Lawful Interception Case Studies for ISS Solutions
-
Upload
aris-risdianto -
Category
Documents
-
view
353 -
download
2
Transcript of Lawful Interception Case Studies for ISS Solutions
Special Topic of Telecommunication Network
Chapter 7
Case Studies for ISS Solutions
Aris Cahyadi Risdianto23210016
Case Study 1: Wireline Voice Intercept and Surveillance Solutions from Lucent Technologies
Case Study 1: Wireline Voice Intercept and Surveillance Solutions from Lucent Technologies
CALEA function provide by TSP
•Access: network entity intercepts and reports call data and/content to LEA•Delivery: network platform provide interface to LEAs for delivery of call content/data•Administration: capability that establishes and maintains surveillance with TSP
Level of Surveillance
•Level I — call related information: Only call-identifying information (CII) is reported, and it is intended to satisfy pen register and trap and trace court orders.•Level II — call and content related information: The intent is to satisfy a Title-III court order.
Case Study 1: Wireline Voice Intercept and Surveillance Solutions from Lucent Technologies
CALEA Interfaces (SAS, CDC, and CCC)
Surveillance administration system (SAS) for provisioning using existing 5ESS TTY ports
CDC for reporting CII (CDC messages) from the switch to the LEA CCC for delivering call content from the switch to the LEA
Conclusions
J-STD-025 compliance : allowing TSPs to meet their obligations under CALEA
Flexibility: Different LEAs in different locations may require different CALEA interfaces
Cost: Integrated delivery function and dial-out capability significantly reduced the costs
Evolution: Current 5ESS CALEA solution can be adapted to future technologies without any effect
Case Study 2: Lawful Interception in CDMA Wireless IP Networks from SS8 Networks
Case Study 2: Lawful Interception in CDMA Wireless IP Networks from SS8 Networks
Case Study 2: Lawful Interception in CDMA Wireless IP Networks from SS8 Networks
Reference Function
AF through IAP responsible for providing access to an intercept subject’s communications and CII.
DF is responsible for delivering intercepted communications and CII to collection functions.
CF is responsible for collecting lawfully authorized intercepted communications and CII for an LEA. CF handle by the LEA
IAP on the CDMA 2000 Packet Data Network
AAA (IAP for CII) PDSN (call-content IAP for simple IP) HA (call-content IAP for mobile IP)
Case Study 2: Lawful Interception in CDMA Wireless IP Networks from SS8 Networks
Typical call flow scenarios are addressed
Scenario 1: Intercept Provisioning, Target Not Involved in Data Session
Scenario 2: Intercept Provisioning, Target Involved in Data Session Scenario 3: Data Session Termination Scenario 4: Intercept Expiration, Target Inactive Scenario 5: Intercept Expiration, Target Active
Case Study 3: LIs for 3G Networks Using ALIS
Uses of 3G Technology and Implications for Lawful Interception
Voice, increasing proportion of LI requests from LEAs because increasing amount of voice traffic as users migrate from wireline to wireless services.
SMS, LI will have to address growing use of the service among interception targets.
General Internet connectivity, added complication of the mobility of the target, the proportion of Internet communications over mobile networks will grow because more "safer" for crimininals and variety of devices with which to communicate (modem, PDA, etc)
High-speed photo and video clip upload and download, LI need to be prepared to intercept video and still imagery in against abusers.
Multimedia games, LI tracking users and sources of games involving illicit thematic material (child pornography, gambling, and hate targeting).
VoIP, VoIP traffic raises a number of technical and legal issues that cannot be ignored.
Case Study 3: LIs for 3G Networks Using ALIS
Lawful Interception in 3G Networks
Figure 7.16 and Figure 7.17, give visualization of where to capture call data (IRI) and call content and also where LI management functions flow.
Figure 7.18, provide a closer view of interception topology in 3G networks (sufficiently general to include cdma2000) for circuit-switched network operations.
LI management commands are conveyed between the administrative function (ADMF) and other network elements via the X1 interface.
Intercepted call data (IRI) are conveyed via the X2 interface. Intercepted call content is gathered via the X3 interface, and relayed
to LEA using HI3.
