260 likes | 586 Views
Lawful Intercept Briefing. LI for VoIP, IP. Scott W. Coleman Dir. Of Marketing - LI SS8 Networks. SS8 Networks Overview. Privately held company with 20+ years of operating history 12 years providing Law Intercept solutions Headquartered in San Jose, CA
E N D
Lawful Intercept Briefing LI for VoIP, IP Scott W. Coleman Dir. Of Marketing - LI SS8 Networks
SS8 Networks Overview • Privately held company with 20+ years of operating history • 12 years providing Law Intercept solutions • Headquartered in San Jose, CA • Market leader in lawful intercept delivery function solution • 250 worldwide service provider customers • OEM relationship with some of the largest equipment vendors (Lucent, Nortel, Alcatel) • Partnerships with many equipment providers (Juniper, AcmePacket, NexTone, Sylantro, Cisco, Samsung)
What is Lawful Intercept? • The targeted intercept of voice and data services, by a service provider on the behalf of Law Enforcement, when authorized by a court • Uses: • Criminal - Investigation and Prosecution of criminal activity • Intelligence Gathering - Investigation of individuals for Homeland security, anti-terrorism and other threats • Tightly controlled in both approval and operation
CALEA – Areas of Responsibility Passes Legislation (CALEA) Arbitrator between Law Enforcement and service providers Congress Tasked with enforcement and implementation Dept of Justice FCC FBI Carriers Required to implement CALEA solution in their networks. Industry Standards Body Standards include: J-STD-025A, B PacketCable, T1.678, T1.IPNA Equipment providers
Regulatory Events • 2004 FBI, DOJ, DEA file joint petition asking FCC to clarify implementation of CALEA for Broadband and VoIP providers. • “Information Services” • VoIP in Cable environments • August 2005 FCC issued “First Report and Order” deeming that “Facilities based broadband and inter-connected VoIP providers” must provide CALEA support within 18 months of the Order. • May 2006 FCC issued “Second Report and Order” confirming that there would be no extensions and or exceptions • June 9th, lawsuit on behalf of Service providers seeking to stall or alter the FCC report was denied by the DC Circuit Court • 105 Filing – Security Policy and Procedure – March 12, 2007 • Monitoring Reports – February 12, 2007 • Compliance deadline of May 14th 2007 • Solution Certification – FBI/CIU
Types and Quantities of Warrants • Subpoena • Call records (copies of phone bills). • Up to 2 million of these are done on an annual basis. • Pen Register or Trap and Trace • Real time delivery of call data only (off-hook, ringing, answer, disconnect, call forward, hookflash etc.) • Far fewer done than the subpoenas for call records (130,000) • Title III • Call Content included. Only 2600 done per year • Only approved after a true need is demonstrated to the judge. • Quite expensive for Law Enforcement. • Monitored live 24 hours a day • Ground team surveilling the target
CALEA Report Requirements for Congress Department of Justice - CALEA Audit Report DOJ Inspector General – April Department of Justice - FISA DOJ Attorney General Report - April Federal and State LEA Admin. Office of US Courts – Wiretap Report - April Congress
Intercept Statistics • 2004 Authorized Intercept Orders: 1,710 • Federal: 730 State: 980 • Four states accounted for 76% of intercept orders • Average duration of 43 days • Longest was 390 days • 88% for portable devices (94% telephonic) • Average cost of $63,011 • Foreign Intelligence Surveillance Act: 1,754 orders approved New York - 347 California – 144 New Jersey - 144 Florida - 72
How is Lawful Intercept performed? • Identify the user • Determine the target identifier (phone number, email address, IP address etc.) • Wait for authentication • When the target utilizes the network they must be authenticated. Watch for that event. • Find the edge • When the target authenticates, find the edge device closest to the target (so as not to miss any peer-to-peer transactions) and obtain a copy of the target’s communications.
SBC Phone switches Xcipio LEA VoIP Call Agent Service Provider Domain Law Enforcement Domain Passive probe Routers, data switches Lawful Intercept Network Architecture Access Function Delivery Function Collection Function • Provisions the access functions with target identifying information • Receives copies of target ‘s traffic • Correlates and converts raw target traffic to standards based interface towards LEA • Recording and storage of intercepted traffic • Analysis tools to track, correlate and interpret intercepted traffic • Access elements that provide connectivity to target’s voice & data communications • Identifies and replicates target’s traffic • PSTN switches, SBC, routers, BRAS • SS8 passive probe Raw Network Data Standards Based Delivery (J-STD, ETSI, PacketCable)
Standards Impact: • Defined the components: • Access Function (AF), Delivery Function (DF), Collection Function (CF) • Defined the demarcation points and the need for interfaces • Created an environment where customization was reduced and reproducible products could be built. Standards in common use in the U.S.: • J-STD-25A – Punchlist • J-STD-25B – CDMA2000 wireless data • PacketCable – VoIP for Cable networks • T1.678 – VoIP for wireline, PTT, PoC • ETSI 33.108 – GPRS wireless data • ATIS – T1.IPNA – ISP data (brand new) International standards in common use: • ETSI 33.108 – GPRS wireless data • ETSI 201.671 – TDM voice • ETSI 102.232, 102.233, 102.234 – ISP Data intercept (email, IP packets)
