back to article Boffins explore cell signals as potential GPS alternative

Faced with growing threats to aviation GPS systems, researchers at Sandia National Labs argue we're overlooking a readily available alternative that could work effectively with further research: cellular signals. You'd be forgiven for scoffing at the idea that it took a group of world-class scientists until 2024 to figure out …

  1. Eclectic Man Silver badge

    GSM

    GSM signals are licensed for a terrestrial communications system (which is why it is illegal to use a mobile phone directly from a flying aircraft). Any signal received at 80,000' is, in effect 'wasted' energy, which the mobile phone companies may want to reduce as much as possible. So although the science is great and interesting, there may be a few other issues to deal with. Plus, flying over the oceans and poles may not get all that many useful signals.

    But good work.

    1. Martin Gregorie

      Re: GSM

      In the UK, GSM signals have been shaped by each cell's antenna to provide a flat energy-saving transmission pattern since at least the early noughties.

      I remember that around 2003 I'd just seen a comment from a US glider pilot in the much missed rec.aviation.soaring about using his cellphone to snark at his flying buddy while airbourne, so I thought I'd check this out while climbing slowly in a nice, soft thermal at 3000 ft over the centre of Huntingdon. However, that idea fell at the first fence because my phone couldn't pick up any signal at all.

      1. Eclectic Man Silver badge

        Re: GSM

        I hope you are keeping up with the flying, I last flew P1 in the late 1970's (Slingsby T31 IIRC). Of course a commercial airliner probably has slightly more sensitive radio equipment than a mobile phone, but I don't recall Huntingdon being a mobile not-spot.

        1. Martin Gregorie

          Re: GSM

          So do I, but this year wasn't the one, what with my Std Libelle having been OOS for three years, thanks to a very slow airbrake bearing replacement followed by an even slower (and botched) AD and yet another slow AD this year, but at least this one has caught and fixed stuff that should have been attended to years ago. My Libelle is an early Balsa one, and easily the nicest single seater I've flown. It cruises nicely at 65 kts (70 mph for non-pilots), has the best all-round vis and handling of anything I've flown and is also one of the few (only?) glider types with an automatic trim control that works as it was designed to.

          My club also has a Slingsby T-21, which I did some of my pre-solo time in, I like it a lot, except for one gotcha: if you're sharing a thermal with another glider, you'll never know its there unless you saw it joining you. This is because anything on the far side of the thermal is hidden behind your inner wing. For those who've never seen a T-21, its (huge) wing is mounted on a pylon just behind the open cockpit. The two occupants sit side by side under the front part of the wing, so when you're banked over circling in a thermal, your wing completely hides any gliders on the far side of the thermal.

          Our other two seat gliders are an SZD Puchacz (for spin training), the usual ASK-21s (I soloed in one of these) and a Grob G103, which I liked but which got replaced with a Perkoz which I'm not so keen on.

          Post solo, for about 3 years I flew the club's SZD Juniors, Discus and a Pegase 90 (French built ASW-19), which is still my favourite club glider.

          Anyway I've been waiting since March to get cataracts done (coughed up for that since the NHS queue seems to be never ending), so should be ready to rock'n roll when the thermals start to pop next year.

          1. Denarius Silver badge

            Re: GSM

            you dont have FLARM ? Useful for detecting those pilots that like to hide just above and behind you where most collisions occur. In Oz ADSB is now nearly mandatory and many gliders carry them meaning the flight24 and similar show you who is near, commercial and recreational. I believe glider specific flight management software can blue tooth to a mobile and add nearby aircraft to display. I still miss the club SZD481 Jantar. If it was possible to get the approved Wallington mods done restoring a Blanik for local soaring would be fun. I digress. Until 3G shutdown not had a problem getting a signal in air and used mobile phone to call base for status and inbound calls when battery died on long flights so radio unavailable. With arrival of 4 and 5G signals strength began plummeting. Thanks for nothing Big Swamp. (aka telstra) As for navigation, on 300 km plus flights still carry maps and check compass swing. In Oz there are places where even at 10,000 feet there is nothing distinctive below to assist fatigued pilots.

            1. Eclectic Man Silver badge
              Unhappy

              Re: GSM

              Any ideas why my original post warrants seven downvotes ? I didn't think I had that many stalkers on this site.

            2. Martin Gregorie

              Re: GSM

              Of course I carry a FLARM system, but my eyesight comment is still relevant because you still need to LOOK where the FLARM says the opposition is in order to see exactly what its doing.

              Also, you can still need pretty good eyesight to see a white glider more than 2-3 km away on an overcast, grey day in some lighting in conditions:when both clouds and gliders have similar colours and brightness. Yeah, I know that sort of day usually has little gliding action apart from pre-solo flying, but must of us have found those sort of cinditions on a longer declared task or when flying a Regionals task on a less than ideal day.

