1 / 20

DECISION Group Inc.

DECISION Group Inc. Monitoring Center Solution on Internet Access for LEA or Intelligence. Decision Group www.edecision4u.com. What is Lawful Interception. A legally sanctioned official access to private communications of specific targets through telephone calls e-mail messages …

wsicard
Download Presentation

DECISION Group Inc.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DECISION Group Inc.

  2. MonitoringCenter Solution on Internet Access for LEA or Intelligence Decision Group www.edecision4u.com

  3. What is Lawful Interception • A legally sanctioned official access to private communications of specific targets through • telephone calls • e-mail messages • … • A security process: through which a communication service provider collects and provides law enforcement with intercepted communications of private individuals or organizations.

  4. What Challenges to Current LI • Based on old telecom network of voice analog technology without support of new IP technology • All batch job task without quick response to immediate events • LI result report acquired one or two days later because of batch processing tasks • Only on voice and email without on the scope of many other popular online services • Cyber crime rings rely on 60% on voice • and email and 40% on other social media, • instant message, and interactive tools… Current Out-of-Date LI Technology cannot Mitigate the Risk of Attacks from Crime Rings

  5. New Criteria for LI • For both Telecom and Network Environment • Compliant with ETSI or CALEA Standards • Getting IP packet data stream from Telecom and Internet Service Providers • Decoding as many protocols as possible • Data retention capability for long term tracking and reporting • Easy to deploy and manage with high security control

  6. Regulators Correspondent Mediation Vendors Collection Vendors Interception Vendors Service Providers Scenario and Actors for LI Interception interface target Handover interface Monitor

  7. Interception Vendors Mediation Vendors Collection Vendors ETSI Lawful Interception Model IIF: Internal interception Function INI: Internal Network Interface HI1: Administraive Information HI2: Intercept Related Information HI3: Content of Communication HI1 Administration function Intercept related information (IRI) HI2 Network Internal Functions IRI Mediation function Content of Communication (CC) HI3 Content Mediation function IIF INI LEMF NWO/AP/SvP Domain

  8. Crime Investigation Cycle with LI Investigator Court GSN Target Provision Warrant Management Presentation IP Data -Control Plane -User Plane Core Router Interception & Filtering BRAS Decoding & Reconstruction Deep Content Inspection Delivery AAA LI Plane @ LEA LI Plane @ ISP

  9. Wired IAS PassiveInterception

  10. Wired IAS Active Interception

  11. Wireless 3G Passive Interception

  12. iMonitor(I) • Warrant Management -Target type • ISP account(RADIUS), • CPE MAC address(RADIUS), • MSISDN(Phone Number) - Warrant/Target life cycle management • Quest for the target context • Set start-time and end-time for the warrant /target • Suspend receiving data for time-out warrant/target • LEMF interface -ETSI TS 102 232-1/2/3 - DG proprietary interface Warrant Management Presentation Decoding & Reconstruction Deep Content Inspection

  13. iMonitor(2) • Decoding and Reconstruction -Receive data through handover interface -Protocol decoding and reconstruction • Instant Message: MSN messenger, Yahoo messenger, Facebook IM… • Mail: POP3, SMTP, web mail • VoIP: SIP, H.323, RTP, Codec(G.711/G.729) • Social Network: Facebook, Plurk, Twitter, Youtube… • Other common protocols: HTTP, Telnet, FTP, …. -Protocol decoding and recognition : Skype, What’s app, LINE… Warrant Management Presentation Decoding & Reconstruction Deep Content Inspection

  14. iMonitor Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…

  15. iMonitor Sample: Facebook Content of Facebook, friend list and attached files

  16. iMonitor Sample:HTTP (Web Link, Content and Reconstruction) Whoisfunction provides you the actual URL Link IP Address HTTP Web Page content can be reconstructed

  17. iMonitor Sample:HTTP Upload/Download

  18. iMonitor(3) • Deep Content Inspection - Advanced and fast keyword search on reconstructed content - Identity link and communication link discovery • System Capacity -400Mbps -Max number of provision targets: 20000 -Max number of inspector: 20 • Server Hardware(recommended) -HP DL380 Warrant Management Presentation Decoding & Reconstruction Deep Content Inspection

  19. iMonitor Sample:Alert and Notification – Alert with Content Alert configured from different service categories and different parameters such as key word, account, IP etc. Alert can be sent to Administrator by Email or SMS if SMS Gateway is available. Throughput alert function also available!

  20. iMonitor Sample:Search – Full Text, Condition, Association Complete Search – Full Text Search, Conditional Search, Similar Search and Association Search Conditional Search Full Text Search Association / Link Search

More Related