Case Study 3: LIs for 3G Networks Using ALIS
Case Study 3: LIs for 3G Networks Using ALIS
Case Study 3: LIs for 3G Networks Using ALIS
Case Study 3: LIs for 3G Networks Using ALIS
Case Study 3: LIs for 3G Networks Using ALIS
ALIS in 3G Networks
Implementation of ALIS as a mediation platform in a UMTS and cdma2000 network shown in Figure 7.20 and Figure 7.21
Important are the call data, call content, and LI management paths leading from ALIS-D and ALIS-M to the appropriate network elements and functions.
Conclusions
The processes are delineated by architectures, such as specified by ETSI, 3GPP, and ANSI, that facilitate systematic implementations and provisioning of LI systems.
The challenges to lawful interception remain, including the need to support a diversity of services, vendor technologies, wireless networking technologies, voice, and a multiplicity of high-speed data services.
Case Study 3: LIs for 3G Networks Using ALIS
Case Study 3: LIs for 3G Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
Interception of Internet traffic involves complications
Target source and destination identities embedded on overall data flow
Target and non-target data are mixed at numerous IP circuits and network elements
Many parties involved in transporting data (access, transport, core) Current laws on how to handle Internet interception are not clear. Separation of applications and data from the flow are difficult There is a lack of standards implementation
Case Study 4: Lawful Interception for IP Networks Using ALIS
IP Interception Examples (Internet Access)
Internet Access Target Identification : LEA must coordinate interception activities with the TSP, regarding IP addresses which assigned through DHCP (including AAA) and fixed IP addresses assigned to customers business (T1, xDSL, etc). Others identifiers (username, ethernet address, Dial-in calling number identity, etc)
Collected Data (IRI) : Identity target, service and access, time of access success or denied, access location, etc. This data delivered to LEA through HI3 interfaces, but make sure LEA not become IP address spoofing
Lawful Interception Configurations for Network Access (shown in Figure 7.24a to Figure 7.24d) : interception points implement internal interception by applying probes or networking interfaces to local networks,access loops, routers, gateways, AAA functions, and so forth
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
IP Interception Examples (Email)
Collected Data (IRI) : Server IP, Client IP, Server port, Client port, E-mail protocol ID, E-mail sender, E-mail recipient list, Total recipient count, Server octets sent, Client octets sent, Message ID, Status.
Internal interception take place in the context of any e-mail server to identify targeted e-mail traffic and route the corresponding call data (CD) information to the mediation platform
LEAs as well must deal with spam to ensure not receive modified header on the email, use reverse DNS lookup practices to authenticate the origination of an e-mail, and subscribe to the e-mail blacklists for spam prevention.
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
IP Interception Examples (VoIP)
Call control events : answer and origination target, release and terminated attempt.
Signaling events : Dialed digit extraction/DDE (captured extra digit after call connected), Direct signal reporting (signaling message), Network signal (activity network for provide signal), Subject Signal (signal initiate features)
Feature use events : signaling associated with conference calling, call transfer, and other call feature
Registration events : occur when the target provides address information to the VoIP network
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
ALIS for IP
ALIS Internet access (Figure 7.28) : data information is extracted from RADIUS server and access termination point (CMTS, DSLAM, or modem pool). An internal intercept function (IIF) in a router replicates call content to and from the target and sends this data to ALIS-D.
ALIS mediation platform for e-mail (Figure 7.29) : Relevant e-mail header and other protocol information captured directly from the e-mail server as call data and routed to ALIS-D for reformatting and delivery to the LEA, while contents of e-mail messages routed to ALIS-D as call content.
ALIS for VoIP Calling (Figure 7.30) : ALIS-M sets triggering events for relevant network equipment, including the call agent (gatekeeper, SIP server, gateway, etc.) and routers assigned to capture data flow. Call data information is extracted via internal interception and sent to ALIS-D for processing.