              There can't be many privately owned gliders in the UK that don't carry FLARM. Same goes for my club's fleet, which is mostly glass gliders, all with FLARM fitted. Our SF-25 motorglider and our tugs all carry FLARM but I can't recall whether our T-21 also has it fitted: I must remeber to take a look next time its being flown.

  2. Henry Hallan
    Big Brother

    Cell transmissions do include timing data and location data - you just have to interpret it. There is a network-wide timebase transmitted in the control channels (4G and 5G use these to share access) and the pilot channel will include a unique cell ID which can be used to find it on a map.

    Using the time delay part of neighbour cell measurements of three cells can give location to within a few metres - technology that has been available since the 2G days.

    The networks know where you are - they always have. Anyone who can access your neighbour cell measurements does.

    There is nothing new about this

    1. Charlie Clark Silver badge

      I think the research is mainly about what you can get for "free" just through passive listening to the spectrum. So, interesting and potentially useful research, but certainly not suitable for location data for flying, which is already regulated for good reason: want to fly through our airspace then you have to use approved navigation equipment.

      Some uses of location data is already moving off GPS, both for reasons of resilience and independence, and for reasons of accuracy. Galileo is, of course, probably the poster child already using LEO for greater accuracy. Recent, ahem, developments, have also revived interest in ground stations able to provide backup information in case of "problems" with satellite navigation and inertial navigation systems have experienced a revival as they're much harder to tamper with.

      1. DS999 Silver badge

        But why would you limit yourself

        To the bare minimum? If you're designing a system that would be in aviation, surely the extra few bucks to provide hardware able to demodulate the signals and access time and cellid (i.e. location data is worth it. You can ALSO check doppler etc. like they are investigating as a sanity check (i.e. in case someone is broadcasting rogue cell signals trying to masquerade as a tower in a different location to fool this system)

        Spoofing GPS is a problem because there are few sources and few frequencies, and commercially available receivers don't provide for handling cases where conflicting signals are received. Cellular uses a lot more frequencies spread across a lot of the spectrum, and there are so many sources it would be impossible to spoof everything an aircraft flying at altitude could receive. All you need is a way to discard signals that don't "fit", i.e. wrong doppler for the location of the claimed cellid, timebase that's too far off from what the aircraft's internal clock shows, etc. and using the rest of the "validated" cell signals you can get a pretty accurate reading on the aircraft's location, heading, speed and altitude.

        You'd need some sort of MIMO/phased array antennas to simultaneously receive a lot of cell signals at once, but that's pretty standard technology these days found in consumer wireless routers and satellite dishes.

        1. MachDiamond Silver badge

          Re: But why would you limit yourself

          "You'd need some sort of MIMO/phased array antennas to simultaneously receive a lot of cell signals at once, but that's pretty standard technology these days found in consumer wireless routers and satellite dishes."

          I see the biggest hurdle as cost. Another issue is something going on a non-experimental aircraft has to pass through a rigorous and expensive certification process. It draws power from the aircraft and has to be maintained in working condition once installed or it could ground the aircraft. Is it valuable enough?

          1. DS999 Silver badge

            Re: But why would you limit yourself

            Why is cost an obstacle? The hardware is available in consumer gear (the aforementioned wireless routers and satellite dishes) that retail for $100, so even with a 50x "certification markup" that's only $5000 for aircraft that cost millions. The software adds cost too but that's amortized across all the units.

            The "is it valuable enough" judgment would be made by regulators if they believed it was valuable, then the cost issue is moot because it would be mandated on all commercial airliners above a certain size.

            This is the sort of thing that is probably researched and not fully developed because people think it is solving a problem that's mostly theoretical, until someday there is a major crash due to GPS spoofing and then everyone is wondering why this technology has been sitting on the shelf and hadn't been required, so they make everyone install it in three years and the airlines complain "we can't possibly meet such a tight timeline!"

            1. MachDiamond Silver badge

              Re: But why would you limit yourself

              "Why is cost an obstacle? The hardware is available in consumer gear (the aforementioned wireless routers and satellite dishes) that retail for $100, so even with a 50x "certification markup" that's only $5000 for aircraft that cost millions. The software adds cost too but that's amortized across all the units."

              Try $50,000 as a starter for getting it qualified. The price is also not going to be $100 since each unit will also have an intense QC cycle and parts that come with certs all the way back to the fab. The reason flying on a commercial airline is so safe is down to a lot of those requirements. You could point at a washer on a commercial aircraft and they will be able to give you it's entire history from the metal foundry through manufacturing to the aircraft. That costs money. I know a company that makes metal stampings for aerospace and since it's been around for many years, one of their problems is storage for the material samples they have to hold. They have boxes upon boxes of hard copy certs going back decades.

