Developed By Obrela Security Industries George Daglas, MBA IT & Telecommunications Senior Advisor

Similar documents
Deploying Media Probes in Evolving VoIP Networks

WHITE PAPER. Gaining Total Visibility for Lawful Interception

Lawful Interception of VoIP. Rudolf Winschuh Business Development Transaction Security / Telecommunications

UMTS security. Helsinki University of Technology S Security of Communication Protocols

Lawful Interception of IP Traffic: The European Context

Regulatory Framework for Communications Security and Privacy in Greece

This TEPL Data Protection Policy is effective from 2 July Updated on 31 Jul 2015

IP-based Delivery Network via OpenVPN Provider Handbook

Mobile Wireless Overview

ETSI TS V3.1.0 ( )

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

In this Profile. USA Tel: Fax:

Technical Questions on Data Retention

Integrating Lawful Intercept into the Next Generation 4G LTE Network

Introducing STAR-GATE Enhancements for Packet Cable Networks

ETSI TS V3.1.1 ( )

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

Secure VoIP for optimal business communication

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3

Simple Law Enforcement Monitoring

SpiderCloud E-RAN Security Overview

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

On-Line Privacy Statement

Controller of Certification Authorities of Mauritius

Business Issues in the implementation of Digital signatures

Remote Forensic Software. Dr. Michael Thomas DigiTask GmbH, Germany

JAMAL EL-HINDI DEPUTY DIRECTOR FINANCIAL CRIMES ENFORCEMENT NETWORK

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

Network Security. Chapter 14. Security Aspects of Mobile Communications

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office

Brocade Telemetry Solutions

FAQ: (Data) security and privacy

BSA GLOBAL CYBERSECURITY FRAMEWORK

Voice over IP Security

ETSI TS V1.1.1 ( ) Technical Specification

ETSI & Lawful Interception of IP Traffic

ETNO Expert Contribution on Data retention in e- communications - Council s Draft Framework Decision, Commission s Proposal for a Directive

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

LAWFUL INTERCEPTION: A MOUNTING CHALLENGE FOR SERVICE PROVIDERS AND GOVERNMENTS

Why VoIP Peer to Peer and Social Networking providers cannot ignore Legacy Telecoms! Or why Peer to Peer VoIP needs Voip-Pal IP to succeed!

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

74% 96 Action Items. Compliance

Anonymous CPS 182s 9/20/2003. ISP-3: The Rise of the Internet Service Providers

On-Line Privacy Statement

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Fact Sheet FOR PHARMA & LIFE SCIENCES

Information Security Law: Control of Digital Assets.

ACHIEVING HIPAA COMPLIANCE WITH POSTGRES PLUS CLOUD DATABASE

CallRail Healthcare Marketing. HIPAA and HITECH Compliance for Covered Entities using Call Analytics Software

New Mexico Highlands University (NMHU) Information Technology Services (ITS) Information Technology Resources Policy: Internet, Intranet, ,

Summary Report Report # 1. Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions

CAISO Information Security Requirements for the Energy Communication Network (ECN)

Privacy Policy Version 1.0, 1 st of May 2016

Securing VoIP Networks using graded Protection Levels

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

Integration of Voice over Internet Protocol Experiment in Computer Engineering Technology Curriculum

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

HF Markets Ltd PRIVACY POLICY

VoIP 101. E911-Enhanced 911- Used for providing emergency service on cellular and internet voice calls.

Session Border Controller and IP Multimedia Standards. Mika Lehtinen

PRIVACY POLICY. I. Introduction. II. Information We Collect

Neutralus Certification Practices Statement

13.19 ETHICS REPORTING POLICY AND PROCEDURE

Highly Available Mobile Services Infrastructure Using Oracle Berkeley DB

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

ETSI TS V2.1.1 ( )

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

Information Security Policy

The Internet and the Public Switched Telephone Network Disparities, Differences, and Distinctions

Vulnerability Management: Effective Use Policies and Secure System Architectures for and Instant Messaging

Why sample when you can monitor all network traffic inexpensively?

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

VPN Technologies: Definitions and Requirements

Information Security

Content Teaching Academy at James Madison University

White Paper Understanding HIPAA A Brief Overview for Medical Practices Introduction

Regulatory approach to voice services supported in IP technology (VoIP)

Lawful Interception in P2Pbased

Chapter 1 The Principles of Auditing 1

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Bachelor of Information Technology (Network Security)

Life is now.

addressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from

White paper. Implications of digital certificates on trusted e-business.

Introduction to HIPAA Compliance Checklist:

Bates Technical College. Information Technology Acceptable Use Policy

Final draft ETSI ES V2.1.1 ( )

Wireless Network Standard and Guidelines

Monitoring the BlackBerry Enterprise Server

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Building the Lync Security Eco System in the Cloud Fact Sheet.

