260 likes | 415 Views
Emergency Services & Regulatory Compliance. Internet Telephony Conference & Expo February 5-7, 2003, Miami, FL. Cemal T. Dikmen, Ph.D. SS8 Networks General Manager Lawful Intercept Products. Agenda. CALEA Introduction Electronic Surveillance Model Lawful intercept in VoIP network
E N D
Emergency Services & Regulatory Compliance Internet Telephony Conference & Expo February 5-7, 2003, Miami, FL Cemal T. Dikmen, Ph.D. SS8 Networks General Manager Lawful Intercept Products
Agenda • CALEA • Introduction • Electronic Surveillance Model • Lawful intercept in VoIP network • Data Intercept • E.911 • Basics of E.911 • Routing & IN Functions • PSAP Functionality • Basic E.911 Architecture
Communications Assistance for Law Enforcement Act CALEA
Lawful Interception is … • … NOT about listening to people’s private conversations. • It is about fighting organized crime and terrorism. • It is about protecting the government and the good citizens from organized crime and terrorism. • It is about providing the necessary tools to the Law Enforcement to do their job better.
Market Conditions for Vendors • Lawful Intercept is a regulatory mandate in US and in many other countries with complex dynamics • Market is mostly well defined and out there • Predictable (because it is a mandate with certain timelines) • Unpredictable (because of extensions for timelines) • Variety of standards and proprietary switch interfaces • Lawful Intercept is not revenue generating for the customer • Nobody wants to buy anything unless they have to • Everybody waits until the last moment • Service Providers want to minimize the capital expenditure and the operational cost without sacrificing quality Cost and Quality are the keys to success • Products which can reduce the operational cost of lawful intercept shall be the winners
Provisioning Call Data Events Call Data Channel Call Content Call Content Channel CALEA Electronic Surveillance Model Telecommunications Service Provider Law Enforcement Agency Court Order Access Function (AF) Intercept Access Point Delivery Function (DF) Collection Function (CF) Provisioning of Warrant Proprietary J-STD-025 PacketCable ETSI
Lawful Intercept Technology Components • Access Function (AF) • Network Elements (CO Switches, Routers, Trunking Gateways, Softswitches, CMTS) that provide access to and replication of intercepted traffic. • Sniffers and splitters that can passively monitor network traffic • Delivery Function (DF) • Database of target and warrant information • Provisioning interface • Proprietary interfaces to AFs • Standards based (J-STD-025, ETSI, TIIT, PacketCable) delivery of intercepted traffic to CFs • Collection Function (CF) • Collects and records lawfully authorized intercepted communications (e.g., call content) and call-identifying information for Law Enforcement Agencies • Provides analysis tools to the Law Enforcement Agents
Service Provider Domain LI Administration Function Provisioning of Warrant Gatekeeper, SIP Proxy, Call Agent Law Enforcement Collection Function Call Control Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Call Control RTP Stream Aggregation Router Aggregation Router Target Subscriber Lawful Intercept in VoIP Network Admin DELIVERY FUNCTION Customer Premise IAD
Service Provider Domain LI Administration Function Admin Provisioning of Warrant Gatekeeper, SIP Proxy, Call Agent Law Enforcement Collection Function Admin CDC CDC DELIVERY FUNCTION CCC Call Control Customer Premise IAD (SIP, H.323, or MGCP based Gateway) COPS Request Voice Packets Call Control RTP Stream Aggregation Router Aggregation Router Target Subscriber PacketCable Voice Intercept – Edge Routers DELIVERY FUNCTION Customer Premise IAD
Service Provider Domain LI Administration Function Provisioning of Warrant Gatekeeper, SIP Proxy, Call Agent Admin Law Enforcement Collection Function Admin CDC CDC XCIPIO SSDF CDC CDC DELIVERY FUNCTION CCC Call Forward to PSTN MGCP Target Subscriber Voice Packets Call Control Call to Target PSTN Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Forwarded Call Aggregation Router Gateway PacketCable Voice Intercept – Trunking GW
Service Provider Domain LI Administration Function Admin Provisioning of Warrant Gatekeeper, SIP Proxy, Call Agent Law Enforcement Collection Function Admin CDC CDC DELIVERY FUNCTION CCC Call Control Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Proprietary Request Voice Packets Call Control RTP Stream Aggregation Router Aggregation Router Target Subscriber Proprietary Solutions – Edge Routers DELIVERY FUNCTION Customer Premise IAD
Service Provider Domain LI Administration Function Provisioning of Warrant Gatekeeper, SIP Proxy, Call Agent Admin Law Enforcement Collection Function Admin CDC CDC XCIPIO SSDF CDC CDC DELIVERY FUNCTION CCC Call Forward to PSTN Proprietary Target Subscriber Voice Packets Call Control Call to Target PSTN Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Forwarded Call Aggregation Router Gateway Proprietary Solutions – Trunking GW
LI Administration Function Law Enforcement Collection Function Provisioning of Warrant Admin AAA Server CDC DELIVERY FUNCTION XCIPIO IADF CCC Admin Report New IP Address Assigned Target Subscriber Provisioning Report Intercepted Data DHCP Authenticate Data Stream Aggregation Router Data Intercept via Passive Monitoring Service Provider Domain SNIFFER SNIFFER Internet
Technical Challenges • It is extremely difficult to capture call identifying information and call content in some of the call features, specifically for the features implemented within the customer premise IAD. • Some of the “FBI Punch List” items are extremely difficult to implement since they involve call features implemented within the customer premise IAD. • Dialed Digit Extraction (another Punch List item) is also very difficult to implement. • Most of the network elements (Call Agents, Gatekeepers, Trunking Gateways, Aggregation Routers, CMTS, etc.) need to support this feature within the distributed IP environment.
