educause li overview february 2007 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
EduCause LI Overview February 2007 PowerPoint Presentation
Download Presentation
EduCause LI Overview February 2007

Loading in 2 Seconds...

play fullscreen
1 / 31

EduCause LI Overview February 2007 - PowerPoint PPT Presentation


  • 109 Views
  • Uploaded on

EduCause LI Overview February 2007. Craig Mulholland (crmulhol@cisco.com). Disclaimers. It is Cisco's intent to support its customers by developing products that will help them meet the requirements of the law

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'EduCause LI Overview February 2007' - ishmael


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
educause li overview february 2007

EduCause LI Overview February 2007

Craig Mulholland (crmulhol@cisco.com)

disclaimers
Disclaimers
  • It is Cisco's intent to support its customers by developing products that will help them meet the requirements of the law
  • Customers are strongly advised to seek qualified legal counsel to advise them about the extent of their obligation under Lawful Intercept regulations and laws in each country in which they operate

The Contents of this Presentation Do Not Constitute Legal Advice nor Does Cisco Guarantee the Accuracy or Completeness of Such Information

agenda
Agenda
  • Regulatory Changes
  • T1.IAS - Lawful Intercept for Internet Access and Services (IAS) (US only)
  • Implementation Options
  • Service Independent Intercept (SII) Architecture
regulatory changes
Regulatory Changes
  • United States (US) –
    • 24 September 2005 – FCC issued First Order – CALEA applies to interconnected VoIP and facilities-based Broadband Internet Access
    • 3 May 2006 – FCC issued Second Order – defers definitions to standards, affirms deadline
    • 5 May 2006 – Appeals court oral arguments on First Order
    • 9 June 2006 – Appeals court affirmed FCC decision to apply CALEA to interconnected VoIP and facilities-based broadband
  • Compliance Deadline:
    • 14 May 2007
li architecture requirements
LI Architecture Requirements
  • Service Provider must be able to provide:
    • Communication-Identifying Information (CmII)
      • Dialed Digits (Voice Calls)
      • Subject login (data)
      • Network Addresses (& ports??) (data)
    • Content of Communication (CC)
      • Audio Content of Voice Call
      • Packets to/from subject
  • Must be able to correlate Communication Identifying Information with Content of Communication
t1 ias
T1.IAS
  • Lawful Intercept for Internet Access and Services (IAS)
  • Issue S086 - Ballot Closed 11/14/2006
    • 13 “YES” Votes - 8 with comments
    • 3 “NO” Votes
    • 3 abstentions
  • Interim Meeting Austin, 29 - 30 November to resolve Ballot comments
  • Law Enforcement “NO” votes unresolved - “buffering issue”
  • Default Ballot recommended at close of meeting
  • Default Ballot closed in January
    • 1 “Yes” vote changed to “No”
    • 1 “No” vote changed to “Yes”
  • Comment resolution scheduled for February meeting
t1 ias10
T1.IAS
  • T1.IAS divides the subject’s session into two states
  • The “Access Session” state - logon, logoff, and failure or rejection events during the logon process
  • The “Packet Session” state - subject has been granted access to the Internet and is ready to transfer data
  • Not all networks can report all events, eg. “always on” scenarios may not be able to report some access events
what is communication identifying information cmii for internet access
What is Communication Identifying Information (CmII) for Internet Access??
  • Access Session Events – Access Attempt, Access Accepted, Access Failed, Access Session End, Access Rejected, Access Signaling Message Report
  • Packet Session Events - Packet Data Session Start, Packet Data Session Failed, Packet Data Session End, Packet Data Session Already Established, Packet Data Header Report, Packet Data Summary Report
  • Packet Data Header Report, and Packet Data Summary Report are used to report Packet Header information for Internet sites visited by the subject
t1 ias communication identifying information cmii

LEA

IRI

IRI

Collection

Function

AccessRequest

Target

Subscriber

Data Stream

T1.IAS - Communication Identifying Information (CmII)