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Policy on Prevention of Money Laundering and Terrorist Financing ABH Holding S.A.

BT IP Exchange helps mobile operators accelerate VoLTE deployment

Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

Transcription:

LAWFUL INTERCEPTION Developed By Obrela Security Industries George Daglas, MBA IT & Telecommunications Senior Advisor Obrela Security Industries 52 Elektras str. Kallithea 176-73 Athens GREECE TEL:+30 210 9573750 FAX:+30 210 9573751

Commercial In Confidence Page 2 of 15 Index 1. INTRODUCTION... 3 2. LEGAL ENVIRONMENT... 5 3. LI PROCEDURES... 6 4. ARCHITECTURE OVERVIEW... 9 4.1 Basic Elements of LI...10 4.1.1 Internal Intercept Function (IIF)...10 4.1.2 HI 1 Administration Function (ADMF)...10 4.1.3 Mediation Function (MF)...11 5. CONCLUSION... 12 6. TERMINOLOGY... 13 7. REFERENCES... 14

Commercial In Confidence Page 3 of 15 1. Introduction Information in the modern society in one of our most valuable assets. The need for protection of information has increased dramatically in the last decade since we are now living in an information society. The digital era has introduced new market sectors, electronic commerce, online transactions and has abolished several barriers to entry in the global market. Hand by hand with any technological and economical advancement appear new fraud and crime committing methods targeted at our valuable information assets. The confidentiality, integrity, and availability of information must be safeguarded by a mix of physical, organizational, technical, and legal controls. One of the key technologies for establishing information security is cryptography, systems which use mathematical algorithms and digital keys to encipher data in such a way that only authorized people can decrypt and read them. Cryptography is employed to protect telecommunications, personal data, electronic payment systems, intellectual property rights, sensitive government and business data. Cryptography however is being also used in order to cover criminal activities and evade wiretapping by Law Enforcement Authorities. Since the mid 90s, cryptography has spread widely along with the massive growth of the Internet primarily to facilitate electronic banking, and electronic transactions. By the late 90s the mobile telecommunications market growth has made the use of cryptography (via GSM) a technology used by millions of people on a daily basis. The use of cryptography as a means of protection of privacy has created the need for establishing a Legal as well as technological framework in order to perform Lawful Interception (LI). Lawful interception (LI) is the legally sanctioned official access to private communications, such as telephone calls or e-mail messages. In general, LI is a security process in which a network operator or service provider gives law enforcement officials access to the communications of private individuals or organizations. With small variations from country to country the LI system must provide transparent interception of specified traffic only and the subject must not be aware of the intercept. The service provided to other users must not be affected during interception. The usage of has been and still is one of the most controversial issues of modern society. The concerned segment of the public claim that use of LI abuses their human and privacy rights. Since the interception capabilities include any possible type of Voice Telecommunication Cellular, Fixed and Voice over IP Data

Commercial In Confidence Page 4 of 15 Exchange Video, FAX, SMS, E-mail and Internet access Peer to Peer networks for chat or file sharing, Instant messaging like MSN and Yahoo Messenger, websites visited a great feeling of insecurity is created. The great controversy arises from the fact that governments worldwide state that the sole purpose of using LI is the national and individual security by preventing national and international crime, treason and break of public order, terrorist activities and by assisting in solving crimes such as murders, extortions, money laundering, drugs distribution, discovering criminal networks and terrorist associations.

Commercial In Confidence Page 5 of 15 2. Legal Environment Lawful interception plays a crucial role in helping law enforcement agencies to combat criminal activity. Lawful interception of public telecommunications systems in each country is based on national legislation in that country. The purpose of standardization of lawful interception in ETSI is to facilitate the economic realization of lawful interception that complies with the national and international conventions and legislation. The Technical Committee on (TC LI) is the leading body for lawful interception standardization within ETSI. Lawful interception standards have also been developed by ETSI technical bodies AT, TISPAN (/SPAN and TIPHON ), TETRA, and by 3GPP (/SMG). Source: ETSI In several European Countries the Legal Framework for has already been established for almost a decade. However it was not until after the terrorist hit in London in July 2005 that the European Union has published a directive for enforcing LI in all EU member countries. In Greece it was not until March 2005 that LI has become a National Law, however no national technical standards have been established yet. Legal Interception National laws Technical regulations Constitution Laws for telecommunication Criminal procedure International technical standards based on National technical standards based on ETSI CALEA SORM Europe North America Russia / Asia Pacific Figure 1 (Legal Framework for LI)

