Lawful Interception Systems. (A Brief Technical Overview)

Similar documents
Deploying Media Probes in Evolving VoIP Networks

Introducing STAR-GATE Enhancements for Packet Cable Networks

WHITE PAPER. Gaining Total Visibility for Lawful Interception

Lawful Interception of VoIP. Rudolf Winschuh Business Development Transaction Security / Telecommunications

Simple Law Enforcement Monitoring

Brocade Telemetry Solutions

IP-based Delivery Network via OpenVPN Provider Handbook

Highly Available Mobile Services Infrastructure Using Oracle Berkeley DB

Recommended IP Telephony Architecture

SIP Trunking with Microsoft Office Communication Server 2007 R2

Lawful Interception of IP Traffic: The European Context

ETSI TS V3.1.1 ( )

Methods for Lawful Interception in IP Telephony Networks Based on H.323

NGN Interconnection Standards & Protocols

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

Barriers to VoIP Deployment and Initiatives to Overcome Them

ETSI TR V1.1.1 ( )

Utimaco LIMS Access Points. Realtime Network Monitoring for Lawful Interception and Data Retention

Integrating Lawful Intercept into the Next Generation 4G LTE Network

ETSI TS V3.1.0 ( )

POSITION PAPER. Regulation of Voice over Internet Protocol Services. Position Paper No. 1 of 2007 LAU/0504/054

Tab 26 Attachment A UEN Commercial VoIP Policy

utimaco a member of the Sophos Group

Lawful Interception in German VoIP Networks

Implementing VoIP monitoring solutions. Deployment note

ERS Canada Service Guide. Version

AdvOSS Session Border Controller

Lawful Interception in P2Pbased

Voice over IP: Forensic Computing Implications

T.38 fax transmission over Internet Security FAQ

P2P VoIP for Today s Premium Voice Service 1

ETSI & Lawful Interception of IP Traffic

BEFORE THE FEDERAL COMMUNICATIONS COMMISSION WASHINGTON D.C

Mobile Wireless Overview

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

UEN GUIDELINES: NETWORK SERVICES VOICE OVER INTERNET PROTOCOL

Why VoIP Peer to Peer and Social Networking providers cannot ignore Legacy Telecoms! Or why Peer to Peer VoIP needs Voip-Pal IP to succeed!

Session Border Controllers in Enterprise

ORDER National Policy. Effective Date 09/21/09. Voice Over Internet Protocol (VoIP) Security Policy SUBJ:

Today s challenges in Lawful Interception. C. Rogialli, October 11, 2005 RIPE MEETING 51 - Amsterdam

UK Interconnect White Paper

Need for Signaling and Call Control

UMTS security. Helsinki University of Technology S Security of Communication Protocols

Migration from TDM to IP in Public Safety Environments: The Challenge for Voice Recording

Charter of Consumer Rights in the Digital World

Secure VoIP for optimal business communication

In this Profile. USA Tel: Fax:

Glossary of Telco Terms

EXPLOITING SIMILARITIES BETWEEN SIP AND RAS: THE ROLE OF THE RAS PROVIDER IN INTERNET TELEPHONY. Nick Marly, Dominique Chantrain, Jurgen Hofkens

Voice over Internet Protocol. Kristie Prinz. The Prinz Law Office

The Internet and the Public Switched Telephone Network Disparities, Differences, and Distinctions

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

ETSI TS V2.1.1 ( )

Prepared by the Commission on E-Business, IT and Telecoms

1. SERVICE DESCRIPTION

Intrado Emergency Routing Service (ERS) Canada Service Guide Version

Internet Protocol (IP)/Intelligent Network (IN) Integration

VoIP P2P: breakthrought technology, lot of hype (after Skype) but which business impacts at the end?