        2. Charlie Clark Silver badge

          Re: But why would you limit yourself

          How do you expect this to become licensed around the world and, therefore, actually usable in regulated air space? As I said, LEO based signals are becoming more common and these are licensed for use by navigation devices, whereas scavanged cell tower data isn't; though I can think of other reasons for wanting to collect it!

          1. DS999 Silver badge

            Re: But why would you limit yourself

            What licensing issues? This is reception only, not broadcast, so approval isn't that hard they just have to show it works as designed. And while SOME signals are licensed for use by navigation devices, LEO stuff like Starlink is not. That could be licensed just as easily as cellular, of course.

            However LEO signals like Starlink suffer from the same lack of diversity of frequencies making DoS or spoofing attacks easier. It is also reliant on (at least today) a single company with a single dominant owner, with the various issues that go along with it. It is hard to imagine there would be wide international cooperation around a standard relying on Elon Musk, while relying on existing ITU standards like LTE and 5G would be much less of a political hot potato. Yes there will be LEO competition to Starlink but it is all non standard stuff so you'd need a separate implementation to each one. That's just not realistic.

    2. Anonymous Coward
      Anonymous Coward

      >"Using the time delay part of neighbour cell measurements of three cells can give location to within a few metres - technology that has been available since the 2G days."

      Heck, if you have directional antennas, you can just use the cell sites as NDBs.

      1. IvyKing Bronze badge

        Heck, if the NDBs had a sufficiently accurate transmit frequency source and the NDB (ADF?) also had a sufficiently accurate frequency reference, one could use Doppler shift of the various NDB signals to get a good read on position. I don't think knowing the headings to the various cell towers will get anywhere close to GNSS accuracy, but it would be a god way of detecting GSS spoofing.

    3. Xalran

      They don't really carry location and timing data.

      Now *the Cellular Network* knows which cell a mobile equipment is attached to and knows the cell precise location ( and has always known as you point outt ) ...

      With a SRI/SRI-ACK message sequence ( that 2G messages that can loosely be considered as keepalives for those that don't knows ), through the timing latency you can get a relatively precise location ( location gets more precise the smaller the cell is )

      That's how the first generation mobile positionning systems worked (used only by emergency services and police at that time) [Obviously I worked on that system... long ago, as the On Call guy]

      Modern generation have ways to tickle the mobile equipment GPS chip in such a way that it gives the current GPS location.

      But all that is seen from he heart of a mobile network.

      What the Boffins at Sandia are triying to do is to deduct things like timing and location ou of an encrypted signal without using any ressources from that network. ( because attaching to the network would mean that your mobile equipment can be tracked and located )

      [ It's a technical nitpick : the radio part of a Mobile Network has been encrypted since 2G up to a point, and only in 5G you have everything encrypted, including he niial exchange to attach a mobile equipment to the network ]

  3. may_i Silver badge

    > It's not a stretch to imagine a passenger jet has better antennas, meaning they might be able to pick up even stronger signals, given the right hardware.

    "even WEAKER signals" perhaps?

  4. Mage Silver badge

    But the mobile bases use the GPS for local clock to save money.

    A GPS receiver module with serial out is €8.

    Cell / Mobile is already used for positioning and has advantage it works indoors away from the window, It's of zero advantage for a vehicle as the Cell/Mobile system uses the GPS satellite signals to save money.

    They should re-examine how cell/mobile bases work, because they are not currently a redundant backup, though they could be.

    It's true that the mobile/cell bases could be engineered to work without GPS receivers. Maybe an extra $100 to $500 per mast once off cost.

    1. bazza Silver badge

      Agreed. This is not a robust resilient alternative to GPS. As you point out, it cannot be unless they re-work how cell stations do frequency control.

      It's a non-trivial problem though. Whilst one could fit the base stations with high quality low phase noise reference oscillators, that in itself is not a long term solution. It would tide the cell network over short GPS outages, but after a while the cells would have diverged from an agreed timing and the network stops operating. They need that common external reference to keep the whole network in sync, which is why they picked up on GPS in the first place. Using the cell network as a back up to GPS positioning doesn't work, because anything likely to take down GPS in a serious way is going to mean no GPS services for years. There's no way that even the finest low phase noise oscillators in base stations could keep the networks in sync for that time.

      There are alternatives. Radio clocks - e.g. Rugby / MSF. Run off the UK's atomic clock resources, it's always right, but I don't know if one can sync an oscillator to it sufficiently accurately for the purposes of a cell network; the signalling method for radio clocks is something like 60kHz, and a very accurate 60kHz, but the time of day at the receiver is good to only 1millisecond (GPS receivers can do far better).

