alarming level of location information sent over the air.…”

Location Privacy in LTE: A Case Study on Exploiting the Cellular Signaling Plane's Timing Advance

“…To this end, we intend to demonstrate how user location information is leaked through a vulnerability, viz. the timing advance (TA) parameter, in the LTE signaling plane and how the position estimate that results from that parameter can be refined through a previously introduced method called Cellular Synchronization Assisted Refinement (CeSAR) [1]. Our findings are validated through localization case studies conducted in real-world LTE network deployments.…”

“…Any deviation from the scheduled frame arrival time can result in inter-symbol interference which significantly degrades the wireless link. Because user mobility is a inseparable attribute of cellular networks, it is clear that the propagation delay between the UE and the Figure 2: The CeSAR method [1] is a completely passive enhancement to TA-based positioning which can be performed with a simple software defined radio implementation. eNB will not be constant.…”

“…CeSAR is a previously introduced and completely passive enhancement to TA-based positioning that has been shown in simulation to improve position estimates by up to 250 meters [1]. The method requires a sensor in the same cell as the UE.…”

“…The LTE standard has made great strides in protecting the confidentiality of the user's data plane over older technologies, such as the Universal Mobile Telecommunications System (UMTS), through means such as mutual authentication between the user equipment (UE) and the cellular infrastructure [4]. However, other architectural shifts have left less obvious parts of the radio link, such as the signaling plane, vulnerable to location privacy attacks [1].…”

“…To this end, we will demonstrate how user location information is leaked through a vulnerability, viz. the timing advance (TA) parameter, in the Long Term Evolution (LTE) signaling plane and how the position estimate that results from that parameter can be refined through a previously introduced method called Cellular Synchronization Assisted Refinement (CeSAR) [1]. With CeSAR, positioning accuracies that meet or exceed the FCC's E-911 mandate are possible making CeSAR simultaneously a candidate technology for meeting the FCC's wireless localization requirements and a demonstration of the alarming level of location information sent over the air.…”

Location Privacy in LTE: A Case Study on Exploiting the Cellular Signaling Plane's Timing Advance

NRPos: A Multi-RACH Framework for 5G NR Positioning

A Network-Based Positioning Method to Locate False Base Stations