Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lawful Interception Basics

Published byArron Thompson Modified over 5 years ago

Similar presentations

Presentation on theme: "Lawful Interception Basics"— Presentation transcript:

1 Lawful Interception Basics
April 2018 Utimaco TS, Product Management

2 Lawful Interception Definition
Lawful Interception (LI) refers to the legally approved surveillance of public telecommunication services Important tool for law enforcement agencies (LEAs) around the world for investigating and prosecuting crime and terrorism National laws commonly oblige telecom operators to support LI for public communications services Telecom services under surveillance are defined by national laws, e.g. Telephone calls, Fax, Voic s SMS, MMS Internet data s VoIP, VoLTE, ViLTE calls other Internet services like Instant Messaging, file sharing, etc.

3 Lawful Interception Regulatory Framework LI is about compliance with
National Legislation International Technical Standards Constitution ETSI Telecommunications Telecommunications Laws Lawful Interception ANSI, ATIS Code of Criminal Procedure CableLabs Customs and Police Laws 3GPP National Regulations LI is about compliance with National law National technical regulations International standards Organization Technology Data protection

4 Lawful Interception General Requirements Hard requirements
Compliance with national laws Compliance with national technical regulations Compliance with international technical standards Transparent for users No negative impact on telecom services Highest security demands (privacy, integrity, unimpeachable results, protection against misuse, transparent to persons under surveillance) High reliability of service (24x7) Soft requirements Cost-efficient solution (CAPEX, OPEX) Future-proof system Technical and legal expertise Quality Timely delivery “transparent” : not visible/detectable by subscriber Any professional lawful interception system must fulfill a set of hard and soft requirements. “Hard requirements” are given by regulatory, technical, and economical prerequisites. The mentioned “soft requirements” are additional demands usually requested by the obliged parties

5 Requirements in Practice (example)
Lawful Interception Requirements in Practice (example) The actual requirements for service providers and network operators are defined by national regulations Organisational Requirements Technical Requirements 24x7 service for authorities to accept interception requests Immediate activation of interception decisions Detailed reporting of all interception events Trusted staff Physical access protection Internal and external security audits Standard compliant handover (ETSI or national format/protocol) Real-time interception and delivery Transparent for subscribers (hidden intercept) Full intercept of all telecommunication (no data loss) Complete logging of all events Prevention of misuse, access control Encrypted handover 99.99% availability Organizational and technical requirements by example

6 The Process from Court Order to Delivery of Intercepted Data
Lawful Interception The Process from Court Order to Delivery of Intercepted Data

7 General Architecture (Functional Model)
Lawful Interception General Architecture (Functional Model) Functional Model of Lawful Interception - Access Function : IRI and CC is intercepted within the network operator network - Mediation Function: Mapping of IRI and CC with intercept requests, conversion of data formats and protocols - Delivery Function: Delivery of IRI and CC over standardized interfaces to authorized law enforcement agencies - Collection Function: Receipt and analysis of IRI and CC for interception target Handover interfaces are standardized by international bodies. National regulations usually refer to these standards. Internal Network Interfaces are vendor proprietary or depending on the type of network element. There can be large number of different internal network interfaces in one network. IRI: Interception Related Information CC: Content of Communication x1, x2, x3: Internal Network Interfaces for LI administration, IRI and CC exchange HI1, HI2, HI3: Standard handover interface to the Law Enforcement Agency for LI administration, IRI and CC exchange IRI: Interception Related Information CC: Content of Communication

8 Lawful Interception Utimaco LIMS Overview
System Architecture of Utimaco LIMS™ - Management Server (MS) : includes the administration function for the main system as well as for all connected modules and network elements - Mediation Device (MD) : includes the mediation and delivery function for a specific network element. The mediation device mediates between the internal network interface and the handover interface to the LEA. - Interception Access Points (IAP) : execute the access function within the netwok. IAPs can be either integrated interception capabilities of active network elements or passive filters (probes) that are introduced into the network. - Database, Decoder, Gateway, High-Availability Module, Remote Provisioning Units are mandatory and optional modules of the LIMS system.

9 Lawful Interception Access Methods Active (aka on-switch)
Signaling and media (respectively IRI and CC) are intercepted by internal interception functions of the serving network node (e.g. MSC, SGSN, PGW, SBC, S-CSCF) Passive (aka off-switch) Signaling and media (respectively IRI and CC) are intercepted by probes which filter all data on one or more network links and extract all communication from and to selected targets. Hybrid Is a mixture of active and passive methods where either signaling is intercepted passively and the media is intercepted actively, or vice-versa.

