Cellular systems, for decades, have become a necessary part of our daily activities. From 1G to 5G, cellular technologies have been able not only to support voice and data communications, but they have been also capable of providing positioning, location tracking, and localisation services with an accuracy that is based on the supporting technology and network deployment. Following the 1G analog cellular system, the introduction of time division multiple access and code division multiple access in the 2G, 3G, 4G, and beyond cellular systems were already providing better services, not only for improving audio and data services but also to offer better location services.
The third-generation partnership project (3GPP) considered positioning methods in their standardization process, as a means to also support emergency services, and this effort was also retained in 4G and now 5G systems.
When it comes to localization methods, these can be classified into two main categories, namely ‘Mobile based’ and ‘Network based’. In the first case, the cellular device estimates its own position by utilizing the surrounding cellular base stations. In the ‘Network based’ case, the network estimates the position of the cellular device through measurements performed by the network.
2G Systems
The most famous and well-adopted 2G Network Technology is the GSM, followed by IS-95 also known as CDMA.
These cellular technologies had been designed to be digital by nature to support both voice and circuit-switched data. When it comes to their multiple access schemes, GSM uses Frequency Division Multiple Access (FDMA) and Time Division Multiple Access, while IS-95 uses FDMA and Code Division Multiple Access.
In GSM, the Location Resolution Hierarchy starts at the network level where a user is served from the Public Land Mobile Network (PLMN). A PLMN consists of Mobile Switching Centres (MSC), MSC’s serve multiple Base Station Controllers and Base Stations (BSC/BTS) that serve location areas (LA) and sectors and thus smaller location areas are defined. Finally, since GSM utilizes Time Division Multiple Access time alignment must take place between different segments of the network which is achieved through the Timing Advance (TA) parameter. This Timing Advance itself can be used for localization purposes.
To summarise, four positioning methods are supported in the GSM/EDGE RAN:
- Timing Advance (which is effectively a Cell ID + TA method)
- Enhanced Observed Time Difference (E-OTD)
- Assisted GNSS (A-GNSS) and
- Uplink Time Difference of Arrival (U-TDOA)
In the case of the IS-95 system, IS-95 performs ranging of users and their communication between the base stations by estimating the propagation delay of the radio signals. Electromagnetic waves propagate at the constant speed of light, and the distance between the cellular handsets and the base stations is directly proportional. In IS-95 CDMA networks, the base station broadcasts a pilot Pseudo-Noise (PN) sequence with a unique known offset to allow the cellular handset to detect the presence of CDMA channels and provides timing information for demodulation. The chip rate is 1.2288Mcps in IS-95 CDMA, thus, one chip period is 0.8 138usec and about 244m in distance, which is better than the GSM case.
GSM Timing Advance:
Timing Advance concept was firstly introduced for GSM in order to compensate for propagation delay between the BTS and the Mobile Equipment, when the Mobile Equipment is placed in an unknown distance from the BTS.
The Mobile Equipment, as soon as it receives the Downlink signal from the BTS, it sends its Uplink Signal so it can reach the BTS 3 slots later. The longer the distance, the bigger the propagation delay and thus the Mobile Equipment should take into consideration this difference in order to compensate it and reach the BTS in time.
TA works in steps of ~554m, where TA of 0 means that a user is within 554m of a Base station/sector, TA of 1 means 554m x 2 and so on. When TA is seen from multiple base stations, trilateration can be used to identify smaller possible location areas.
3G Systems – UMTS/WCDMA
When it comes to 3G technologies, (i.e.UMTS and cdma2000), 3GPP and ETSI were responsible for driving the technology’s development. The corresponding Technical Specifications from 3GPP were last updated in Release 10 during 2011. The latest version of WCDMA is called the HSDPA, a UMTS version which utilizes the latest concepts of MIMO and multi-cell deployments.
The air interface of UMTS is wideband CDMA which is also referred to as universal terrestrial radio access (UTRA). Nowadays, UMTS and its variants (WCDMA, HSUPA, and HSDPA) are the predominant 3G technologies, currently being used by most of the operators around the world with CDMA2000 only being adopted by a handful of operators around the world. Its FDD and TDD duplex modes can be configured to achieve data rates up to 14.4 Mbps with the aid of MIMO antennas.
As the name suggests, WCDMA main driving technology is Code Division Multiple Access, a channel access method that uses a wideband frequency range with a bandwidth of 3.84MHz. Spreading codes are being used to distinguish between various signals transmitted from various base stations (cells) which share the same frequency resources and are responsible for spreading the signal making it wideband. In other words, each overlapped cell is distinguished by its unique spreading also called Primary Scrambling Code or PSC.
