LAWFUL INTERCEPTION FOR IP NETWORKS
White Paper
November 2005
Aqsacom Document No. 040451
Copyright 2003-2005 Aqsacom Inc. and Aqsacom SA. No portion of this document may be reproduced without the expresd permission of Aqsacom. The data and figures of this document have been prented for illustrative purpos only. Aqsacom assumes no liability for errors or omissions.
Table of Contents
1. Introduction (3)
2. ETSI Model (4)
3. Open Systems Interconnection (OSI) Model (8)
4. Other Issues in IP Interception (11)
5. IP Interception Examples (14)
6. Aqsacom’s ALIS Mediation Function Platform (30)
References (37)
我爱这土地仿写Aqsacom SA Aqsacom Inc. Les Conquerants, Bât B Everest Washington, DC 1 avenue de l’Atlantique tel. 202 315 3943 Les Ulis Courtabeouf Cedex
F-91976 France
Tel. 33 1 69 29 36 00
Fax 33 1 69 29 84 01
Internet Protocol Networks
Aqsacom SA and Aqsacom Inc.
ABSTRACT儿童手工剪纸
The proliferation of communications over networks bad on Internet Protocol (IP) technology impos ever growing challenges for Law Enforcement Agencies. This Aqsacom White Paper provides an introductory background on the issues behind lawful interception as applied to IP networks and their overlying applications, with emphasis on the dominant applications of E-mail and Voice-Over-IP (VOIP).
1. Introduction
No amount of hyperbole can overestimate the overwhelming growth of traffic carried by the Internet during the last ten years. Perhaps more significant is the impact that IP networking has had on the behaviors of individuals and business, who now take E-mail, chat, Web-bad information rvices and E-commerce, broadband streaming, and even the making of telephone calls over the Internet as mundane tools of daily communications and information consumption. But given the popular acceptance of the Internet as a communications medium, there also comes a dark side to the Internet’s power – namely the Internet’s exploitation by criminals and terrorists. Here, illicit Internet activity can take the form of simple E-mail communications between criminal parties to invoke, for example, insider stock trading, drug deals, or terrorist acts. The widespread broadcast of spam and virus is another form of criminal E-mail activity who perpetrators can be held accountable through IP interception. Voice-Over-IP calls and audio/video streaming over the Internet could also carry criminal traffic that must be intercepted and analyzed to be of any value to the authorities.
Traditional lawful interception of telephone calls is relatively systematic, thanks to distinct network components handling signaling and content traffic within the telecom network infrastructure. Well-developed laws and procedures for the request and implementation of wiretaps in most countries of t
he developed world have also made lawful interception almost routine, in theory, for fixed line networks, perhaps with the added complication of location dependencies in mobile networks.
word插入横线
By contrast, intercepting Internet traffic has many added complications becau: •Target source and destination identities of the information flow are embedded within the overall flow of data, and must be carefully extracted to avoid detection by the target.
•Target and Non-target data are tightly intermingled in the bit flows at numerous points throughout the Internet. In addition, the circuits making up the Internet are not always well designed, rarely regulated, and often deployed in an ad hoc
manner. Therefore, privacy concerns ari since non-target data can erroneously
become captured.
•Many parties are typically involved in transporting data over the Internet, including access providers on each end of the communications, transport
去口臭12个简单方法operators, core network operators, and providers of rvices (e.g., E-mail).
Furthermore, and unlike traditional telephony, the parties are unregulated and
subject to their own business practices.
•In many countries, current laws on how to handle Internet interception are not clear. Interception efforts are often blocked by Internet Service Providers (ISPs)
塞翁失马焉知非福的意思是什么
in the interest of protecting their customers1, or just becau it is easier to not
provide interception.
•The paration of applications and relevant data from the overall data stream is not a trivial matter and requires significant software development and computing power, along with considerable trial and error.
•Encryption can make the extraction of application-level data extremely difficult, if not impossible for practical purpos.
•Lack of standards implementations. Most attempts at IP interception are carried out by esoteric organizations within government agencies. Although efforts are
七夕文案now beginning to make more routine the data interception and delivery process to LEAs, tools to analyze IP data still remain a cottage, R&D-like industry.
This White Paper attempts to discuss the above challenges in more detail, while prenting potential solutions to them through the u of new interception standards and methods to mediate the functions of interception and delivery of the resulting data to the LEAs. Many of the concepts discusd are bad on the ETSI-recommended architecture for lawful interception, which is described in the next ction2. We then show how this architecture, combined with the classic OSI communications layer model, lay out fundamental approaches to lawful interception. Finally, we conclude with a discussion of reprentative IP interception examples and how the examples are addresd by Aqsacom.
