Location Privacy in LTE: A Case Study on Exploiting the Cellular Signaling Plane's Timing Advance

Abstract

Location privacy is an oft-overlooked, but exceedingly important niche of the overall privacy macrocosm. An ambition of this work is to raise awareness of concerns relating to location privacy in cellular networks. To this end, we will demonstrate how user location information is leaked through a vulnerability, viz. the timing advance (TA) parameter, in the Long Term Evolution (LTE) signaling plane and how the position estimate that results from that parameter can be refined through a previously introduced method called Cellular Synchronization Assisted Refinement (CeSAR) [1]. With CeSAR, positioning accuracies that meet or exceed the FCC’s E-911 mandate are possible making CeSAR simultaneously a candidate technology for meeting the FCC’s wireless localization requirements and a demonstration of the alarming level of location information sent over the air. We also introduce a geographically diverse data set of TAs collected from actual LTE network implementations utilizing different cell phone chipsets. With this data set we show the appropriateness of modeling the error associated with a TA as normally distributed. \