Orthogonal channelization codes are being used in a similar fashion to distinguish between the “Physical Channels” of the signal such as the Physical Broadcast Channel or PBCH (carrying information about the cell) and the Physical Downlink Shared Channel or PDSCH (shared to users using code multiplexing)
In 3G cellular systems, the following localization methods are typically considered:
- Cell ID based methods
- Observed Time Difference of Arrival (OTDOA)
- Uplink Time Difference of Arrival (UTDOA)
- Advanced Forward Link Trilateration (AFLT) and
- GNSS-assisted based methods.
Cell ID positioning is a proximity-based method as described in the previous section, and it is the typical method used in all cellular system generations.
As with other technologies, time or signal strength parameters can be used to enhance positioning accuracy. For example, Cell ID + Round Trip Time, achieves a much higher precision in UMTS than in GSM networks, due to the much higher bandwidth in WCDMA. This improves the spatial resolution of RTT values: from ~550 meters in GSM to ~80 meters in WCDMA. This better spatial resolution helps reduce the confidence region, which results in higher localization accuracy. RTT spatial resolution in UMTS can be further improved with oversampling.
Propagation Delay in WCDMA:
Propagation Delay corresponds to the TA for WCDMA. Like TA, Propagation Delay is being used to estimate the distance between the UE and the serving cell.
- As soon as the UE sends “RRC Connection Message”, the NodeB transfers it to the Radio Network Controller (RNC) for further processing.
- The RNC then informs the NodeB to setup the Radio Link. The message being send is called Radio Link Setup Request, and it contains propagation delay information, which is being calculated to allow Uplink Downlink Synchronization between the UE and NodeB.
- The propagation Delay Information Element is being send every 3 chips, so to calculate the Propagation Delay time granularity we need the following information.
4G Systems – LTE
LTE uses Orthogonal Frequency Division Multiple Access (OFDMA), uses bandwidths of up to 20MHz bandwidth, and is able to achieve data rates of 300Mbps. LTE-Advanced can achieve even higher data rates by combining multiple 20MHz carriers using a technology known as carrier aggregation alongside MIMO.
As opposed to UMTS, LTE’s main driving technology is Orthogonal Frequency Division Multiplexing. The resources in this case are separated both in the frequency and time domain forming a frequency-time lattice. In the frequency domain the resources take the form of several narrowband orthogonal subcarriers and in the time domain take the form of slots.
The overlapping cells in this case (share the same frequency/bandwidth resources), are distinguished by a unique identifier called the Physical Cell Identity or PCI. PCI is derived from Primary and Secondary Synchronization Signals, and during cell planning, their values are carefully selected to avoid interference and “collisions” between neighboring overlapping cells.
Some of the methods that are being used by LTE for localization are listed:
- Enhanced Cell-ID
- GNSS Assisted
- OTDOA
- UTDOA
- Hybrid Methods
Comparing GSM and LTE, since both are using some sort of TDMA, it is important to note that time slots in LTE are shorter than GSM. In LTE the Timing Advance Parameter is smaller [3GPP 36.213], which leads to a TA step of ~78 meters, compared to the 554 TA step meter of GSM.
In other words, theoretically, LTE can achieve better localization accuracies.
Timing Advance for Distance Calculation:
It is the time offset between the beginning of a Downlink Subframe (as sent by the BTS/eNodeB and received by the UE) and the beginning of an Uplink Subframe (as being sent by the UE). The concept is better illustrated in the figure below.
This timing offset is being sent to the UE from the eNodeB through the Random Access Response message, just after it receives the Random Access Request message from the UE.
The message contains the Timing Advance Command, an index T_A, which can take values between 0 to 1282.
The timing offset in seconds can be derived from this Timing Advance Command Index using the formula below.
In the above formula, 15000 corresponds to the subcarrier spacing of LTE (15kHz), while 2048 is the FFT size of the maximum 20MHz Bandwidth.
Using the above formula, we can then derive the propagation distance of the signal, and thus the distance between the UE and the eNodeB. The resolution of the distance based on the TA Command Index is given below.
The above indicates a Timing advance Command to a distance resolution of 78.12 meters. So, if the TA Command is 0, the UE can be anywhere between 0 meters from the eNodeB and 78.12 meters, if the TA Command is 1, the UE can be anywhere between 78.12 meters and 156.24 meters.
It is however more accurate to claim, that those values may be different in real scenarios due to multipath, since propagatopm delay can be affected and the real distance may be distorted.