±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35894
New Yesterday: 3 Visitors: 119

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

5G Cell Site Analysis (Positioning)

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3, 4  Next 
  

TinyBrain
Senior Member
 

Re: 5G Cell Site Analysis (Positioning)

Post Posted: Mar 30, 19 08:58

Has anybody a method spotted to locate a UE with a single antenna?  
 
  

TinyBrain
Senior Member
 

Re: 5G Cell Site Analysis (Positioning)

Post Posted: Mar 31, 19 04:58

The beamfollowing aspect of positioning is not clear. Any police guy familiar with this topic?  
 
  

trewmte
Senior Member
 

Re: 5G Cell Site Analysis (Positioning)

Post Posted: Mar 31, 19 10:47

- TinyBrain
Your dropbox pic is helpful too, thanks. Lets co-reference together from the poster. The Option 7/7a/7x mentions the 4G ng-eNB as master and the 5G SgNB as slave so multi connected. Both connected to the same 5G core. Does the 5G core coordinate the positioning? If yes, by which same positioning protocol (standard required to follow you, please)?


In which way the 'positioning protocol' are you thinking in terms of its use:

[1] mobile><viaRAT><Network?
[2] V2V?
[3]?
and so on
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

TinyBrain
Senior Member
 

Re: 5G Cell Site Analysis (Positioning)

Post Posted: Apr 02, 19 21:58

Positioning of mobiles only via MOCN by the INITIAL DIRECT TRANSFER parameter. All other options of V2V or Iot not important. The positioning failure of a 5GNR fake cell tower and how to detect the Kseaf keys false authentication I should contribute internally to the project team.

Positioning based on an involved fake 5GNR cell tower (EN-DC mode) I have to understand.  
 
  

TinyBrain
Senior Member
 

Re: 5G Cell Site Analysis (Positioning)

Post Posted: Apr 03, 19 14:44

You will laugh. I asked to find this other guy Gutmann from Zurich Police. And - I found him. But he is old and not willing to share anything, he is contrite. 5G he knows very well but no chance.

Any 'new' (may younger) 5G expert here on FF?  
 
  

trewmte
Senior Member
 

Re: 5G Cell Site Analysis (Positioning)

Post Posted: Apr 03, 19 20:25

- TinyBrain
Positioning of mobiles only via MOCN by the INITIAL DIRECT TRANSFER parameter. All other options of V2V or Iot not important. The positioning failure of a 5GNR fake cell tower and how to detect the Kseaf keys false authentication I should contribute internally to the project team.

Positioning based on an involved fake 5GNR cell tower (EN-DC mode) I have to understand.


TB whilst this is a very interesting subject the various lines of enquiry you are using for this matter (actually it is a language issue I think) creates complications as to what you see as possible connected evidence.

Although you mentioned inertial measurement unit (IMU) this alone is unlikely to achieve your goals. Regarding some suggested positioning protocols (e.g. GNSS) as you originally were looking at 4g-to-5g scenario:

In LTE, the assistance data with respect to the following GNSS are supported:
• GPS (Global Positioning System)
• SBAS (Satellite/Space Based Augmentation System)
• QZSS (Quasi-Zenith Satellite System)
• GLONASS (Global Navigation Satellite System)
• Galileo
• BDS (BeiDou Navigation Satellite System)

Therefore, you could if it is helpful to suggest clarify which mobile networks use which positioning protocols and what internal systems they deploy for RSS. This would be in addition to Cell ID etc.

I do believe the narrow vision of those that instruct you by singling out items, such as Kseaf, 5GNR fake base stations, etc, whilst interesting, you may think might be better served by looking at the network architecture and proposed architecture for network sharing. To that end can I invite you to review some of the following areas. For instance in the 5G poster you proposed we all look at, consider what is happening under New Radio (NR) End To End (E2E) Core Network. Consider e.g. 5G NSSF, 5G AMF. How would vSSF impact on your research question? That is to say you may wish to consider how the fake base station is to advertise itself?

Turning to Kseaf, there was a report back in February 2018 'Security vulnerability in 5G-AKA draft (3GPP TS 33.501 draft v0.7.0)' from researchers at the Department of Computer Science, University of Oxford which highlights issues of vulnerabilities and risks associated with false credentials.

All the above is not a secret and easily available in the public domain by researching.

- TinyBrain
You will laugh. I asked to find this other guy Gutmann from Zurich Police. And - I found him. But he is old and not willing to share anything, he is contrite. 5G he knows very well but no chance.

Any 'new' (may younger) 5G expert here on FF?


Just as an observation only. I note there was a suggestion put to you for you to communicate directly to Interpol which you didn't respond. Some of your posts here at FF suggest you work on behalf of or are a stakeholder to or work in association with law enforcement. It wasn't clear to me why you haven't gone down that route given the questions you ask (that is not a criticism) as you mentioned in another post here at FF (above) that you were able to assist the Zurich Police to track down 'Gutmann', presumably Rolf Gutmann (a previous poster here at FF). Surely with the same good-will approach as given to the Zurich Police maybe you could also see if Interpol or Europol or the UK National Crime Agency (NCA) would be interested in your research? Just a thought.
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

TinyBrain
Senior Member
 

Re: 5G Cell Site Analysis (Positioning)

Post Posted: Apr 03, 19 21:52

I appreciate your advice and support. The IMU is UE domain and just the second layer of evidence if a fake 5GNR cell tower is in operation. My focus is on the network side (fronthaul) not GNSS systems.

What is the 5GNR positioning protocol and where to learn in 3GPP?
If EN-DC 5GNR mode how do combine the LTE and 5GNR positioning protocols?

Please help me as a cryptographer to learn the 5G Cell Site Analysis methods.  
 

Page 2 of 4
Page Previous  1, 2, 3, 4  Next