Commercial In Confidence Page 6 of 15 3. LI Procedures is a system and, like every system its operation - involves Technology (Hardware, Software, Networks) People (Law Enforcement Agencies, Government and Legislation authorities, Network and Service provider employees) and Official Procedures that have to be followed in order for the interception to be legal, and in order for the evidence collected to be admissible for prosecution by the Judicial Authorities. LI is regulated and procedures exist worldwide for its enforcement. Variations may exist from country to country but the following concept is a common practice: 1. The Law Enforcement Agency prepares a warrant authorizing interception of communications against a person 2. The Warrant is approved by the responsible Judicial Authority 3. The Warrant is then served on communications company(ies) 4. Communications company(ies) initiates the warrant on their network 5. When warranted party carries out communications, it and associated information are transmitted to the Law Enforcement Monitoring Facility (LEMF) of the Law Enforcement Agencies (LEA) The above mentioned procedures, which are schematically depicted in figures 2 and 3, are in place in order to safeguard that the individual parties involved can not take advantage of the LI capabilities for unlawful and unjustified purposes. The transmission of the information intercepted is transmitted via the handover interfaces which are further described in chapter 4. According to ETSI standards, safeguarding the integrity and confidentiality of the information transmitted via the handover interfaces is an obligation of the Service Provider/Network Operator. In this regard basic measures that must be followed include restricting to a minimum the interception involved personnel, ensuring that the interception takes place and is contained in specific rooms/locations which restricted access, ensuring that the product of the interception is transmitted/delivered only to the authorized Law Enforcement Monitoring Facility (LEMF) following manual and electronic (if available) authentication procedures, strictly monitoring and enforcing access control and non repudiation measures for enabling and disabling of the LI capabilities. Asymmetric Encryption via Public Key Infrastructure is a technology that fulfills most of the above mentioned security requirements, thus Solutions are usually PKI enabled.

Obrela Security Industries Commercial In Confidence Page 7 of 15 Government / Legislation Warrant issuing Law Enforcement Agencies (LEA) Interception request Enter interception Warrant Solution Service Provider Monitored elements S u n LI Filter Cellular, Fixed networks E-Mail VoIP Internet Access Figure 2 Basic Interception Process Request

Obrela Security Industries Commercial In Confidence Page 8 of 15 Government / Legislation Law Enforcement Agencies (LEA) Intercepted information is delivered standard compliant to LEA Service Provider Solution Information S u n LI Filter Cellular, Fixed networks E-Mail VoIP Internet Access Figure 3 Basic Interception Process - Delivery

Commercial In Confidence Page 9 of 15 4. Architecture Overview Although the detail of LI may vary from country to country we can look at the general logical and physical requirements and also explain much of the common terminology used. The primary purpose of the service provider network is to enable private communications between individuals while any LI functionality built into the network must not affect the normal service to those individuals. According to ETSI The generic Handover Interface adopts a three-port structure such that administrative information (HI1), Intercept Related Information (HI2) and the Content of Communication (HI3) are logically separated. Figure 4

Commercial In Confidence Page 10 of 15 4.1 Basic Elements of LI The basic elements required in order to perform are the Internal Intercept Function (IIF) in the network nodes of the Carrier/Service Provider (Figure 4 Switches Servers Network Elements), the Mediation Function (MF) between the Carrier/Service Provider and Law Enforcement Monitoring Facility (Figure 4 HI2 and HI3) and the Administration Function (ADMF) to manage orders for interception in the Carrier/Service Provider (Figure 4 HI1). 4.1.1 Internal Intercept Function (IIF) These functions are located in the network nodes where information passes through (Switches, Servers, Network Elements). IIF serves the purpose of filtering capturing forwarding information - Intercept Related Information (IRI) and Contents of Communications (CC)- intercepted from the target and forwarding it to the Mediation Function (MF) Handover Interfaces (HI2 and HI3). In the majority of the implementations IIF is a hardware based solution since it performs a processing intensive task. If this task is left to be performed by the network nodes, delays may occur resulting in the detection of the interception. 4.1.2 HI 1 Administration Function (ADMF) Handover Interface 1 (HI 1) is concerned with the flow of the warrant specific information. A warrant specifies the target which the LEA wants to be intercepted. Consequently the Carrier/Network Operator (NOT the LEA) loads the warrant on the LI administration system which reports significant events to the LEA such as when the warrant was loaded, when it was activated and deactivated. In the case of the electronic LI each target requires a Warrant ID and Case ID assigned by the LEA. Each case may require IRI or CC or both to be intercepted. Each task is assigned a start date and an end date, upon which the case will expire. The ADMF is typically responsible for auditing the IIFs to ensure that the target lists match and that there are no differences or discrepancies. In the majority of the implementations LI Administration Function (ADMF) is based on a security hardened management system and provides a secure method of targeting and routing intercept traffic via a secure connection with one or more IIFs and Mediation Function (MF) units. The ADMF must be accessed only by authorized users as it manages