2. ETSI Model
Figure 2-1 depicts a highly general view of lawful interception architecture, as reflected in emerging standards that parate the functions of interception at network elements from delivery of the interception information to the LEAs [1]. This paration denotes a marked contrast to past lawful interception practices, where the monitoring tools ud by the LEA were tightly coupled to proprietary switching platforms as provided by the switch vendors. Through the u of a mediation platform, LEAs can monitor traffic from different applications running on different networks built upon a diversity of equipment supplied by a diversity of vendors. The main advantage to the LEA is that th
ey can make 1 A good example is the recent ca of the Recording Industry Association of America (RIAA) vs. Verizon (2003), where Verizon refud to hand over to the RIAA customer records of subscribers suspected of using file sharing software to exchange copyrighted music. See the Electronic Frontier Foundation’s story at www.eff/Cas/RIAA_v_Verizon/.
2 The concepts should well address the FCC’s recent Final Rule on the applicability of CALEA towards facilities-bad broadband access networks and VOIP networks interconnected to public switched telephone networks (FCC 47 CFR Part 64, 1
3 Oct 2005). Also e Footnote 3.
u of preferred interception analysis tools, independent of what switching equipment, underlying network technology, or application are running on a given network to be intercepted.
Figure 2-1. Simplified view of new lawful interception architecture. Of primary interest is the u of a Mediation Platform to convey intercepted data from the network to the LEA.
A more detailed, yet still generalized architecture has been propod by ETSI (European Telecommunications Standards Institute), as shown in Figure 2-2 [1]. Slight variations of this archite
cture, mainly in terminology, have been adapted by the Telecommunications Industry Association (TIA) as the basis of a safe-harbor approach to CALEA 3. Standards tting bodies in numerous countries have also propod similar, if not identical, models for recommended lawful interception architecture. This architecture attempts to define a systematic and extensible means by which network operators and LEAs can interact,
especially as networks grow in sophistication and scope of rvices. Although originally oriented towards telecom voice traffic, the architecture has equal practicality for the interception of IP data. Nevertheless, for consistency, much of the legacy terminology associated with switched voice calling remain.
3 Communications Assistance for Law Enforcement Act. CALEA was an act of US Congress, pasd in 1994, in respon to the proliferation of wireless networks and growing sophistication of wireline networks. It has attempted to define measures that carriers must take to convey lawful intercept information to LEAs. All telephone rvice operators, wireline and wireless, are to have complied with this law by the middle 2003. Standards for technical implementation of CALEA-directives were established by the TIA and
prented as the J-STD-025A (and now B) standard (e [3] for the updated standard). FCC interpretations of the law have been published in Oct 2005 to include facilities-bad broadband networks and VOIP networks interconnected to public switched telephone networks.
我爱大海
LIMS PLATFORM LI request formatted interception information Law Enforcement Agency
(LEA)Communications Network
Of particular note in this architecture is the paration of:
a)lawful interception management functions (mainly ssion t-up and tear down,
as demanded from the courts and in some cas the LEA),
b)extraction of intercepted data from network elements, and
c)the interception-related data (e.g., destination of data, source of data, time of the
transmission, duration, etc.) from the content contained in the data when
conveying the overall interception data from the network operator to the LEA. Communications between the network operator and LEA are via the Handover Interfaces (designated HI).尖椒炒豆皮
The core element of Figure 2-2 is the “Interception Mediation” which carries out the following functions and safeguards:
•Collection of intercepted data from various switches, routers, probes, etc. in the network.
•Formatting the data into standardized reprentations.
•Delivery of the data to one or more LEAs.
•Ensuring that a given LEA is authorized to accept the delivered data.
•Protection of all delivered information against unauthorized access and modification through rigorous network curity.
•Preventing access to all network elements through “backdoor” attacks.
•Delivery of the interception information in a timely manner, with appropriate time stamps to synchronize network events against content delivered
Aqsacom address the functions of the Interception Mediation through its ALIS mediation platform (discusd in Section 6). The Interception Mediation carries out the functions of what is often known as the delivery function.
The ETSI model has direct relevance to the interception of data flows through IP and other types of packet networks. This relevance can be viewed through the OSI model, which will be discusd in the next ction.