      Other technologies are also likely limited in a similar way, e.g. eLoran. That too can carry a timing signal, but is also a low frequency narrow bandwidth signal (which is what limits the timing resolution that can be achieved). That's not a reason to not (re)build eLoran, as that in itself offers a pretty good location service. It'd be far better to put resource into (re)building the eLoran transmitter networks than it would into bodging up a location receiver using cell networks.

      Better Long Term Solution

      Probably what they will have to do is to redesign the cell networks so that they can distribute time themselves. It would require all the cell stations to be able to hear at least one other cell station in the network, but if that were arranged then they could build a self synchronising network. That fits a number of things nicely

      First, there's pressure from the UK gov for companies to share cell sites, stop the mad dash for prime sites amongst the industry players. The ultimate conclusion is that there's one single physical cell network, with all the current "operators" becoming virtual networks on it just as the smaller providers like Virgin and Giff Gaff are today. Merged into one physical network, it's more likely that all the cell base stations are within reach of at least one other cell base station.

      Secondly, resiliently self-synced like this, then the cell network does indeed become a solid, reliable, multiply redundant source of time and position services. In fact, they could re-engineer the lower layers of the 5G stack specifically to provide time and position services, rather than such services having to be synthesised (badly) from cell emissions as signals of opportunity.

      Won't Happen unless kicked

      Thing is, this won't happen spontaneously. A self syncing network is going to cost operators money in one way or other, either through the use of bandwidth for synchronisation, added base stations to provide the synchronisation grid, etc. To make this happen, several major governments around the world are going to have to intervene in the market and pass laws requiring that such things are required by the licensing regulations for cell networks. That's going to take political cooperation between some pretty major governments currently holding adversarial positions against one another...

      The Western world could go it alone in this regard. It's going to cost money, and it'd drive a wedge into the existing global standardisation process. That might fit various tech repatriation agendas some governments have.

  5. Neil Barnes Silver badge

    Hmm...

    and they did it with nothing but a couple of Raspberry Pis and some other off-the-shelf electronics packed in a styrofoam cooler and attached to a weather balloon.

    Sounds familiar. Perhaps they read El Reg.

    Lester, is that you?

  6. amaccuish

    Cell?

    The use of UK "boffins" and US "cell" signals is jarring. From the title alone I thought it would be about body cells.

    1. hairydog

      Re: Cell?

      I don't think soc In the UK, our mobile phones have always connected to mobile base stations, each with one or more cells.

      The system has always been referred as a cellular network, because it is.

      The handsets have never been referred to as cellphones, because they are not.

      To call a mobile phone a 'cellphone' displays a misunderstanding (or, more likely, a total obliviousness) of how it all works.

  7. MachDiamond Silver badge

    "To call a mobile phone a 'cellphone' displays a misunderstanding (or, more likely, a total obliviousness) of how it all works."

    When CELLPHONES came out, there were mobile phones that operated on the MTS/iMTS service. The AMPS phone service was based on a cellular network so the phone were called "cell phones" to differentiate them from iMTS. Now that AMPS service is dead and buried, people have gone on calling modern mobile telephones, "Cell Phones". Just stick your fingers in your ears and do the LaLaLaLa bit until you run out of breath if it's that much of a problem for you. And, BTW, what people call "loctite" is "thread locker". Loctite makes a wide array of adhesives so if you don't know, you might wind up with the wrong stuff and pay dearly for the mistake.

  8. Joem5636

    GPS alternative

    How about using commercial radio/tv transmitters as location sources? Adding a time/location/id ‘stamp’ to the signal would be “visible” only to special receivers [software radio?] and be relatively impervious to jamming/scamming.

    1. MachDiamond Silver badge

      Re: GPS alternative

      "How about using commercial radio/tv transmitters as location sources? Adding a time/location/id ‘stamp’ to the signal would be “visible” only to special receivers [software radio?] and be relatively impervious to jamming/scamming."

      You wouldn't need a location/time stamp. Terrestrial radio/TV station broadcast antennas don't move around. A timing signal is required for satellite navigation since those are moving. With terrestrial broadcasting, many times there will be a bunch of transmitters in one place that's in a good location to see an entire region. I remember visiting the Mt Wilson Observatory and next door is most of the transmitters for radio and TV in the Los Angeles area. Now that I think about it, I need to dig up the photos I made on that trip. If you are in the Los Angeles area between April and November, go visit the observatory, it's amazing. They close to the public for the winter due to snow. If you rent one of the telescopes, I think you can go. When I was there years ago, the docent said the 100" Hooker telescope might be opened up for anybody to rent. The 60" was ~$1,900/night so I expect the 100" will be much much more.

    2. TWB

      Re: GPS alternative

      The UK DAB network transmissions are all locked together timings wise - they have to be to make it work - sadly I don't know the details - I suspect someone here will put me right.

      I suspect there are good timing signals is all the muxes. The overall system is designed to be pretty resilient.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like