Upload
jacob-weber
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
January 23-26, 2007• Ft. Lauderdale, Florida
Lawful Intercept Briefing
LI for VoIP, IP
Scott W. Coleman
Dir. Of Marketing - LI
SS8 Networks
January 23-26, 2007• Ft. Lauderdale, Florida
SS8 Networks Overview
• Privately held company with 20+ years of operating history • 12 years providing Law Intercept solutions• Headquartered in San Jose, CA• Market leader in lawful intercept delivery function solution• 250 worldwide service provider customers• OEM relationship with some of the largest equipment vendors
(Lucent, Nortel, Alcatel)• Partnerships with many equipment providers
(Juniper, AcmePacket, NexTone, Sylantro, Cisco, Samsung)
January 23-26, 2007• Ft. Lauderdale, Florida
What is Lawful Intercept?
• The targeted intercept of voice and data services, by a service provider on the behalf of Law Enforcement, when authorized by a court
• Uses:– Criminal - Investigation and Prosecution of criminal activity– Intelligence Gathering - Investigation of individuals for
Homeland security, anti-terrorism and other threats
• Tightly controlled in both approval and operation
January 23-26, 2007• Ft. Lauderdale, Florida
CALEA – Areas of ResponsibilityPasses Legislation(CALEA)
Tasked with enforcement and implementation
Standards include:
J-STD-025A, BPacketCable,
T1.678, T1.IPNA
FBI
Dept of Justice
Industry Standards Body
Carriers
FCC
Congress
Equipment providers
Arbitrator between
Law Enforcement and service providers
Required to implement
CALEA solution in their networks.
January 23-26, 2007• Ft. Lauderdale, Florida
Regulatory Events
• 2004 FBI, DOJ, DEA file joint petition asking FCC to clarify implementation of CALEA for Broadband and VoIP providers.
– “Information Services”
– VoIP in Cable environments
• August 2005 FCC issued “First Report and Order” deeming that “Facilities based broadband and inter-connected VoIP providers” must provide CALEA support within 18 months of the Order.
• May 2006 FCC issued “Second Report and Order” confirming that there would be no extensions and or exceptions
• June 9th, lawsuit on behalf of Service providers seeking to stall or alter the FCC report was denied by the DC Circuit Court
• 105 Filing – Security Policy and Procedure – March 12, 2007
• Monitoring Reports – February 12, 2007
• Compliance deadline of May 14th 2007
• Solution Certification – FBI/CIU
January 23-26, 2007• Ft. Lauderdale, Florida
Types and Quantities of Warrants• Subpoena
– Call records (copies of phone bills).
– Up to 2 million of these are done on an annual basis.
• Pen Register or Trap and Trace
– Real time delivery of call data only (off-hook, ringing, answer, disconnect, call forward, hookflash etc.)
– Far fewer done than the subpoenas for call records (130,000)
• Title III
– Call Content included. Only 2600 done per year
– Only approved after a true need is demonstrated to the judge.
– Quite expensive for Law Enforcement.
• Monitored live 24 hours a day
• Ground team surveilling the target
January 23-26, 2007• Ft. Lauderdale, Florida
CALEA Report Requirements for Congress
Department of Justice - CALEA
Federal and State
LEA
Congress
Department of Justice - FISA
Audit Report DOJ Inspector General – April
DOJ Attorney General Report - April
Admin. Office of US Courts – Wiretap Report - April
January 23-26, 2007• Ft. Lauderdale, Florida
Intercept Statistics• 2004 Authorized Intercept Orders: 1,710
• Federal: 730 State: 980
• Four states accounted for 76% of intercept orders
• Average duration of 43 days
• Longest was 390 days
• 88% for portable devices (94% telephonic)
• Average cost of $63,011
• Foreign Intelligence Surveillance Act: 1,754 orders approved
New Jersey - 144
Florida - 72
New York - 347
California – 144
January 23-26, 2007• Ft. Lauderdale, Florida
Intercept Applications by Offense Type
Narcotics76%
Other 5%
Robbery2%
Gambling5%
Homicide4%
Racketeering8%
.
January 23-26, 2007• Ft. Lauderdale, Florida
How is Lawful Intercept performed?
• Identify the user
– Determine the target identifier (phone number, email address, IP address etc.)
• Wait for authentication
– When the target utilizes the network they must be authenticated. Watch for that event.
• Find the edge
– When the target authenticates, find the edge device closest to the target (so as not to miss any peer-to-peer transactions) and obtain a copy of the target’s communications.
