DECISION Group Inc.
Decision Group Monitoring Center Solution on Internet Access for LEA or Intelligence
A legally sanctioned official access to private communications of specific targets through – telephone calls – messages – … A security process: through which a communication service provider collects and provides law enforcement with intercepted communications of private individuals or organizations. What is Lawful Interception
What Challenges to Current LI Based on old telecom network of voice analog technology without support of new IP technology All batch job task without quick response to immediate events LI result report acquired one or two days later because of batch processing tasks Only on voice and without on the scope of many other popular online services Cyber crime rings rely on 60% on voice and and 40% on other social media, instant message, and interactive tools… Current Out-of-Date LI Technology cannot Mitigate the Risk of Attacks from Crime Rings
For both Telecom and Network Environment Compliant with ETSI or CALEA Standards Getting IP packet data stream from Telecom and Internet Service Providers Decoding as many protocols as possible Data retention capability for long term tracking and reporting Easy to deploy and manage with high security control New Criteria for LI
Scenario and Actors for LI target Correspondent Handover interface Interception interface Regulators Service Providers Mediation Vendors Collection Vendors Interception Vendors Monitor
ETSI Lawful Interception Model LEMF Network Internal Functions Intercept related information (IRI) Content of Communication (CC) Administration function IRI Mediation function Content Mediation function IIF INI HI1 HI2 HI3 IIF: Internal interception Function INI: Internal Network Interface HI1: Administraive Information HI2: Intercept Related Information HI3: Content of Communication NWO/AP/SvP Domain Interception Vendors Mediation Vendors Collection Vendors
LI LEA LI ISP Court Investigator Crime Investigation Cycle with LI Interception & Filtering Delivery Target Provision Warrant Management Decoding & Reconstruction Deep Content Inspection Presentation GSN Core Router BRAS AAA IP Data -Control Plane -User Plane
Wired IAS Passive Interception
Wired IAS Active Interception
Wireless 3G Passive Interception
iMonitor (I) Warrant Management - Target type ISP account(RADIUS), CPE MAC address(RADIUS), MSISDN(Phone Number) - Warrant/Target life cycle management Quest for the target context Set start-time and end-time for the warrant /target Suspend receiving data for time-out warrant/target LEMF interface - ETSI TS /2/3 - DG proprietary interface Warrant Managemen t Presentation Decoding & Reconstruction Deep Content Inspection
iMonitor (2) Decoding and Reconstruction - Receive data through handover interface - Protocol decoding and reconstruction Instant Message: MSN messenger, Yahoo messenger, Facebook IM… Mail: POP3, SMTP, web mail VoIP: SIP, H.323, RTP, Codec(G.711/G.729) Social Network: Facebook, Plurk, Twitter, Youtube… Other common protocols: HTTP, Telnet, FTP, …. - Protocol decoding and recognition : Skype, What’s app, LINE… Warrant Managemen t Presentation Decoding & Reconstruction Deep Content Inspection
iMonitor Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…
Content of Facebook, friend list and attached files iMonitor Sample: Facebook
Whois function provides you the actual URL Link IP Address HTTP Web Page content can be reconstructed iMonitor Sample: HTTP (Web Link, Content and Reconstruction)
iMonitor Sample: HTTP Upload/Download
iMonitor (3) Deep Content Inspection - Advanced and fast keyword search on reconstructed content - Identity link and communication link discovery System Capacity - 400Mbps - Max number of provision targets: - Max number of inspector: 20 Server Hardware(recommended) - HP DL380 Warrant Managemen t Presentation Decoding & Reconstruction Deep Content Inspection
Alert configured from different service categories and different parameters such as key word, account, IP etc. Alert can be sent to Administrator by or SMS if SMS Gateway is available. Throughput alert function also available! iMonitor Sample: Alert and Notification – Alert with Content
Complete Search – Full Text Search, Conditional Search, Similar Search and Association Search Conditional Search Full Text Search Association / Link Search iMonitor Sample: Search – Full Text, Condition, Association