Download presentation
1
EduCause LI Overview February 2007
Craig Mulholland
2
Disclaimers It is Cisco's intent to support its customers by developing products that will help them meet the requirements of the law Customers are strongly advised to seek qualified legal counsel to advise them about the extent of their obligation under Lawful Intercept regulations and laws in each country in which they operate The Contents of this Presentation Do Not Constitute Legal Advice nor Does Cisco Guarantee the Accuracy or Completeness of Such Information
3
Agenda Regulatory Changes
T1.IAS - Lawful Intercept for Internet Access and Services (IAS) (US only) Implementation Options Service Independent Intercept (SII) Architecture
4
Regulatory Changes
5
Regulatory Changes United States (US) – Compliance Deadline:
24 September 2005 – FCC issued First Order – CALEA applies to interconnected VoIP and facilities-based Broadband Internet Access 3 May 2006 – FCC issued Second Order – defers definitions to standards, affirms deadline 5 May 2006 – Appeals court oral arguments on First Order 9 June 2006 – Appeals court affirmed FCC decision to apply CALEA to interconnected VoIP and facilities-based broadband Compliance Deadline: 14 May 2007
6
Regulatory Changes
7
LI Architecture Requirements
Service Provider must be able to provide: Communication-Identifying Information (CmII) Dialed Digits (Voice Calls) Subject login (data) Network Addresses (& ports??) (data) Content of Communication (CC) Audio Content of Voice Call Packets to/from subject Must be able to correlate Communication Identifying Information with Content of Communication
8
T1.IAS Lawful Intercept for Internet Access and Services
9
T1.IAS Lawful Intercept for Internet Access and Services (IAS)
Issue S086 - Ballot Closed 11/14/2006 13 “YES” Votes - 8 with comments 3 “NO” Votes 3 abstentions Interim Meeting Austin, November to resolve Ballot comments Law Enforcement “NO” votes unresolved - “buffering issue” Default Ballot recommended at close of meeting Default Ballot closed in January 1 “Yes” vote changed to “No” 1 “No” vote changed to “Yes” Comment resolution scheduled for February meeting
10
T1.IAS T1.IAS divides the subject’s session into two states
The “Access Session” state - logon, logoff, and failure or rejection events during the logon process The “Packet Session” state - subject has been granted access to the Internet and is ready to transfer data Not all networks can report all events, eg. “always on” scenarios may not be able to report some access events
11
What is Communication Identifying Information (CmII) for Internet Access??
Access Session Events – Access Attempt, Access Accepted, Access Failed, Access Session End, Access Rejected, Access Signaling Message Report Packet Session Events - Packet Data Session Start, Packet Data Session Failed, Packet Data Session End, Packet Data Session Already Established, Packet Data Header Report, Packet Data Summary Report Packet Data Header Report, and Packet Data Summary Report are used to report Packet Header information for Internet sites visited by the subject
12
T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI IRI Access Attempt: Case ID, IAP, Time, Subscriber ID Access Request Target Subscriber Aggregation Router Data Stream
13
T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI IRI Access Accepted: Case ID, IAP, Time, Subscriber ID, Access Session ID Target Subscriber Access Accept Aggregation Router Data Stream
14
T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI Intercept Request Intercepted Data Packet Data Session Start: Case ID, IAP, Time, Subscriber ID, Packet Session ID, IP Address Target Subscriber Aggregation Router Data Stream
15
T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI Packet Data Header Report: Case ID, IAP, Time, Packet Session ID, IP Packet Headers Intercept Request Intercepted Data Target Subscriber OR Packet Data Summary Report: Case ID, IAP, Time, Packet Session ID, IP Packet Header Summary reports Aggregation Router Data Stream
16
T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI CC Intercept Request Intercepted Data Content Delivery, if authorized Target Subscriber Aggregation Router Data Stream
17
T1.IAS - Issues $$ Buffering/Short term Storage – Law enforcement has requested buffering and file management, not included in standard - Alternate standard for buffering in progress IP Packet Headers – port numbers required as a result of ballot comment resolution
18
Implementation Options
19
Passive Equipment Involves placement of new equipment in strategic locations in the network to access ‘signaling’ and ‘content’ information of interest. Pros: Does not require changes to existing network element hardware and/or software Cons: Additional equipment required. Amount of equipment required can be reduced by physically moving equipment, as required. Additional O&M costs Not capable of intercepting information that remains local to the edge network element Cost: Passive equipment: $35K +++ ea. Mediation Device: $75K + (based on number of subscribers)
