Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lawful interception and Retained Data

Similar presentations


Presentation on theme: "Lawful interception and Retained Data"— Presentation transcript:

1 Lawful interception and Retained Data
Presentazione per l’Osservatorio Sicurezza Anfov Autore:Dionisio Zumerle Technical Officer - ETSI © ETSI All rights reserved Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

2 Why Lawful Interception implementation in EU
17th January 1995: EU Council of Ministers adopted resolution COM 96/C329/01 on Lawful Interception “The providers of public telecommunications networks and services are legally required to make available to the authorities the information necessary to enable them to investigate telecommunications” Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

3 What is Lawful interception?
A legally sanctioned official access to private communications telephone calls messages A security process: a communication service provider collects and provides law enforcement with intercepted communications of private individuals or organizations Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

4 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Regulators Scenario and actors Correspondent Interception interface Providers Interception Vendors Mediation Vendors target Collection Vendors Handover interface Monitor Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

5 Why standardisation of LI?
Easier to define own LI mechanism Guidance is given for network architecture No need to define/invent complete own LI system Less expensive LI products Manufacturers need to develop one basic product National options are additional Intercepted result is meeting international requirements by Law Enforcement Agencies Worldwide input Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

6 Lawful Interception TC in ETSI
ETSI/Technical Committee Security (TC SEC) Working Group Lawful Interception (SEC-WGLI) (1997) ETSI/Technical Committee Lawful Interception (TC LI) Established as stand-alone TC in Oct 2002 Meetings Three plenary meetings a year (65-75 participants) Rapporteur meetings on specific technical issues (4 Rapp meetings per year average, participants) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

7 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
What does ETSI TC LI do? Cost Political Interception Business Handover Legal Retrieval Analysis process Relations Storage Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

8 Participation in ETSI TC LI
Law Enforcement Agencies / Governments organisations NL, UK, DE, AS, S, GR, ES, FR, RU, FIN, IT, NO, CY, HU USA, CA, AU, KR Operators KPN (NL), DT (DE), BT (UK), TeliaSonera (S), Inmarsat, Telenor (NO), UPC, Telecom Italia, Telstra (AU), T-Mobile (DE), Vodafone (DE) Manufacturers (switch) Nokia Siemens Networks, Ericsson, Cisco, Alcatel Lucent, Nortel, Marconi, Motorola Manufacturers (mediation / LEA equipment) Pine Digital Security, Aqsacom, ETI, VeriSign, Siemens, GTEN, Utimaco Safeware, Verint, Detica, NICE Systems, Thales, AREA, ATIS Systems, SS8, Spectronic, Group 2000, ZTE Manufacturers may be active in all areas Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

9 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
LI Handover Interface Handover Interface for Lawful Interception (TS ) Generic flow of information and procedures and information elements Applicable to any future telecommunication network or service Circuit switched and packet data Covered technologies: PSTN/ISDN GSM UMTS (CS) GPRS TETRA wireline NGN (including PES) wireline IMS PSTN simulation Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

10 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
The ETSI LI Model Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

11 Types of Lawful Intercepted data
Content of Communication (CC) Information exchanged between two or more users of a telecommunications service Intercept Related Information (IRI) Collection of information or data associated with telecommunication services involving the target identity: communication associated information or data (including unsuccessful communication attempts) service associated information or data (e.g. service profile management by subscriber) location information Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

12 Handover Interface ports (TS 101 671)
HI1: for administrative information Request for lawful interception: target identity, LIID, start/duration, IRI or IRI+CC, IRI delivery address, CC delivery address, ... Management information HI2: for delivery of Intercept Related Information All data related to establish the telecommunication service and to control its progress Correlation information HI3: for delivery of Content of Communication Transparent en-clair copy of the communication For each target identity related to an interception measure, the authorized CSP operator shall assign a special Lawful Interception IDentifier (LIID), which has been agreed between the LEA and the CSP. For each activity relating to a target identity a CID is generated by the relevant network element. The CID consists of the following two identifiers: - Network IDentifier (NID), consists of one or both of the following two identifiers: NWO/AP/SvP- identifier (mandatory): unique identification of CSP. Network Element IDentifier (NEID) (optional): the purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc. - Communication Identity Number (CIN): The Communication Identity Number (CIN) identifies uniquely an intercepted communication session within the relevant network element. Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

13 Parameters in IRI records (TS 101 671)
LI related identities LIID, target, network operator, network element, call ID, ... Timestamp Intercepted call direction (to / from target) Intercepted call state (in progress, connected) Address: Calling party / Called party / Forwarded-to-party / .. E164, TEL URI, IMSI, IMEI, MSISDN, SIP URI, … Ringing tone duration / conversation duration Type of intercept: PSTN, ISDN, GSM (CS), TETRA, GPRS (PD), UMTS (CS) Supplementary service information Location information National parameters IRI record type (Begin, Continue, End, Report) .... Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