SBC HI-1 INI-1 LEA INI-2 Phone switches Xcipio HI-2 VoIP Call Agent HI-3 INI-3 Service Provider Domain Law Enforcement Domain Passive probe Routers, data switches Defining the Interfaces Access Function Delivery Function Collection Function Provisioning Internal Network Interface #1 Provisioning Handover Interface #1 Raw Network Data Communication Data / Signaling Internal Network Interface #2 Data / Signaling Handover Interface #2 Standards Based Delivery (J-STD, ETSI, PacketCable) Media Content Handover Interface #3 Media Content Internal Network Interface #3
INI-1 HI-1 INI-1 INI-2 LEA Xcipio HI-2 INI-3 HI-3 Service Provider Domain Law Enforcement Domain Applying Standards Access Function Delivery Function Collection Function Only exception is PacketCable that also defines INI-2 and INI-3 Provisioning Internal Network Interface #1 Provisioning Handover Interface #1 Communication Data / Signaling Internal Network Interface #2 Data / Signaling Handover Interface #2 Media Content Handover Interface #3 Media Content Internal Network Interface #3 Standards only apply to HI-2 and HI-3
Methods for Lawful Intercept • Active Approach • Work with the network equipment manufacturers to develop lawful intercept capability in the network elements. • Utilize existing network elements for lawful intercept • Sometimes serious impact to network performance • No need for additional hardware • Passive Approach • Use passive probes or sniffers as Access Function to monitor the network and filter target’s traffic • Requires expensive additional hardware • No impact to the network performance • Hybrid – utilizes both
Service Provider Domain LI Administration Function Admin HI-1 Provisioning of Warrant SoftSwitch Cisco BTS Law Enforcement Monitoring Facility Admin (INI-1) HI-2 INI-2 XCIPIO HI-3 Call Control Voice Packets INI-3 SNMPv3 Request INI-1 Call Control RTP Stream CMTS CMTS VoIP Active Intercept (Cisco SII) Law Enforcement Agency DELIVERY FUNCTION Xcipio LEMF DR-2400 Target Subscriber Customer Premise IAD Customer Premise IAD (SIP, H.323, or MGCP based Gateway)
Service Provider Domain LI Administration Function Provisioning of Warrant SoftSwitch Cisco BTS Law Enforcement Monitoring Facility Admin HI-1 INI-1 HI-2 HI-2 XCIPIO SSDF INI-2 INI-2 XCIPIO HI-3 Call Forward to PSTN SNMPv3 INI-1 Target Subscriber Voice Packets INI-3 Call Control Call to Target PSTN Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Forwarded Call CMTS Media Gateway VoIP – Intercept at Trunk/Media Gateway (for Forwarded Calls) Law Enforcement Agency Xcipio LEMF DR-2400
LI Administration Function HI-1 Law Enforcement Monitoring Facility Provisioning of Warrant AAA Server INI-1 Admin HI-2 XCIPIO INI – 2 IRI HI-3 Internet Radius Authenticate Router Active Approach to IP Data Intercept Service Provider Domain Law Enforcement Agency SNMPv3 Request Intercepted Data – INI-3 Data Stream/IP Access Target Subscriber
LI Administration Function HI-1 Law Enforcement Monitoring Facility Provisioning of Warrant AAA Server INI-1 Admin HI-2 XCIPIO INI – 2 IRI HI-3 INI -1 Provisioning Internet Radius Authenticate Provisioning Report Intercepted Data INI-3 Router Passive Approach to IP Data Intercept Service Provider Domain Law Enforcement Agency SNMPv3 Request Intercepted Data – INI-3 Data Stream/IP Access Target Subscriber
HI-1 INI-1 INI-1 INI-2 LEA Xcipio HI-2 INI-3 HI-3 Service Provider Domain Law Enforcement Domain The Components of Xcipio Access Function Delivery Function Collection Function Provisioning Internal Network Interface #1 Provisioning Handover Interface #1 Communication Data / Signaling Internal Network Interface #2 Data / Signaling Handover Interface #2 Media Content Handover Interface #3 Media Content Internal Network Interface #3
INI-3 INI-1 INI-2 HI-1 HI-2 HI-3 IP Packet processing TDM Switch Matrix Passive probe Provisioning Element: Database, supports User Interface, maintains all warrant information, creates shared memory image of intercept information The Components of Xcipio User Interface Remote or local access to Xcipio Intercept Engine: Receives call data, call events, network signaling, INI-2 and HI-2 LIS: Signaling stacks (SIP,SS7), TCP/IP stacks, error logs, alarms, SNMP, Managed object structure etc. Provisioning Element Database, User Interface PE-2200 Software module Intercept Engine Call data, call events, signaling • Content Processor processing, routing, replicating, identification, encapsulation, encryption and delivery of content (packet and/or TDM voice) to law enforcement in real-time. IE-2100 Software module LIS – Lawful Intercept Server Core Software Application - real-time processing - LIS Software release Primary Server Physical Layer Sun servers, Ethernet connectivity, IP packets, switch matrix cards CP-2300 Software module Content Processor Filters, encapsulates content (IP, VoIP, TDM, HTTP etc.)
Summary • SS8 has over 12 years of experience providing Lawful Intercept solutions internationally both directly and through partners. • Current customers include government agencies and carriers that range from very large nationwide carriers to small rural carriers. • We partner with many different network equipment vendors to deliver comprehensive LI solutions. • In the US there is a deadline (May 14, 2007) that is approaching quickly and carriers need to address their obligations. • Small carriers seem to be lagging in terms of meeting the deadline so to address that need, SS8 is designing cost effective programs to specifically for small carriers and enterprises. • These programs address short term capital expenditures as well as long term operating costs.
Thank You Scott W. Coleman Dir. Of Marketing - LI SS8 Networks