10 Lawful Interception Access Methods Active Passive
Network elements with IIF Active Passive Utimaco LIMS X1’ X1 (target provisioning) X2/X3 (IRI/CC delivery) Network with tap and probe Utimaco LIMS X1 (target provisioning) X2/X3 (IRI/CC delivery) LIMS Access Point Active: LIMS (ADMF) provisions LI targets on network nodes with IIF (Internal Interception Function) over x1 IIF sometimes distributes targets internally to all serving nodes (x1’) IIFs mirror IRI and CC and forward to LIMS (DF) over x2 and x3 interfaces Passive: LIMS (ADMF) provisions LI targets on network probes (LIMS Access Point) over x1 LI Probe monitors a tapped copy of the entire traffic for relevant target data and mirror IRI and CC and forward to LIMS (DF) over x2 and x3 interfaces

11 Active Interception, Pro’s and Con’s
Lawful Interception Active Interception, Pro’s and Con’s Pro Con Cost-efficient, software only, commonly no additional hardware needed Fast deployment, reuse of available network nodes Highly available – same as communication service Works with encryption – if the encryption is terminated at the providers network Standardized. Requirements and general functions covered in common ETSI, 3GPP standards Covers all communication of a target; incl. complex call scenarios, supplementary services Broad vendor support Secure - extra security profile on serving nodes Scalable - scales with the network Vendor-specific LI interface (INI), requires mediation system Some vendors require a license on LI interfaces Limited capacity (number of targets, LI throughput) Trust - some countries don‘t trust the IIF of certain vendors. Broad vendor support: (almost) all vendors provide internal interception functions (except for some legacy voice switches) Secure: IIF are protected by separate security profiles with AAA (Authentication, Authorization, Accounting) and (optional) encryption. In many cases target IDs are available as hashes only (no clear target data at any time). Trust: As target IDs must be available at the IFF (either in clear text or as hash values), there is a risk of exposing sensitive target information to unauthorized persons (e.g. by backdoors, software errors, snooping). This risk can be mitigated by strong security features (see above) and security audits (independent checks, source code analysis, …). Finally, there must be sufficient trust that the IIF as well as the service node(s) are well protected for handling sensitive information.

12 Passive Interception, Pro’s and Con’s
Lawful Interception Passive Interception, Pro’s and Con’s Pro Con Independent of the serving network - no negative impact on performance or availability of the service Transparent - invisible for the subscriber and for the network High capacity - probes are (often) designed to capture large amounts of traffic and support mass monitoring Multi-purpose - probes may be used for multiple purposes at the same time; e.g. LI, performance monitoring, fraud detection, CDR/IPDR generation. DPI – may be used to monitor and intercept various services/protocols at the same time. Secure - probes are segregated and protected from unauthorized access High costs for additional hardware (probes and taps) Finite performance - the probe must fit to the network size and throughput. Growth leads to additional costs. Limited flexibility – (dynamic) changes within the network or services may require changes on the probes which lead to high maintenance costs and outages (e.g. protocols, call flows, new features, etc.) Limited capabilities – (sometimes) probes can not intercept all IRI&CC due to lack of central call control of correlation issues. Unencrypted traffic only - probes do not function on encrypted links, but can process plain data only Deployment issues - deployment of probes (often) requires detailed knowledge about network links and data flows. Not eligible for software defined networks. Limited capabilities : In some cases probes are not able to intercept all call scenarios as they do not have the same knowledge and oversight about logical communication links and status information as the serving call switches; e.g. complex calls flows like call forwarding, conference calls, roaming between networks. In many cases it is difficult to impossible to correlate call data across multiple probes and network links. Missing IRI& CC content: Location information, handset information, call conference & call forwarding complex call scenarios. Supplementary services. No- compliant intercept. Limited Flexibility: Signaling or network topology change; long network outage backward engineer time to investigate. Simple protocol changes can lead to full outage of the passive intercept solution, as the probes can no longer decode the calls or call flows. Dynamics of NFV/SDN make it hard to tap and intercept selected (logical) network interfaces. Legacy probes fail in SDN environments. Project related deployments, every deployment is different, ongoing development and maintenance cost

13 Hybrid Interception, Pro’s and Con’s
Lawful Interception Hybrid Interception, Pro’s and Con’s Pro Con Best of both – in some cases a combination of both methods provides a cost-efficient and fast solution; e.g. dynamic Internet access monitoring: passive AAA interception (RADIUS) + active IP data intercept at a access router (BRAS). Suitable for split signaling and media links. Only useful in certain use cases Only certain use cases: Depending on the type of network and service Example: passive monitoring of RADIUS traffic (as this is a IETF standard with defined data formats, and RADIUS is centralized) + active monitoring of IP data at a router (as most routers provide a IIF)