Commercial In Confidence Page 11 of 15 the deployment of tasks to all the other LI elements. The Administration Function (ADMF) makes the requests for the interception, the IIF collects Intercept Related Information (IRI) and Contents of Communication (CC) and the Mediation Function (MF) converts them to a generic format and sends them to the Law Enforcement Monitoring Facility (LEMF). 4.1.3 Mediation Function (MF) The Mediation Function (MF) serves the purpose of communicating with the IIFs and performing the mediation and delivery functions from the IIFs to the (LEMF). Specifically, the MF receives IRI and CC data from the IIFs in a generic format and translates them to a specific format required by the LEA. The MF uses the Handover Interface 2 for transmitting Intercept Related Information (IRI) such as who is calling whom and where from, service information such as, in the case of a cellular interception, the nearby antennas and their relevant signal, which can determine the location of the subject intercepted with very high accuracy usually within a range of 2 to 50 meters. The accuracy is dependent on various parameters such as the number of antennas in the region, the type of network used (GSM or 3G), the signal strength etc HI2 is often the most important part of the intercept since LEAs are usually more interested in who is talking to who rather than in what they are actually saying. Handover Interface 3 is used by the MF for transmitting Content of Communication such as the actual Voice content, Faxes, SMS, Videoconferencing, E-mail, Internet IP packets, etc. The Mediation Function (MF) receives target details from the Administration Function (ADMF) and validates the received IRI and CC data to ensure that only the warranted data is passed to the Law Enforcement Monitoring Facility. The Mediation Function (MF) may support forwarding of the intercepted traffic to multiple Law Enforcement Monitoring Facility interfaces.

Commercial In Confidence Page 12 of 15 5. Conclusion There is a very fine line between Lawful and Un- which is dependent primarily on the legal and regulatory framework, followed by the policies and procedures involved in its utilization monitoring and inspection and finally on the technology involved. In most EU countries the Legal and Regulatory Framework for LI already exists, and where it does not exist it will be developed according with the EU Directive of December 2005. In addition, the technology involved is very well standardized and documented worldwide since interoperability is a major requirement for LI solutions. In other words almost every LI solution is similar to every other LI solution. This leaves us with the weakest link in ensuring that LI solutions are utilized only by authorized people for lawful purposes, which is policies, procedures and common practices in the utilization of the LI system. In this regard, the only way to ensure that such systems will not be used against the human and privacy rights of individuals, for industrial espionage or for counterintelligence is establishing a strict policies and procedures framework such as minimizing the involved individuals from all parties, performing background checks on them, consistently training them in the appropriate use of the system, continuously monitoring and auditing the use of the LI systems -preferably by independent authorities- enforcing four eyes policies for every task involved on an operational level and utilizing authentication solutions that guarantee accountability and non-repudiation. The above mentioned policies may be considered the minimum baseline security policies for the secure operation of LI. LI is very well standardized, regulated and documented worldwide. It is however of imperative importance that when LI solutions are deployed and utilized, conformity with the standards is ensured both from a procedural and from a technological / architectural standpoint due to the immense potential impact when misused or abused.

Commercial In Confidence Page 13 of 15 6. Terminology ADMF CALEA CC ETSI HI IIF INI IRI LEA LEMF LI MF Administration Function Communications Assistance for Law Enforcement Act Contents of Communication European Telecommunications Standards Institute Handover Interface Internal Intercept Function Internal Networks Interface Intercept Related Information Law Enforcement Agency Law Enforcement Monitoring Facility Mediation Function

Commercial In Confidence Page 14 of 15 7. References ETSI TS 102 232 V1.1.1 (2004-02) Telecommunications security; Lawful interception; Handover specification for IP delivery ETSI TS 102 233 V1.1.1 (2004-02) Telecommunications security; Lawful interception; Service specific details for E-Mail delivery ETSI TS 102 234 V1.1.1 (2004-11) Telecommunications security; Lawful interception; Service specific details for Internet Access Services ETSI TS 101 671 V2.8.1 (2003-11) Telecommunications security; Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic ETSI TS 101 331 V1.1.1 (2001-08) Telecommunications security; Lawful Interception (LI); Requirements of Law Enforcement Agencies ETSI TS 133 106 V5.1.0 (2002-09) Universal Mobile Telecommunications System (UMTS); 3G Security; Lawful interception Requirements ETSI TS 133 107 V5.6.0 (2003-09) Universal Mobile Telecommunications System (UMTS); 3G Security; Lawful interception Architecture and Functions ETSI TS 133 108 V5.6.0 (2003-12) Universal Mobile Telecommunications System (UMTS); 3G security; Handover interface for Lawful Interception (LI)

Commercial In Confidence Page 15 of 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information