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 4: Lawful Interception for IP Networks Using ALIS
Case Study 6: Monitoring and Logging Activities
Features of monitoring and logging for conducting LIs:● Site-usage analysis: provides an understanding of how visitors
(target) interact with Web sites● Site-user analysis: particular messages to increase the likelihood that
site visitors (targets) will be interested on web site information● Site-content analysis: analyzes the content and structure of Web sites
that may help indirectly with recognizing usage patterns
Features and Attributes of Monitoring and Logging Tools● Monitoring devices used at distributed locations● Monitors are passively measuring the traffic in the network segments● Data-capturing technique is also very important (location of probe,
capturing schedule, location of logs)● Intelligent filtering during collection and data compression/compaction ● Management of log files is very important (automatic log cycling,
Visitors clustered)● Predefined reports (template) and scheduler report
Case Study 6: Monitoring and Logging Activities
IP Monitoring System (IMS) from GTEN AG● Data Collection and Filtering Subsystem : deployed in strategic field
with DCFD as for target monitoring based on log-in identification.● Mass Storage Subsystem : file server acting as the mass storage
which receive pre-filtered data from data collection and filter subsystem manually or automatic triggered.
● Data Re-Creation and Analysis Subsystem : recorded data viewed by standard browser (example e-mail displayed in e-mail format and an Internet page displayed as Internet page) including WWW sessions, FTP transfer, Email, Chat, Radius, etc.
Typical Monitoring Applications● Web-Site Monitoring : collect all traffic moving to and from a particular
Web site, which done by wiretaps on Internet line and on Radius Server connection in order to correlate data recorded.
● Target Monitoring : monitored target must have unique ID (fixed IP address or user ID in RADIUS server), which DCFD sniff the all the packet after retrieves assigned IP address from RADIUS.
Case Study 6: Monitoring and Logging Activities
Case Study 9: MC Case Examples from Siemens AG
Fixed Network — PSTN● Network Protocols : E1 to network switches and EDSS1 line protocol.● Network Switches : Any manufacturer switch comply to ETSI standard
such as Siemens, Ericsson, Alcatel, and Nokia switches.● Interception and Recording Modes : can be setup as mono or stereo,
and compression mode to save space● Types of Interception : conversation, call-related information, DTMF
transmission, SMS, Fax, and modem● Interception Management Systems : Any IMS comply ETSI standard
such as Siemens LIOS, Utimaco IMS, Ericsson IMS, and Alcatel IMS
Mobile Network — GSM● Feature highlights are identical with intercepting fixed networks.● Add-On Systems : location of the mobile cell is known through GIS
Case Study 9: MC Case Examples from Siemens AG
Case Study 9: MC Case Examples from Siemens AG
Case Study 9: MC Case Examples from Siemens AG
Mobile Networks — GPRS/UMTS● Network Protocols : E1 to network switches and EDSS1 line protocol.● Network Switches : Any manufacturer switch comply to ETSI standard● Interception Types : IP traffic on the packet-switch● Add-On Systems : based on current location information can indicate the
direction of travel● Feature Highlights : IP traffic with the attributes read, view, navigate entire
Web, e-mail, FTP, and chat sessions.
Internet Monitoring● Data Collectors : data collectors to connect points on the Internet to intercept● Internet Applications : all IP traffic with decoding support for Web, Email
(SMTP, POP3, Webmail), and Chat (IRC)● Internet Access Points : collectors to any IP source such as GPRS switches,
ISP SPAN ports, Internet backbone links, orInternet core computers● Physical Interfaces : support many physical interfaces include Ethernet 100
Mbps, Ethernet 1000 Mbps, and OC3● Filtering : applied by the MC mediation device to collector, and filters IP data● Back-End Internet Applications : operator can replay visited Web sites and
viewed Web pages by the target user● Interception Management Features : offered a single unified set of interception
management features
Case Study 9: MC Case Examples from Siemens AG
Case Study 9: MC Case Examples from Siemens AG
Conclusion
Case studies, in addition to the necessary level of awareness regarding product features, can help provide an understanding of how to deal with practical solutions. This chapter has addressed nine different cases — with some overlaps — that represent actual telecommunications services and products.
These case studies, e.g., for wireless networks, packet data applications and VoIP, show that there are no technological barriers to lawful interception activities
Thank youThank you