BT IP Exchange helps mobile operators accelerate VoLTE deployment

Cost Effective Deployment of VoIP Recording

BITEK INTERNATIONAL INC PRESENTS: MANAGING VOIP

Understanding IP Faxing (Fax over IP)

VoIP in the Enterprise

connect to SIP over ja.net T A I L O R E D for education

VoIP Timing and Synchronization Best Practices

ETM System SIP Trunk Support Technical Discussion

Service resiliency and reliability Quality of Experience Modelling requirements A PlanetLab proposal. PDCAT'08 - Dunedin December 1-4, 2008

Geographic Routing of Toll Free Services

Application Notes. Introduction. Contents. Managing IP Centrex & Hosted PBX Services. Series. VoIP Performance Management. Overview.

Understanding IP Faxing (Fax over IP)

INTERCONNECTED VOIP REGULATORY COMPLIANCE MANUAL

BITEK INTERNATIONAL INC PRESENTS: VoIP FILTERING

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

How To Use Blackberry Mobile Voice System On A Blackberry Phone

SIP Trunking Configuration with

Medical Grade Network Design and Operation

Calling All Countries: The VoIP Revolution is Here!

TAA: Introduction to Wide Area Networks online course specification

Remote Forensic Software. Dr. Michael Thomas DigiTask GmbH, Germany

SIP Trunking and the Role of the Enterprise SBC

Session Border Controllers in the Cloud

ConneXon s response to Ofcom Consultation Document

PSTN IXC PSTN LEC PSTN LEC STP STP. Class 4. Class 4 SCP SCP STP. Switch. Switch STP. Signaling Media. Class 5. Class 5. Switch.

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

ICTTEN4215A Install and configure internet protocol TV in a service provider network

Comparison of internet connection records in the Investigatory Powers Bill with Danish Internet Session Logging legislation

SERIES A : GUIDANCE DOCUMENTS. Document Nr 3

Transporting Legacy Switched Digital Circuits Using a Packet Network

Voice over IP is Transforming Business Communications

VoIP Overview Wayne Fonteix - AT&T Presented to: NARUC Committee on Telecommunications NARUC Committee on Finance and Technology February 25, 2003

DRAFT Second Circulation for Comments

Requirements of Voice in an IP Internetwork

Networks 2. Gabriela Ochoa University of Stirling CSCU9B1 Essential Skills for the Information Age. Content

White Paper. SIP Trunking. Abstract

ETNO Expert Contribution on Data retention in e- communications - Council s Draft Framework Decision, Commission s Proposal for a Directive

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

U.S. Department of Justice. Federal Bureau of Investigation VIA ELECTRONIC SUBMISSION

Enabling Users for Lync services

CPNI VIEWPOINT 03/2007 HOSTED VOICE OVER IP

WHITE PAPER SIP TRUNKING: HOW TO GET IT AND WHERE YOU CAN EXPECT TO SAVE

Transcription:

Lawful Interception Systems. (A Brief Technical Overview) Hakan EKIZER Chief Advisor, Monitor to KP UNMIK-DOC / Support&Services Cybercrime&Computer Forensics Expert Telecommunications&Networks Specialist What is Lawful Interception? Lawful interception (LI) is the legally authorized process by which a network operator or service provider gives law enforcement officials access to the communications (in every kind of telephone calls, internet traffic and satellite communications etc) of private individuals or organizations. Lawful interception is becoming crucial to preserve national security, to combat crimes and to investigate serious criminal activities. The work in Lawful Interception has its foundation in the European Council Resolution of January 1995 [29] which outlined the International Requirements for the Lawful Interception of Telecommunications now known widely as the IUR. This was the result of several years of work by the European governments in cooperation with Australia, New Zealand, Canada and the USA. The standardization of lawful interception is vital to provide an economically and technically feasible solution that complies with national and international conventions and legislation. ETSI has played a leading role in the standardization of lawful interception since 1991; today work is concentrated in Technical Committee Lawful Interception (TC LI), which enjoys the active participation of the major telecom manufacturers, network operators, Law Enforcement Agencies and regulatory authorities of Europe and from around the world. ETSI s LI work covers the whole spectrum of interception aspects, from a logical overview of the entire architecture and the generic intercepted data flow, to the service-specific details for e-mail and Internet. According to ETSI standards my aim within this white paper is briefly describing How a LI system can build up. You can also find out ETSI documentations for much more detailed and technical information. LI Overview from ETSI Perspective. Lawful Interception (LI) is a requirement placed upon service providers to provide legally sanctioned official access to private communications. With the existing Public Switched Telephone 1

