1 / 24

Lawful Interception in 3G IP Multimedia Subsystem

Explore the network architectures, goals, and methodologies of lawful interception in 3G IP Multimedia Subsystem (IMS) with a focus on capturing signaling and user data. Learn about the challenges, solutions, and correlation numbering in this complex system.

manuellewis
Download Presentation

Lawful Interception in 3G IP Multimedia Subsystem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lawful Interception in 3G IP Multimedia Subsystem Author: Toni Mäki, Nokia Networks, toni.maki@nokia.com Supervisor: Prof. Raimo Kantola

  2. Agenda • Network Architectures • Lawful interception • Goals of the thesis • Capturing the signalling • Capturing the user data • Correlating the signalling and user data

  3. 3G Architecture PSTN CS Domain IMS Internet Access Network PS Domain

  4. IP Multimedia Subsystem (IMS) • Offers mechanisms for multimedia services like VoIP, gaming, Push-over-Cellular • Based on Session Initiation Protocol (SIP) • IMS handles only signalling, GPRS used as a bearer technology. • Users identified by their SIP URI (e.g. sip://john.doe@company.com) or TEL URI (e.g. tel:+358-555-1234567 )

  5. IP Multimedia Subsystem IMS Signalling Layer to other 3G CSCF MGCF to PSTN/GSM MRCF to Internet / other GGSN Signalling Path to PSTN/GSM Data Path GGSN MGW MRFP SGSN GPRS Core IMS Transport Layer RAN

  6. Lawful Interception • Authorities capture the communications of certain users in order to tackle criminal activity • Ability to perform lawful interception may be a precondition for a licence to operate telecommunications network • Lawful interception is a very delicate issue. • IRI (Interception Related Information) contains signalling, interception activation statuses, etc… • CC (Content of Communications) contains the actual communications transmitted or received

  7. Lawful Interception in GPRS • The packet traffic of a user is tunnelled over the GPRS network to the Internet. • These tunnels are recognised and captured in lawful interception for GPRS. All the tunnels of targeted user are delivered to authorities. • All the GPRS signalling related to monitored user is captured (e.g. network attach, tunnel creation etc…) • Lawful interception in GPRS is based on traditional GSM user identifiers (IMSI, MSISDN, IMEI)

  8. Lawful Interception in GPRS • Lawful Interception Controller (LIC) controls the interceptions and provides management interface • Lawful Interception Browser (LIB) buffers, refines and delivers the captured data and signalling GGSN LIE SGSN LIC LIE LIB USER ATTACHED RAN GPRS Core

  9. Goals of Thesis • Design/refine the interception of IMS related IRI • Design the interception of IMS related CC • Very wide problem definition • One task was to find out the problems

  10. Methodology • The messaging was analysed using signalling flows • Standards were thoroughly studied

  11. LI in IMS (IRI) • All the SIP messages transmitted, received or executed on behalf of the user must be delivered to the authorities • Interception is activated based on SIP URI or TEL URI • CSCF recognises the SIP messages to be captured by looking into the ’To’ and ’From’ fields in the SIP message header. • CSCF also checks for the implicit registrations

  12. LI in IMS (IRI) IMS CSCF LIE Signalling Path Data Path LIC LIP Path GGSN LIE SIP messages SGSN LIB LIE GPRS Core

  13. Problems of CC LI in IMS • IMS handles only signalling traffic • CC interception has to be executed in GPRS • User identifiers used in IMS and GPRS differ • SIP URI cannot be used in GPRS interception activation • A mapping functionality must be provided • SIP URI – GPRS user identity mapping is not one to one • Current lawful interception mechanism uses user level of precision, which causes an illegal scenario

  14. Problems of CC LI in IMS IMS Gi SGSN Gi GPRS Core

  15. LI in IMS (CC) • CPS notifies the LIC about the created sessions • LIC creates GPRS interceptions for CC collection • CPS notifies the LIC about released sessions • LIC releases the GPRS interception resources

  16. LI in IMS (CC) Solution 1 • GPRS interception is activated using IMSI • Existing network elements may co-exist • The out-of-call packets need to be filtered out, before the data is forwarded to the authority

  17. LI in IMS (CC) Solution 1 UE SGSN GGSN CPS LIC LIB INVITE 200 OK SessionStarted Get IMSI IMSI Activate Interception Activate Interception Activation Response Activation Response data CC data FILTERING To LEA

  18. LI in IMS (CC) Solution 2 • GPRS interception is activate using the IP flow identifiers as target identifier • Quicker activation and less burden to the network • The CC interception is done only at the IMS entry point, GGSN

  19. LI in IMS (CC) Solution 2 UE SGSN GGSN CPS LIC LIB INVITE 200 OK SessionStarted Activate Interception Activation Response Activate Interception Activation Response data data CC data To LEA

  20. Correlation numbering • The authority needs to correlate different kinds of IRI and CC. (e.g. the GPRS resources used by an IMS session • The authority needs to be able to easily group the IRI belonging to the same session together

  21. Correlation Numbering • IMS IRI carries Session Correlation Number, List of GPRS Correlation Numbers • GPRS IRI carries only GPRS Correlation Number • IMS CC carries GPRS Correlation Number, Session Correlation Number, and Media component identifier

  22. Correlation numbering SIP IRI Event 1 CC Data 1 GPRS IRI Event 1 GPRS CN 1 GPRS CN 1 GPRS CN 1 Session CN Session CN MC CN 1 SIP IRI Event 2 CC Data 2 GPRS IRI Event 2 GPRS CN 1 GPRS CN 2 GPRS CN 2 GPRS CN 2 Session CN Session CN MC CN 2

  23. Conclusions • IRI monitoring including the implicit registration • Capturing of content of communications in GPRS • Correlation numbering scheme

  24. QUESTIONS? Thank you for listening!

More Related