20
Intercept Capable Network Elements
Adds interception capability to existing network elements Pros: Reduced cost by leveraging existing infrastructure Reduced O&M costs Cons: Functionality may not be supported on all platforms in the network. If it is supported, hardware upgrades (memory, processor, etc.) may be required Interception introduces an impact to network element performance Cost: Network element S/W licenses: $0 - $15K+ ea Mediation Device: $75K + (based on number of subscribers)
21
Hybrid Combination of passive equipment and intercept support
Provides flexibility of passive equipment solution with cost advantages of intercept support on network elements Augments network element intercept capability Offloads network element for large bandwidth intercepts Pros: Most comprehensive and cost effective solution Most flexible solution for CALEA compliance in multi-vendor network Cons: Somewhat higher O&M and equipment costs Cost: Network element S/W licenses: $0 - $15K+ ea Passive equipment: $35K +++ ea. Mediation Device: $75K + (based on number of subscribers)
22
Trusted Third Party (TTP)
TTP becomes agent of record for Service Provider Assumes all responsibilities and obligations Pros: Continued protection from criminal & civil liability Reduces operating costs and conserves capital Assumes risk and up-front investment (personnel, technology) Future-proof services Cons: CALEA activities are handled by third party TTP requires access (physical and admin) to your network Cost: Initial assessment/setup fee: $10K+ (depends on size of network) Monthly service fee: $1.5K+ (depends on size of network) Per intercept fee: Records production = $500?, Pen/Trap = $1000?, Full Content = $1500? (Reimbursable by LEA)
23
Service Independent Intercept (SII) Architecture
24
Key Cisco SII Architecture Features
Standard architecture (same for voice or data) Places control of LI on Mediation Device (instead of on call control equipment) Separates lawful intercept control from call control Common interface to Mediation Device and Call Control partners Modular architecture, easily adapted to regional requirements through mediation device
25
Generic View of the LI Architecture
Demarcation Point (SP, LEA Responsibility) Service Provider LI Administration Function Law Enforcement Agency (LEA) Intercept Related Info (IRI) Intercepting Control Element (ICE) Request Mediation Device Collection Function IRI Communication Content (CC) Request Content Information for the Same Intercept May Be Sent to Multiple LEAs Intercepting Network Element (INE) Request Access Function (AF)/ Intercept Access Point (IAP) Cisco Equipment 3rd Party Equipment
26
Cisco Service Independent Intercept
Configuration Commands Service Provider LI Administration Function Voice - Call Agent Data - Radius, AAA Law Enforcement Agency (LEA) Intercept Related Info (IRI) Intercepting Control Element (ICE) Request Mediation Device Collection Function IRI Communication Content (CC) Request Content RADIUS Event Messages RTP or UDP transport for delivery Intercepting Network Element (INE) SNMPv3 Cisco Equipment Voice - Edge router, Trunk G/W Data – Access/Aggregation router 3rd Party Equipment
27
IETF—RFC 3924 Lawful Intercept Architecture Reference Model HI1(a) b c
Law Intercept Administration Function HI1(a) Law Enforcement Agency (LEA) MD Provisioning Interface b c HI2(g) Intercept Related Information (IRI) IAP Mediation Device (MD) e HI3(h) HI3(h) IRI (e) d f Intercept Request (d) Intercepted Content (f) Content Intercept Access Point (IAP) User Content User Content Service Provider Functions Lawful Intercept Architecture Reference Model
28
Cisco Lawful Intercept Architecture
IETF first draft June 2003 IETF second draft October 2003 Informational RFC 3924 adopted October 2004 Modular architecture—adapts to regional requirements via partner equipment (mediation device) Key Features: Common architecture (SII) for voice and data Separation of intercept control from call control (voice) and session control (data) Controlled by mediation device Standardized interface for mediation device to provision intercepts via SNMPv3
29
LI Architecture—Voice Intercept
LI Administration Function Gatekeeper, SIP Proxy, Call Agent Admin 2 Admin (HI1) 1 Collection Function LEA Config 3 Mediation Device IRI 6 IRI 5 CC 11 Intercept Request 8 Intercepted Data 10 Call Control 4 7 Call Control Target Subscriber CPE Adapter or IP Phone CPE Adapter or IP Phone 9 Aggregation Router Aggregation Router RTP Stream
30
LI Architecture—Data Intercept
LI Administration Function AAA Server (Cisco Access Registrar, Other) Admin 2 Admin (HI1) 1 Collection Function LEA Config 3 Mediation Device IRI 6 11 IRI 5 10 CC 14 Config 3 Acct Start 9 Sniffer/ Probe Intercept Request 7 Intercepted Data 13 Access Request 4 Target Subscriber Access Accept 8 12 Aggregation Router Data Stream
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.