Network (PSTN), Lawful Interception is performed by applying a physical tap on the telephone line of the target in response to a warrant from a Law Enforcement Agency (LEA). However, Voice over IP (VoIP) technology has enabled the mobility of the end-user, so it is no longer possible to guarantee the interception of calls based on tapping a physical line. Whilst the detailed requirements for LI may differ from one jurisdiction to another, the general requirements are the same. The LI system must provide transparent interception of specified traffic only and the subject must not be aware of the interception. The service provided to other users must not be affected during interception. Architecture Overview Although the detail of LI may vary from country to country we can look at the general logical and physical requirements and also explain much of the common terminology used. The primary purpose of the service provider network is to enable private communications between individuals; any LI functionality built into the network must not affect the normal service to those individuals. The architecture requires a distinct separation of the Public Telecom Network (PTN) and the networks used for distribution and processing of LI information. The interfaces between the PTN and the Law Enforcement Monitoring Facility (LEMF) are standardized within a particular territory. LI deals with two products, these are; Contents of Communications (CC) and Intercept Related Information (IRI). Contents of Communications is exactly what it sounds like: the voice, video or message contents. Intercept Related Information refers to the signaling information, the source and destination of the call etc. Figure 1 - General Network Arrangements for Interception (ETSI) Figure 1 shows the logical flow of Intercept Related Information (IRI) and Contents of Communications (CC) from its collection in the Public Network to the handover interface to the Law Enforcement Monitoring Facility (LEMF) as defined by ETSI. In North America CALEA (Communications 2

Assistance for Law Enforcement Act) requires operators to provide LI capabilities. The network architecture and handover specifications are based on the PacketCable surveillance model shown in Figure 2 below, the general architectural similarities can be seen. Figure 2 PacketCable Surveillance Model Figure 3 below shows the high-level functions and interfaces as defined by ETSI, the Mediation Function (MF) provides standardized interfaces, HI2 Intercept Related Information, and HI3 Call Contents, from the Public Telecom Network to the LEA Network. Figure 3 - Distinction between PTN and Law Enforcement Network 3

Basic Elements of LI in a Public Telecom Network There are three primary elements required within the public network to achieve Lawful Interception, these are: An Internal Intercept Function (IIF) located in the network nodes. A Mediation Function (MF) between the PTN and LEMF. An Administration Function (ADMF) to manage orders for interception in the PTN Internal Intercept Function (IIF): These functions are located within the network nodes and are responsible for generating the Intercept Related Information (IRI) and Contents of Communications (CC). Mediation Function (MF): This function clearly delineates the PTN from the LEMF. It communicates with the IIFs using Internal Network Interfaces (INIs) which can be proprietary. The MF communicates to one or more LEMFs through locally standardized interfaces: the Handover Interfaces (HI2and HI3). Administration Function (ADMF): This function handles the serving of interception orders and communicates with the IIFs and MF though an Internal Network Interface. Implementing LI within an VoIP Network One of the primary problems that service providers face when managing VoIP and multimedia calls is the separation of the signaling and media streams. In other words it is quite possible that the two streams may take completely different paths through the network. In addition, even when they do pass through the same device, it may not be aware of the relationship between the streams. Some devices within the network are however specifically designed to understand and manage the separate signaling and media streams session border controllers. Typically located at the borders of the service provider s network, these offer an ideal location to implement the IIF as they receive Intercept Related Information from the signaling stream and can intercept Contents of Communication directly from the media stream. Figure 4 below shows the physical elements of the LI system, their logical functions and the interfaces to the LEMF. (all page) 4

