Location Privacy in LTE: A Case Study on Exploiting the Cellular Signaling Plane's Timing Advance

Location privacy is an oft-overlooked, but exceedingly important niche of the overall privacy macrocosm. An ambition of this work is to raise awareness of concerns relating to location privacy in cellular networks. To this end, we will demonstrate how user location information is leaked through a vulnerability, viz. the timing advance (TA) parameter, in the Long Term Evolution (LTE) signaling plane and how the position estimate that results from that parameter can be refined through a previously introduced method called Cellular Synchronization Assisted Refinement (CeSAR) [1]. With CeSAR, positioning accuracies that meet or exceed the FCC’s E-911 mandate are possible making CeSAR simultaneously a candidate technology for meeting the FCC’s wireless localization requirements and a demonstration of the alarming level of location information sent over the air. We also introduce a geographically diverse data set of TAs collected from actual LTE network implementations utilizing different cell phone chipsets. With this data set we show the appropriateness of modeling the error associated with a TA as normally distributed.

[1]  Ariel Bleicher 4G gets real , 2014, IEEE Spectrum.

[2]  Tapani Ristaniemi,et al.  Performance evaluation of LTE radio fingerprint positioning with timing advancing , 2015, 2015 10th International Conference on Information, Communications and Signal Processing (ICICS).

[3]  Simo Ali-Löytty,et al.  Estimation of base station position using timing advance measurements , 2011, International Conference on Graphic and Image Processing.

[4]  Malcolm David Macnaughtan,et al.  Positioning GSM telephones , 1998, IEEE Commun. Mag..

[5]  John C. McEachen,et al.  Precision Geolocation of Mobile WiMax Subscribers Using Timing Adjust Measurements , 2012, 2012 45th Hawaii International Conference on System Sciences.

[6]  Younghan Kim,et al.  Using Timing Advance to support proximity discovery in network-assisted D2D communication , 2015, 2015 Seventh International Conference on Ubiquitous and Future Networks.

[7]  Gul Agha,et al.  Victim Localization and Assessment System for Emergency Responders , 2016 .

[8]  Murali Tummala,et al.  Cellular Synchronization Assisted Refinement (CeSAR): A Method for Accurate Geolocation in LTE-A Networks , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[9]  Sébastien Gambs,et al.  De-anonymization Attack on Geolocated Data , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[10]  Dola Barua Location-Based Services for Mobile Telephony: a study of Users' privacy concerns , 2015 .

[11]  Ismail Güvenç,et al.  A Survey on TOA Based Wireless Localization and NLOS Mitigation Techniques , 2009, IEEE Communications Surveys & Tutorials.

[12]  Hajime Watanabe,et al.  Localization Attacks Using Matrix and Tensor Factorization , 2016, IEEE Transactions on Information Forensics and Security.

[13]  Gordon L. Stüber,et al.  Overview of radiolocation in CDMA cellular systems , 1998, IEEE Commun. Mag..

[14]  G. P. Yost,et al.  Improvement in estimation of time of arrival (TOA) from timing advance (TA) , 1998, ICUPC '98. IEEE 1998 International Conference on Universal Personal Communications. Conference Proceedings (Cat. No.98TH8384).

[15]  Torbjörn Wigren Fingerprinting localisation using round trip time and timing advance , 2012, IET Commun..

[16]  Eija Kaasinen,et al.  User needs for location-aware mobile services , 2003, Personal and Ubiquitous Computing.

[17]  John McEachen,et al.  Geolocation of LTE subscriber stations based on the timing advance ranging parameter , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[18]  J.F. Bull Wireless geolocation , 2009, IEEE Vehicular Technology Magazine.

[19]  Chi-Yin Chow,et al.  Trajectory privacy in location-based services and data publication , 2011, SKDD.

[20]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[21]  Erik Dahlman,et al.  4G: LTE/LTE-Advanced for Mobile Broadband , 2011 .

[22]  Yang Lu,et al.  A Novel Technique for Human Traffic based Radio Map Updating in Wi-Fi Indoor Positioning Systems , 2015, KSII Trans. Internet Inf. Syst..

[23]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[24]  Gregory D. Abowd,et al.  Control, Deception, and Communication: Evaluating the Deployment of a Location-Enhanced Messaging Service , 2005, UbiComp.

[25]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[26]  Bin Ran,et al.  Intelligent Route-Based Speed Estimation Using Timing Advance , 2006, 2006 IEEE Intelligent Transportation Systems Conference.

[27]  Jean-Pierre Hubaux,et al.  Security Issues in Next Generation Mobile Networks: LTE and Femtocells , 2010 .

[28]  Jin Cao,et al.  A Survey on Security Aspects for LTE and LTE-A Networks , 2014, IEEE Communications Surveys & Tutorials.