14 Handover of LI via IP Networks
TS : Delivery of IP based interception Handover aspects (based on TS ) for IP-based platforms Header added to IRI and CC sent over the HI2 and HI3 interfaces Protocols for transfer of IRI and CC across HO interfaces Other parts define the service-specific IRI data formats Generic header information to be added to HI2 and HI3 traffic LIID Communication Identifier Sequence number Timestamp Payload direction IRI record type (Begin, Continue, End, Report) ... Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

15 IP Service-Specific Details (SSD)
TS : SSD details for Services Description for handover of messages (POP3, IMAP4) TS : SSD for Internet Access Services Description for handover of Internet Access Information and TCP/IP information (DHCP, RADIUS) TS : SSD for Layer 2 Services Description for LI functionality of Layer 2 access TS : SSD for IP Multimedia Services Based on SIP and RTP, and services described by ITU-T H.323, H.248 TS : SSD for PSTN/ISDN Services TS : SSD for Mobile Packet Services (drafting stage) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

16 SSD for IP multimedia Services
TS IP HO Family part 02 SSD for Services part 03 SSD for Internet Services part 04 SSD for Layer-2 Services part 05 SSD for IP multimedia Services part 06 SSD for PSTN/ISDN Services SSD for Mobile Services Application part 07 Presentation Generic Headers Handover manager Delivery session Transport layer Network layer Session Transport Network and below Delivery network TS Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

17 Reference model for LI in IP networks (TR 102 528)
(ETSI TR ) CSP Domain HI LEA Domain (ETSI TR ) HI1 LI Administration Function Authorisation (AF) authority / Law INI1b INI1a INI1c Enforcement Intercept Related Agency Information Internal INI2 Interception Function (IRI - IIF) CCTI Content of Lawful Communication Interception Law Trigger Function Mediation Enforcement (CCTF) Agency Function CCCI HI2 (MF) (IRI) Content of INI3 Communication HI3 Internal Interception (CC) Function (CC - IIF) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

18 LI scenario on a VoIP MM platform (TR 102 528)
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

19 Basic IP Multimedia message exchange (TR 102 528)
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

20 General on security of LI
Protection of Target information Protection of Rooms, Systems, Connections, Signalling Local staff Only authorised personnel has knowledge that interception has been activated on a target Target Target should not be able to detect that interception is taking place Other parties Other parties of any telecommunications service should not be able, by any means, to detect that any interception facility has been (de)activated or that interception is taking place DTR/LI-00044 Security framework in Lawful Interception and Retained Data environment Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

21 LI specifications in 3GPP and TISPAN
TS (3GPP TS ) Lawful interception requirements provides basic interception requirements partly based on ETSI TS 101 331 TS (3GPP TS ) Lawful interception architecture and functions TS (3GPP TS ) Handover interface for Lawful Interception TS NGN Lawful Interception; Lawful Interception functional entities, information flow and reference points Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

22 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Retained Data in EU 15th of March 2006: the European Parliament and the Council of the European Union adopted Directive 2006/24/EC on Data Retention “Data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks need to be retained” Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

23 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Relation of RD to LI Retention of Data is similar to LI Process of providing information on private communications Legally sanctioned Concerns stored traffic, rather than traffic in transit (LI) In ETSI, the stakeholders are the same Regulators LI equipment vendors Telecom equipment vendors Communication Service Providers Similar technology and protocols Similar EU Regulatory framework Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

24 Applicability of the Directive
The content of the communication (CC) is not part of the directive only signaling (IRI) Storage of all types of communication: Wireline Wireless Internet services Successful AND unsuccessful communication attempts Provided data must identify: source of a communication destination of a communication date, time and duration of a communication the type of communication users' communication equipment location of mobile communication equipment Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

25 Retained Data Handover Interface
Handover Interface HI-A administrative Requesting Authority / Law Enforcement Agency Communication Service Provider Handover Interface HI-B transmission RD material Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

26 Retained Data Handover Protocol
CSP Successful delivery LEA REQUEST: Request for Retained Data (HI-A) REQ(ACK): Acknowledge request (HI-A) Results of RD request (HI-B) RESPONSE: confirm results have been sent (HI-A) RES(ACK): Acknowledge Res message (HI-A) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

27 Modular approach Framework standard
Message sets for request and delivery Secure and reliable transport Annex: PSTN Annex: GSM Annex: Internet access services Annex: Multi-media services Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

28 Actual RD working/study issues in TC LI
ETSI TS (to be published) Requirements of LEAs for handling Retained Data guidance and requirements for the delivery and associated issues of retained data of telecommunications and subscribers set of requirements relating to handover interfaces for retained data requirements to support the implementation of Directive 2006/24/EC ETSI TS (to be published) Handover interface for the request and delivery of retained data handover requirements and handover specification for the data that is identified in EU Directive 2006/24/EC on retained considers both the requesting of retained data and the delivery of the results defines an electronic interface Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007

29 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
More information L i Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007


Download ppt "Lawful interception and Retained Data"

Similar presentations


Ads by Google