Emergency Services E.911
E.911 Basics • E.911 establishes a regulatory framework for delivering emergency services over telephony infrastructure • Design and regulations were based on (then) existing circuit-switched infrastructure • Packet-based technologies present new challenges within the E.911 framework – particularly as they relate to location • Most VoIP deployments currently classify themselves as “secondary line” and “exempt” from E.911 regulations • E.911 infrastructure varies widely from large metropolitan areas to small rural locations • Metro areas are sophisticated and highly concentrated, operating 24x7 • Rural areas are often very distributed, only operative during parts of the day, and can be quickly overloaded in the case of emergencies such as flooding, tornados, etc.
Two Types of “E.911” Requirements • Statutory Requirements • Legal framework requiring carriers to provide Emergency Services • Includes Lifeline (power from the switch) • Includes 911 Services (routing, call camp, force line open, etc). • Applies only to Primary Line services and can be waived by consent of the customer • DeFacto Requirements • If a 911 call is dropped or lifeline not delivered, the carrier will most likely be sued • Recent court judgments average around $30 million for successful plaintiffs • Applies to secondary and primary line – if the victim can prove he/she did not know this was a secondary line (there is no label on the phone), they will most probably win the case • VoIP is subject to DeFacto Emergency services today
Aspects of E.911 Service Four Elements of an E.911 Service • Lifeline: Providing power to the device in the case of power outage • Signaling: Call state signaling between the switch and the E.911 trunks to the Public Safety Answering Point (PSAP) • Routing and Name Delivery: Looking up calling party name and address and determining optimal PSAP to send the call to (with backup PSAPs in the case primaries are not available) • PSAP Processing: Automatic Call Distributor (ACD) -level call queuing and features executed at the PSAP
Lifeline • Phone network does this over twisted pairs • Most VoIP solutions are not offering lifeline or are using battery backup • Batteries are often larger and more expensive than the IP terminals themselves • A battery backup could double as a kitchen table • Power over LAN solutions are now available but not widely deployed • Lifeline will be provided by either the end-device manufacturer (battery backup) or the IP network through an access router adjunct system • Lifeline is currently the most difficult of the emergency services to tackle for IP providers
Signaling • E.911 calls are processed over dedicated trunks from the switch to the PSAPs • Most 911 trunks today are still MF-based • Spec for SS7 was approved in the early 90s, but never widely deployed • In addition to call setup, E.911 trunks must provide one-way call tear down – only the receiving party can release the circuit. • Few, if any, Media Gateway manufacturers support MF signaling to the E.911 spec
Routing and IN Functions • Intelligent Network functions are the core of E.911 services • When a call is placed to E.911, the users name and location must be retrieved • Based on location and factors like time of day, a PSAP route list is invoked • Calls are routed to the correct E.911 trunk with delivery of calling party name and address • SS8 provides the IN functions for E.911 today (but assumes static location) • Location is the big issue for call routing • If the IP device can be assumed to reside at a static location, traditional E.911 services are easy to deliver • However, this cannot be assumed – the user may take a SIP phone or end device and plug it in to any LAN, register, and make calls • Determining the location of the user is an ongoing issue – solutions such as GPS have been proposed, but….
PSAP Functionality • At each PSAP, the operator has a series of tools to answer, dispatch and resolve an E.911 call • PSAP tools are similar to those in a traditional call center, with specific functionality for emergency services • Much of this equipment is currently old and difficult to manage • ACD functions such as queuing, prioritization, session keep-alive, recording, and forwarding/pooling • Currently, PSAPs only take PSTN trunks – eventually this will evolve to complete IP connectivity between the network and the PSAP • IP technology will actually improve many PSAPs by incorporating presence, parallel forking, and PC integration
Elements of E.911 (where functions live) • Lifeline • End devices (battery) and/or network transmission • Signaling • Media Gateways supporting MF and E.911 SS7 • IN/Routing • IN platform vendors such as SS8 • PSAP Call Control • ACD and PBX providers, including E.911 providers like Entrado and Telcontrol
IP Access Network Gatekeeper, SIP Proxy, Call Agent SERVICE CONTROLER MGW A Basic E.911 Network Architecture IP-Enabled PSAP Call Routing, Location Services, Calling Party Name/Address (Overall Network Logic) SIP Carrier Backbone SIP Traditional PSAP MF Trunks MGCP/ SIP
Summary • E.911 will become a major requirement for VoIP operators in the near future • Legal mandates are being avoided for the moment, but de facto exposure still exists • Primary line service is the 2004 goal for most operators • Call Routing and Network logic is currently resolved by vendors like SS8, but the issue of location is outstanding • Lifeline power services are still evolving • MF interfaces to legacy PSAPs • Evolution of IP-Enabled PSAPs will streamline delivery and help make PSAPs more efficient
Thank You ! ! ! Cemal Dikmen cemal.dikmen@SS8.com Phone: +1.203.925.6185 http://www.ss8.com