January 23-26, 2007• Ft. Lauderdale, Florida
Law EnforcementDomain
Service ProviderDomain
Xcipio
Lawful Intercept Network Architecture
Access Function Delivery Function Collection Function
Phone switches
SBC
Routers, data switches
VoIPCall Agent
Passive probe
Raw Network Data
Standards Based Delivery(J-STD, ETSI, PacketCable)
LEA
• Provisions the access functions with target identifying information
• Receives copies of target ‘s traffic• Correlates and converts raw target
traffic to standards based interface towards LEA
• Recording and storage of intercepted traffic
• Analysis tools to track, correlate and interpret intercepted traffic
• Access elements that provide connectivity to target’s voice & data communications
• Identifies and replicates target’s traffic• PSTN switches, SBC, routers, BRAS• SS8 passive probe
January 23-26, 2007• Ft. Lauderdale, Florida
Standards
January 23-26, 2007• Ft. Lauderdale, Florida
StandardsImpact:• Defined the components:
– Access Function (AF), Delivery Function (DF), Collection Function (CF)
• Defined the demarcation points and the need for interfaces • Created an environment where customization was reduced and
reproducible products could be built.
Standards in common use in the U.S.:
J-STD-25A – PunchlistJ-STD-25B – CDMA2000 wireless dataPacketCable – VoIP for Cable networks
T1.678 – VoIP for wireline, PTT, PoCETSI 33.108 – GPRS wireless dataATIS – T1.IPNA – ISP data (brand new)
ETSI 33.108 – GPRS wireless dataETSI 201.671 – TDM voice
International standards in common use:
ETSI 102.232, 102.233, 102.234 – ISP Data intercept (email, IP packets)
January 23-26, 2007• Ft. Lauderdale, Florida
Service ProviderDomain
Law EnforcementDomain
Defining the InterfacesAccess Function Delivery Function Collection Function
Phone switches
SBC
Routers, data switches
VoIPCall Agent
Passive probe
Raw Network Data
Standards B
ased D
elivery
(J-STD, E
TSI, Pack
etCable)
LEAINI-1
ProvisioningInternal Network Interface #1
INI-2Communication Data /
SignalingInternal Network Interface #2
INI-3Media Content
Internal Network Interface #3
HI-1
HI-2
HI-3
Data / SignalingHandover Interface #2
ProvisioningHandover Interface #1
Media ContentHandover Interface #3
Xcipio
January 23-26, 2007• Ft. Lauderdale, Florida
Service ProviderDomain
Law EnforcementDomain
Applying StandardsAccess Function Delivery Function Collection Function
LEA
ProvisioningInternal Network Interface #1
Media ContentInternal Network Interface #3
Communication Data /Signaling
Internal Network Interface #2
INI-2
INI-1INI-1Provisioning
Handover Interface #1
HI-3Media Content
Handover Interface #3
Xcipio
INI-3
HI-2
Data / SignalingHandover Interface #2
HI-1
Standards only apply to HI-2 and
HI-3
Only exception is PacketCable that also defines INI-2
and INI-3
January 23-26, 2007• Ft. Lauderdale, Florida
Methods for Lawful Intercept Active Approach
Work with the network equipment manufacturers to develop lawful intercept capability in the network elements.