14 Lawful Interception Standards
LI Standards Organisation/ Region No. Title/Topic Technology ETSI EU, World TS Requirements of Law Enforcement Agencies Generic ES Requirements for Network Functions TS (ES ) Handover Interface for the Lawful Interception of Telecommunications Traffic PSTN, GSM, GPRS TS Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery IP-generic TS Lawful Interception (LI);Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for services TS Lawful Interception (LI);Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 3: Service-specific details for internet access services Internet Access TS Lawful Interception (LI);Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services Internet Access, Layer 2 services TS Lawful Interception (LI);Handover Interface and Service-Specific Details (SSD) for IP delivery; VoIP and other SIP/RTP based services VoIP, multimedia services TS Lawful Interception (LI);Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 6: Service-specific details for PSTN/ISDN services PSTN/ISDN, emulated services TS Lawful Interception (LI);Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services Mobile services TS , TS , TS Universal Mobile Telecommunications System (UMTS); LTE; Lawful interception requirements, Lawful interception architecture and functions, Handover interface GSM, UMTS, LTE ATIS/TIA US, CAN ATIS v2 LAES for Voice over Packet Technologies in Wireline Telecommunications Networks, also: ATIS a.2007, ATIS b.2010 (ATIS v3 on demand) VoIP ATIS Lawfully Authorized Electronic Surveillance (LAES) for IP Network Access IP ATIS LAWFULLY AUTHORIZED ELECTRONIC SURVEILLANCE (LAES) FOR 3GPP IMS-BASED VOIP AND OTHER MULTIMEDIA SERVICES (ATIS v2 on demand) IMS-VoIP J-STD-025-A, J-STD-025-B Lawfully Authorized Electronic Surveillance (LAES) Voice, CDMA2000, VoIP CableLabs, US, World PacketCable 1.5 Electronic Surveillance Specification Voice over Cable (telephony) 3GPP World TS , TS TS Lawful interception requirements, architecture and functions, Handover Interface PacketData, CS Multimedia Services This is an overview of the most relevant LI standards (worldwide, except China, Russia) Not exhaustive

15 Abbreviations CAPEX Capital Expenditure CC Content of Communication
DF2 Delivery Function 2 DF3P Delivery Function 3 for Packet Data DF3CC Delivery Function 3 for Circuit-Switched Call Content GSN GPRS Support Node GGSN Gateway GPRS Support Node GPRS General Packet Radio Service HA High Availablity HI.1/2/3 Handover Interface 1/2/3 HSAP High Speed Access Point ICD Interception Decision IDP Intercept Data Product IMS IP Multimedia Subsystem INI Internal Network Interface IP Internet Protocol IRI Intercept Related Information LEA Law Enforcement Agency LI Lawful Interception LIMS LI Management System MC Monitoring Center NE Network Element OMA Open Mobile Alliance OPEX Operational Expenditure PoC PTT over Cellular PTT Push-To-Talk RAI Remote Administration Interface RM Rack-Mount RPU Remote Provisioning Unit RTP RealTime Protocol SBC Session Border Controller SGSN Serving GPRS Support Node SIP Session Initiated Protocol SSL Secure Socket Layer VoIP Voice-over-IP

16

Download ppt "Lawful Interception Basics"

Similar presentations

1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.

1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.
EduCause LI Overview February 2007

EduCause LI Overview February 2007
1 Requirements Catalog Scott A. Moseley Farbum Scotus.

1 Requirements Catalog Scott A. Moseley Farbum Scotus.
Total LI Compliance using Turn-key Applications and Solutions Rami Mittelman V.P. Product Marketing.

Total LI Compliance using Turn-key Applications and Solutions Rami Mittelman V.P. Product Marketing.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
1 ETSI and Lawful Interception Robin Gape Chair TC Sec WG LI.

1 ETSI and Lawful Interception Robin Gape Chair TC Sec WG LI.
Lawful Interception in 3G IP Multimedia Subsystem

Lawful Interception in 3G IP Multimedia Subsystem
Fixed Mobile Convergence T-109.7510 Research Seminar on Telecommunications Business Johanna Heinonen.

Fixed Mobile Convergence T Research Seminar on Telecommunications Business Johanna Heinonen.
All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균

All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균
Protocols and the TCP/IP Suite

Protocols and the TCP/IP Suite
Ernst Langmantel Technical Director, Austrian Regulatory Authority for Broadcasting and Telecommunication (RTR GmbH) The opinions expressed in this presentation.

Ernst Langmantel Technical Director, Austrian Regulatory Authority for Broadcasting and Telecommunication (RTR GmbH) The opinions expressed in this presentation.
DECISION Group Inc.. Decision Group www.edecision4u.com Mediation Device for Internet Access Provider.

DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.
Security and LI; ETSI’s role in standards

Security and LI; ETSI’s role in standards
Presentation on Osi & TCP/IP MODEL

Presentation on Osi & TCP/IP MODEL
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks
Support Services & IP Multimedia Subsystem (IMS)

Support Services & IP Multimedia Subsystem (IMS)
GSM,GPRS & CDMA Technology

GSM,GPRS & CDMA Technology
June 2006 Roles of Session Border Controllers in IMS Networks CANTO - June 2006.

June 2006 Roles of Session Border Controllers in IMS Networks CANTO - June 2006.
Ronald D. (Ron) Ryan Chair T1P1.SAH Slide 1 Copyright Nortel Networks T1P1/2001-046 Overview 3G UMTS LI Capabilities T1P1.SAH April 2001.

Ronald D. (Ron) Ryan Chair T1P1.SAH Slide 1 Copyright Nortel Networks T1P1/ Overview 3G UMTS LI Capabilities T1P1.SAH April 2001.
STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.

STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.

Similar presentations

Ads by Google