Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Lawful Interception Interception challenges and Handover capabilities Scott Cadzow TC LI Vice Chairman

advertisement 
Lawful Interception
Interception challenges and Handover capabilities
Scott Cadzow
TC LI Vice Chairman
C3L
ETSI Security Workshop
16th January 2006
Sophia Antipolis
16th January 2006
ETSI Future Security Workshop
What is lawful interception?
‰ Used in the support of criminal investigation and to
counter terrorism
‰ Applies to data in transit
¾ It is not a search of records
‰ Applied to any data in transit
¾
¾
¾
¾
¾
¾
16th January 2006
Signalling
Speech
Video
E-mail
Web
Etc.
ETSI Future security workshop
Simple architecture
Correspondent
target
Handover interface
Monitor
16th January 2006
ETSI Future security workshop
More technically
Network (Service provider domain)
Lawful Interception
Administration Function
(LIAF)
Signalling
Lawful
Interception
Interception
Function
Function
(SIF)
(LIF)
X2
Correlation
Content of
Communication
Interception
Function
HI1
Lawful
Interception
Delivery
Function
(LIDF)
HI2
HI3
(CCIF)
X3
16th January 2006
ETSI Future security workshop
Lawful
authorisation
Law
Enforcement
Monitoring
Function
(LEMF)
The architecture - actors
‰ The target
¾ This is the entity against which the interception is made
‰ The correspondent
¾ Who the target is talking to and whose communication with the
target is intercepted
‰ The monitor
¾ The entity that any interception is given to (usually a Law
Enforcement Monitoring Facility (LEMF))
‰ The operator
¾ The entity that serves the target and manages the interception
16th January 2006
ETSI Future security workshop
What interception protocols do
SetInterceptEvent
InterceptActive
SignallingActivity
TrafficAct ivit y
CopyPacket
PrepareIRI
SendPacket
SendIRI
ClearInterceptEvent
16th January 2006
ETSI Future security workshop
The IRI protocol#1
‰ 4 types of IRI record
¾
¾
¾
¾
16th January 2006
Begin
Continue
End
Record
ETSI Future security workshop
IRI Protocol#2
LEA
MF
IRI - Begin
[IRI - Continue]
…
…
[IRI - Continue]
IRI - End
16th January 2006
ETSI Future security workshop
Use of IRI Record Types
Record Type
When record type is used
Begin
First event of a communication attempt, opening the IRI
transaction
Continue
Any time during a communication or communication attempt
within the IRI transaction
End
The end of a communication or communication attempt, closing
the IRI transaction
Report
Used in general for non-communication related events or where
there is uncertainty about the event
16th January 2006
ETSI Future security workshop
Processing of intercepted data
‰ Two models
¾ Encapsulation
¾ Mapping
‰ Encapsulation
¾ Hand over of raw data as it first appears
¾ IRI-Report only used
¾ Information and intelligence captured by Law
Enforcement Agency
‰ Mapping
¾ Gives information and intelligence to LEA
¾ IRI Protocol used (Begin-Continue-End)
¾ Mapping is standardised
16th January 2006
ETSI Future security workshop
Why ETSI?
‰ Source of many communications protocols
¾ Knowledge centre for how to intercept
‰ Membership driven
¾ National and regional requirement to support LI
identified to members
¾ Lower cost to members if protocol and data model is
standard (one model fits wherever the communications
protocols are used)
16th January 2006
ETSI Future security workshop
Specification tools
‰ Data
¾ Defined using ASN.1 for handover
¾ Preferred also using ASN.1 for interception
‰ Protocol
¾ Mostly defined in plain text
¾ Some interception groups use SDL (TETRA), others use
UML (TIPHON/TISPAN) – no fixed rules
16th January 2006
ETSI Future security workshop
Who does what in ETSI?
‰ Division by function:
¾ Handover
¾ Interception
‰ Handover:
¾ Led by TC LI
¾ Defines means for delivering intercepted signalling and
communication to LEMF
‰ Interception:
¾ Performed within technology TBs
¾ Defines how technology specific data is intercepted
16th January 2006
ETSI Future security workshop
The documents (handover)
‰ Architecture
¾ TR 101 943v111, Concepts of Interception in a Generic
Network Architecture
‰ Handover
¾ ES 201 671, Handover interface for the lawful
interception of telecommunications traffic
• This covers handover for 64kb/s switched networks (Annex
A), packet switched handover (Annex B), use of ROSE (or
FTP) for HI2 (Annex C)
¾ TS 102 232, Handover Specification for IP Delivery
16th January 2006
ETSI Future security workshop
The documents (interception)
‰ TETRA: EN 301 040
‰ GSM/3GPP: TS 133 108 V5.3.0 (33.108 version 5.3.0
Release 5)
‰ E-mail: TS 102 233
‰ Internet access: TS 102 234
‰ TIPHON/TISPAN: TS 102 277 (in draft)
‰ ISDN: TR 102 053 V1.1.1
‰ Cable: TS 101 909-20-1, TS 101 909-20-2 (in draft)
16th January 2006
ETSI Future security workshop
Environment fluidity
‰ Communications models and modes change
¾ Pay as you go models
¾ Text and Instant messaging over voice
‰ Operators
¾
¾
¾
¾
Virtual and real operators
Small and large operators
Bit carriers and service providers
Interconnected and discrete
‰ Support of law enforcement stays constant
¾ Criminal behaviour may move, need to stop it remains
constant
16th January 2006
ETSI Future security workshop
Challenges
‰ Encapsulation versus Mapping
¾ Who does the processing?
‰ Broadband
¾ Interception and handover
¾ Identification and capacity
‰ Multi-provider environment
¾ One target many provider relationships
• Network
• Service
• Content
‰ NGN
¾ Object based capabilities rather than services
¾ Open architectures with open provision
¾ End user service logic
16th January 2006
ETSI Future security workshop
Related documents
ITU-T Workshop “New Horizons for Security Standardization” CV
ITU-T Workshop “New Horizons for Security Standardization” CV
ITU-T Workshop “Mobile Telecommunications and Fixed/Mobile Convergence – the realities going forward” CV
ITU-T Workshop “Mobile Telecommunications and Fixed/Mobile Convergence – the realities going forward” CV
Download
advertisement