Figure 4 Example Physical Architecture 5

LI Administration Function (ADMF): ADMF is typically implemented on a hardened Management Unit; it provides a secure method to enable traffic to be targeted and routed. The ADMF uses a secure connection to one or more of the IIFs and to one or more Mediation Units. The ADMF is often backed up by a warm standby, which replicates all data between the units. LI Mediation Function (MF): MF performs the mediation and delivery functions, it is typically implemented on a hardened Mediation Unit; it receives generic formatted IRI and CC data from one or more IIFs and translates it into the country specific format for the Handover Interfaces (HI2& HI3) to the LEMF. The MF receives target details from the ADMF and validates the received IRI and CC data to ensure that only the warranted data is passed to the LEMF. The MF usually supports the forwarding of intercepted traffic to many LEMF interfaces simultaneously. The Mediation Unit is often backed up by a slave unit which takes over in case of failure of the primary unit. Internal Intercept Function (IIF): IIF is most effective when implemented in hardware within the network nodes in order to provide the most effective and rapid detection without incurring additional software processing and delays which may allow the presence of the intercept to be detected. The IIF collects Intercept Related Information (IRI) and Contents of Communication (CC) ask requested by the ADMF, and converts these to a generic format which is passed to the MF. Administration Functions The ADMF must only be accessed by authorized users. It will manage the deployment of tasks to the other LI elements. Tasking Targets Each target will require a Warrant ID and Case ID assigned by the LEA. Each case may require IRI or CC or both to be intercepted. Each task is assigned a start date and an end date, upon which the case will expire. Auditing Tasks The ADMF is typically responsible for auditing the network of IIFs to ensure that the target lists match; differences should be automatically reconciled. Mediation Function Configuration Each interface to the LEMF must be individually specified to match the required standard output. Information Volatility Essential target information must be encrypted by the ADMF and any information stored in the IIF in encoded form, thereby preventing unauthorized access to sensitive warrant information. Any information stored within the IIF should be stored in volatile memory, so that this information is erased 6

if a component of the network node is removed or powered down. Only the encrypted database of the ADMF should be maintained during power-down situations. In the event of a link failure between the MF and the LEMF the intercept products may be buffered for a short time in memory only. Any long term failure of the interface will result in intercept products being lost this information must not be spooled to permanent storage. Conclusion Recently it has become increasingly clear that VoIP services will be expected to provide Lawful Intercept and Emergency Call Handling services to the same level experienced in the PSTN. The FCC in North America for example has mandated that both emergency calls and Lawful Intercept must be available. Whilst not all countries mandate this capability, any network operator building a publicly available voice or multimedia over IP service today will need to plan a network which is flexible enough to implement these regulatory services in the future. Session border controllers are being deployed at strategic points within VoIP networks to execute a number of access, security and quality management roles; they offer an ideal location to implement a Lawful Intercept solution. Carrier class SBCs already offer the levels of redundancy and resilience to provide five 9s availability, further endorsing their suitability for the location of the IIF. Terminology ADMF Administration Function CALEA Communications Assistance for Law Enforcement Act CC Contents of Communication ETSI European Telecommunications Standards Institute HI Handover Interface IIF Internal Intercept Function INI Internal Networks Interface IRI Intercept Related Information LEA Law Enforcement Agency LEMF Law Enforcement Monitoring Facility LI Lawful Interception MF Mediation Function PSTN Public Switched Telephone Network PTN Public Telecom Network VoIP Voice over IP References ETSI TS 101 331 - Telecommunications security; Lawful Interception (LI) Requirements of Law Enforcement Agencies ETSI TR 101 943 - Telecommunications security; Lawful Interception (LI); Concepts of Interception in a Generic Network Architecture ETSI TS 101 671 - Telecommunications security; Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic PKT-SP-ESP1.5-I01-050128; PacketCable 1.5 Specifications; Electronic Surveillance A summary of the ETSI LI specs is located at:http://portal.etsi.org/li/summary.asp Current ETSI specs can be downloaded from:http://portal.etsi.org/li/status.asp Current PacketCable specs can be found at:http://www.packetcable.com/specifications/ 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information