Sunday, January 16, 2011

GSM Radio DNA Bracelet

GSM Radio DNA Bracelet

We may wish to consider what might be forensically deduced from radio test measurements when conducting cell site analysis (CSA). CSA, as we know, in the majority of circumstances in which it may be deployed, takes account of historical perspectives of radio coverage in a particular geographical location after mobile communications have occurred. It does not automatically follow the precise area in which radio tests are conducted is identical to the precise area in which mobile calls took place. The results obtained from such tests are usually aligned and suggested to correspond to mobile communications usage on a particular subscriber account using data from call data record (CDR) details. The combined details of both may be presented, usually in a report and/or oral evidence, in legal proceedings.

Understanding the radio test measurement results requires at first instance knowing the technical identity, structure and content employed in the cycled (eg TDMA) frames containing overhead paramaters (control channel data) that a mobile phone may receive, decode, action commands and receive responses. In this discussion content associated with traffic channel data (voice communication. SMS, email, etc) is not dealt with due to the historical examination of control channel data arising from radio tests and assessment of coverage in an area obtained after the event of mobile communications.

As examiners will be using radio test equipment to collect radio information, the GSM heirachial frames (see below) displays the structure of the entire cycling processing designed for GSM. Essentially, examiners need to know the heirachial structure in order to identify where in the structure control data captured by the radio test equipment logically originates. The first point to note, since it is control channel data that is relevant, is that there are 51 TDMA frames set aside for the transportation of control channel signalling, albeit the control channel data can be duplicated over numerous frames.   

Analysis of the heirachial frames reveals that only a proportion of the frames are actually considered relevant to cell site analysis as the frames being monitored in the demesne are real time over the air interface at the time of conducting radio tests subject to the quantifying period an examiner remains at site conducting tests at a particular location. For instance, rarely, if ever, is it found an examiner stays at one location monitoring for 3.30hrs to allow for the entire GSM heirachial frames to complete their cycle (as set down by the GSM standards) because it is simply not practicable or relevant to do so. Instead, an examiner needs to know which control channels are available and the likelihood of signalling data being communicated within each control channel.

I shall deal with types of bursts and timing of frames in a later discussion. For now, it is perhaps useful to think about when examiners goes to site for testing that radio signals travel over the air in mico-seconds, the radio receiver (handset) detects the signals in milli-seconds and the entire decoding process occurs approximately in seconds and thereafter, at which point, the examiner may then be able to begin comprehending the resulting output of the processed data. It is the comprehension of data that significantly examiners needs to understand which control channel/s such data may be attributable (eg. for BCCH  - the examiner may expect to determine paramaters relating to cell specific data).

It is precisely the nature of control channels in the assigned frames that contains signalling data being constantly cycled at high speed in order to contact, connect and retain network communication with the radio receiver (handset) in order that the handset can process, understand, respond, where necessary. The range of control channels are defined by GSM and repetituously cycling of the control channels that led to identifying the GSM Radio DNA Bracelet, illustrated below. 

I shall stop here because there is a considerable body of information that I have condensed into this byte-size primer discussion. Readers may wish to take time to digest what I have stated. Also, I am in no hurry discuss everything. What I can state, I rely on evidence, analysis and facts drawn from standards and test results, each used to corroborate each other.  Over the years I have had mobile network operator staff, experts and examiners who have suggested something different or initially disagreed with the GSM Radio DNA Bracelet only for them to reconsider their own view down the line. This has largely been due to radio engineers/experts/examiners thinking in terms of KPIs, fault finding, radio planning or not fully appreciating the subject matter being discussed. The findings I am discussing: relate to forensic analysis and evidence; the findings have remained constant (in my opinion) over the years; control channel data used for CSA assigned only to those logical channels identified in the GSM Radio DNA Bracelet and no other logical channel. It is true to say operators may use various combinations of control channels (examples are set out in the GSM standards) but in each instant the control channels are constantly cycled in a pattern that forms a bracelet effect, the signalling data in them has unique identity properties analogous to the way DNA attributes can be understood. Objectively, if the aforementioned doesn't occur GSM handsets and SIM cards may not determine/understand control channel data to make effective use of the data and, logically, GSM would fail to work effectively with its claimed objecitives. It is because of these GSM constants that they fortify that a GSM Radio DNA Bracelet exists, subject to the caveat control channels used by particular operators at particular locations might vary.

The work above is Copyright and the entire original artistic work or part thereof may not be reproduced or distributed without the prior consent of the author. (c) Gregory Smith 2011.