Utilize existing network elements for lawful intercept Sometimes serious impact to network performance No need for additional hardware
Passive Approach Use passive probes or sniffers as Access Function to
monitor the network and filter target’s traffic Requires expensive additional hardware No impact to the network performance
Hybrid – utilizes both
January 23-26, 2007• Ft. Lauderdale, Florida
Law Enforcement Agency
Service Provider Domain
DELIVERY FUNCTION
HI-2Admin (INI-1)
VoIP Active Intercept (Cisco SII)
HI-3
LI Administration Function
XCIPIO
Law Enforcement Monitoring Facility
Customer Premise
IAD
Target Subscriber
Customer Premise IAD
(SIP, H.323, or MGCP based Gateway)
SoftSwitchCisco BTS
CMTSCMTS
Pro
visi
on
ing
of
War
ran
t Admin HI-1
CallControl
RTP Stream
INI-2
CallControl
Xcipio LEMFDR-2400SNMPv3
RequestINI-1
Voice Packets
INI-3
January 23-26, 2007• Ft. Lauderdale, Florida
Law Enforcement Agency
Service Provider Domain
LI Administration Function
SoftSwitchCisco BTS
PSTNCustomer Premise IAD
(SIP, H.323, or MGCP based Gateway)
Target Subscriber
Law Enforcement Monitoring Facility
MediaGatewayCMTS
XCIPIO SSDF
VoIP – Intercept at Trunk/Media Gateway (for Forwarded Calls)
CallControl
Voice Packets
INI-3
Forwarded Call
Call to Target
Pro
visi
on
ing
of
War
ran
t
HI-3
INI-1
CallForward to
PSTN
HI-2
INI-2
Admin HI-1
HI-2INI-2
SNMPv3INI-1
XCIPIO
Xcipio LEMFDR-2400
January 23-26, 2007• Ft. Lauderdale, Florida
Target Subscriber
Law Enforcement Agency
Service Provider Domain
AAA Server
Router
LI Administration Function
Law Enforcement Monitoring Facility
Internet
Pro
visi
on
ing
of
War
ran
t
HI-2
INI-1 Admin
SNMPv3 Request
HI-1
Rad
ius
Authenticate
XCIPIOINI – 2 IRI
HI-3
Intercepted Data – INI-3
Data Stream/IP Access
Active Approach to IP Data Intercept
January 23-26, 2007• Ft. Lauderdale, Florida
Target Subscriber
Law Enforcement Agency
Service Provider Domain
AAA Server
Router
LI Administration Function
Law Enforcement Monitoring Facility
Internet
Pro
visi
on
ing
of
War
ran
t
HI-2
INI-1 Admin
SNMPv3 Request
HI-1
Rad
ius
Authenticate
XCIPIOINI – 2 IRI
HI-3
Intercepted Data – INI-3
Passive Approach to IP Data Intercept
INI -1 Provisioning
Pro
vision
ing
ReportIntercepted
DataINI-3
Data Stream/IP Access
January 23-26, 2007• Ft. Lauderdale, Florida
A bit about Xcipio
January 23-26, 2007• Ft. Lauderdale, Florida
Service ProviderDomain
Law EnforcementDomain
The Components of XcipioAccess Function Delivery Function Collection Function
LEA
ProvisioningInternal Network Interface #1
Media ContentInternal Network Interface #3
Communication Data /Signaling
Internal Network Interface #2
INI-2
INI-1INI-1Provisioning
Handover Interface #1
HI-3Media Content
Handover Interface #3
Xcipio
INI-3
HI-2
Data / SignalingHandover Interface #2
HI-1
January 23-26, 2007• Ft. Lauderdale, Florida
Content Processorprocessing, routing,
replicating, identification, encapsulation, encryption and
delivery of content (packet and/or TDM voice) to law enforcement in real-time.
The Components of Xcipio
Physical LayerSun servers, Ethernet connectivity,
IP packets, switch matrix cards
LISSoftware release
LIS – Lawful Intercept ServerCore Software Application- real-time processing -
IE-2100Software module
PE-2200Software module
Intercept Engine Call data, call events, signaling
Provisioning Element Database, User Interface
User Interface Remote or local access to Xcipio
CP-2300Software moduleContent Processor
Filters, encapsulates content (IP, VoIP, TDM, HTTP etc.)
Primary Server
Passive probeTDM Switch MatrixIP Packet processing
LIS:Signaling stacks
(SIP,SS7), TCP/IP stacks, error logs, alarms, SNMP, Managed object structure
etc.
Intercept Engine:Receives call data, call
events, network signaling,INI-2 and HI-2
INI-2 HI-2
Provisioning Element:Database, supports User Interface, maintains all
warrant information, creates shared memory image of
intercept information
HI-1INI-1
HI-3INI-3
January 23-26, 2007• Ft. Lauderdale, Florida
Summary• SS8 has over 12 years of experience providing Lawful Intercept solutions
internationally both directly and through partners.
– Current customers include government agencies and carriers that range from very large nationwide carriers to small rural carriers.
– We partner with many different network equipment vendors to deliver comprehensive LI solutions.
• In the US there is a deadline (May 14, 2007) that is approaching quickly and carriers need to address their obligations.
– Small carriers seem to be lagging in terms of meeting the deadline so to address that need, SS8 is designing cost effective programs to specifically for small carriers and enterprises.
– These programs address short term capital expenditures as well as long term operating costs.
January 23-26, 2007• Ft. Lauderdale, Florida
Thank You
Scott W. Coleman
Dir. Of Marketing - LI
SS8 Networks