Lawful Interception of VoIP Rudolf Winschuh Business Development Transaction Security / Telecommunications
Agenda Company Overview Lawful Interception Definition and Terms Legal Framework Functional Overview LI for VoIP LI solutions for VoIP LI of peer-to-peer VoIP Standards and Regulation Open Issues LI for NGN/IMS 2
Company Profile Foundation: 1983 Turnover: 34.8 million in 2004/2005 EBIT: 5.8 million Ownership: Public Company (Frankfurt Prime Standard) Employees: > 250 worldwide Headquarters: Oberursel (near Frankfurt/Main) Utimaco the Data Security Company 3
Presence Branch offices Distributors Development centers (Details: www.utimaco.com) US/Boston Egypt Israel JV Hong Kong Japan Saudi Arabia Taiwan Brasil Argentina Chile Malaysia Singapore South Africa Australia Global partners: IBM / Lenovo Cisco Siemens T-Mobile Vodafone 4
Portfolio Utimaco Product Portfolio: Personal Device Security Innovative, trustworthy SafeGuard solutions protect your data against misuse on the terminals in private as well as public organizations (SafeGuard Easy, - PrivateDisc, - LANCrypt, - PrivateCrypto, - Advanced Sec., - PDA). Transaction Security Focusing on innovative ebusiness and egovernment solutions on the basis of Utimaco technologies (e-mail security, PKI, PKI-enabled applications, Hardware Security Module, Lawful Interception Management System). Hard disk encryption Virtual disk File security Management of rights PDA protection Sign - Verify Encrypt - Decrypt PKI - Infrastructure Time-Stamping Hardware Security Modules LI-Management 5
Lawful Interception Definition and Terms Lawful Interception (LI) Interception of telecommunications for purposes of law enforcement based on laws and other regulations Requirements for telecommunication service providers Law Enforcement Agency (LEA) Interception Related Information (IRI) Information about intercepted communications (e.g. identifiers of participants, times, location information) Call Content (CC) Content of intercepted data (e.g. speech, e-mail, data) Handover Interfaces (HI) 6
Legal Framework LI is based on national laws and regulations Implementation is often based on standards National legislation International technical standards Constitution SORM CIS Interception of telecommunications ATIS America (US) Telecommunications laws ETSI Europe Other laws National regulations 3GPP Worldwide Organization Technology Data protection 7
Generic Requirements All communication of a target and service must be intercepted Integrity and confidentiality of Information must be ensured Only authorized personnel must be able to use the LI equipment All information must only be accessible to authorized personnel Every use of LI equipment must be logged Intercepted subject must never be able to detect the interception Active interception measures must never influence the telecommunication service Provider only required to provide accessible data Network-intrinsic encryption must be removed 8
Functional Overview 9
Functions of LI Solutions Administration Function GUI to administrate LI components and interception measures Mediation (Delivery) Function Communication between administration system and access functions Delivery Function (DF) transmits IRI and CC to LEA Access Function Accesses data to be intercepted in telecommunication network Active: Internal Interception Function (IIF) integrated in network node Passive: Probe/Sniffer, filtering to be intercepted communications out of whole network traffic 10
Functions of LI Solutions for VoIP Delivery Function IP PSTN Access Function Active/IIF: Signaling Server (e.g. SIP Server) Access Router Session Border Controller Application Server Passive: Probes (SIP, H.323, RTP, ) 11
Valuation of LI Solutions for VoIP Active Signaling Server Access Router Session Border Controller Application Server Pros + no additional hardware + scales good + minimal effort for provider + access to all media + sometimes only alternative + reuse of SBCs + easy correlation of IRI and CC + centralized solution + easy correlation of IRI and CC Cons - security - IIF integrated in server - performance - correlation of IRI and CC difficult - LI functions at multiple points - calls to PSTN not covered - additional hardware - rerouting could be necessary - application dependent Passive Probes + very secure + indepent of vendor (in theory) - additional hardware - scaling can become an issue - possibility of packet losses 12
LI of peer-to-peer VoIP Signaling- Server Signaling- Provider Administration Function IRI Signaling User Content Access-Provider IRI Delivery Function 2 IRI Law Enforcement Agencies (LEA) Access- Server CC Delivery Function 3 CC 13
LI-Standards for VoIP ATIS T1.678 US ETSI WI 00024 Europe Canada, Australia, Asia? 3GPP 33 108 3rd generation mobile network operators CableLabs PacketCable (Broadband) Cable operators ETSI TS 101 671 Originally for PSTN networks Possible solution for PSTN and VoIP operators 14
Status of Regulation US Based on CALEA Second order of FCC from 12 May 2006 Interconnected VoIP services Providers must be compliant by 14 May 2007 Europe Different from country to country Germany: Interim solution until ETSI standard is finalized Netherlands: LI of VoIP already active 15
Open Issues IRI CC Forwarding of signalling information e.g. SIP messages vs. Mapping of SIP messages to defined structures Some providers cannot access the content Possible ban of business models Application/service specific data Encryption is a hard problem for LEAs Blocking of encrypted traffic? 16
LI for NGN/IMS Next Generation Networks (NGNs) standardized by ETSI TISPAN Based on 3GPP approach Core component: IP Multimedia Subsytem (IMS) Goals: Independent of underlying network architectures Services in networks independent of access type (PSTN, mobile, DSL, ) Terminal and user mobility Easy deployment of new services 17
TISPAN R1NGN IMS architecture (ES 282 0001) TE User equipment CNG NASS e3 e1 ZZ e2 CNGCF NACF a2 ARF A-MGF Access Node Gm CLF a4 a1 e1 PDBF UUAF a3 AMF IP Edge e4 L2TF e2 ASF Type 1 A-RACFRq SPDF RACS Re P1 RCEF UPSF Core IMS I/S-CSCF AGCF P2 Di P-CSCF Gq Ia Mw C-BGF ASF Type 2 MRFC MRFP Core Network IP transport BGCF MGCF T-MGF 2002, Cisco Systems, Inc. All rights reserved. 18 Sh Cx ISC Mr Mp Dx SLF Mi Dh Mn Mg Ie Mk SGF IBCF Gq SPDF RACS Ia I-BGF Lb IWF Lc PSTN / ISDN Other Networks
TISPAN R1NGN architecture with IMS LI reference points TE User equipment CNG NASS e3 e1 e2 CNGCF NACF IRI-IIF a2 ARF A-MGCF CC-IIF ZZ Access Node Gm CLF a4 a1 e1 PDBF UUAF IRI-IIF a3 AMF CC-IIF RCEF IP Edge e4 L2TF e2 AF MF IRI-IIF ASF Type 1 UPSF Core IMS I/S-CSCF IRI-IIF Mi AGCF IRI-IIF P2 BGCF IRI-IIF P-CSCF IRI-IIF A-RACFRq SPDF RACS Re P1 Di Gq Ia Mw C-BGF CC-IIF ASF IRI-IIF MRFC IRI-IIF MRFP CC-IIF Core Network IP transport MGCF IRI-IIF T-MGF CC-IIF 2002, Cisco Systems, Inc. All rights reserved. 19 Sh Cx Type 2 ISC Mr Mp HI1 HI2 HI3 Dx Dh SLF Mn Mg Ie Mk SGF IBCF Gq SPDF RACS Ia I-BGF CC-IIF LEAF LEMF Lb IWF Lc PSTN / ISDN Other Networks
Questions? www.utimaco.com Rudolf Winschuh rudolf.winschuh@aachen.utimaco.de Tel.: + 49 (0)241 1696 248 20