AAA Server

(Cisco Access Registrar, Other)

Mediation

Device

Access Attempt: Case ID,

IAP, Time, Subscriber ID

Aggregation Router

t1 ias communication identifying information cmii13

LEA

IRI

IRI

Collection

Function

Access Accept

Target

Subscriber

Data Stream

T1.IAS - Communication Identifying Information (CmII)

AAA Server

(Cisco Access Registrar, Other)

Mediation

Device

Access Accepted: Case ID,

IAP, Time, Subscriber ID,

Access Session ID

Aggregation Router

t1 ias communication identifying information cmii14

LEA

IRI

Collection

Function

Intercept Request

Intercepted Data

Target

Subscriber

Data Stream

T1.IAS - Communication Identifying Information (CmII)

AAA Server

(Cisco Access Registrar, Other)

Mediation

Device

Packet Data Session Start:

Case ID, IAP, Time, Subscriber ID,

Packet Session ID, IP Address

Aggregation Router

t1 ias communication identifying information cmii15

LEA

IRI

Collection

Function

Intercept Request

Intercepted Data

Target

Subscriber

Data Stream

T1.IAS - Communication Identifying Information (CmII)

AAA Server

(Cisco Access Registrar, Other)

Mediation

Device

Packet Data Header Report:

Case ID, IAP, Time,

Packet Session ID,

IP Packet Headers

OR

Packet Data Summary Report:

Case ID, IAP, Time,

Packet Session ID,

IP Packet Header Summary reports

Aggregation Router

t1 ias communication identifying information cmii16

LEA

IRI

Collection

Function

CC

Intercept Request

Intercepted Data

Target

Subscriber

Data Stream

T1.IAS - Communication Identifying Information (CmII)

AAA Server

(Cisco Access Registrar, Other)

Mediation

Device

Content Delivery,

if authorized

Aggregation Router

t1 ias issues
T1.IAS - Issues

$$

  • Buffering/Short term Storage – Law enforcement has requested buffering and file management, not included in standard
    • - Alternate standard for buffering in progress
  • IP Packet Headers – port numbers required as a result of ballot comment resolution
passive equipment
Passive Equipment
  • Involves placement of new equipment in strategic locations in the network to access ‘signaling’ and ‘content’ information of interest.
  • Pros:
    • Does not require changes to existing network element hardware and/or software
  • Cons:
    • Additional equipment required. Amount of equipment required can be reduced by physically moving equipment, as required.
    • Additional O&M costs
    • Not capable of intercepting information that remains local to the edge network element
  • Cost:
    • Passive equipment: $35K +++ ea.
    • Mediation Device: $75K + (based on number of subscribers)
intercept capable network elements
Intercept Capable Network Elements
  • Adds interception capability to existing network elements
  • Pros:
    • Reduced cost by leveraging existing infrastructure
    • Reduced O&M costs
  • Cons:
    • Functionality may not be supported on all platforms in the network. If it is supported, hardware upgrades (memory, processor, etc.) may be required
    • Interception introduces an impact to network element performance
  • Cost:
    • Network element S/W licenses: $0 - $15K+ ea
    • Mediation Device: $75K + (based on number of subscribers)
hybrid
Hybrid
  • Combination of passive equipment and intercept support
    • Provides flexibility of passive equipment solution with cost advantages of intercept support on network elements
  • Augments network element intercept capability
    • Offloads network element for large bandwidth intercepts
  • Pros:
    • Most comprehensive and cost effective solution
    • Most flexible solution for CALEA compliance in multi-vendor network
  • Cons:
    • Somewhat higher O&M and equipment costs
  • Cost:
    • Network element S/W licenses: $0 - $15K+ ea
    • Passive equipment: $35K +++ ea.
    • Mediation Device: $75K + (based on number of subscribers)
trusted third party ttp
Trusted Third Party (TTP)
  • TTP becomes agent of record for Service Provider
    • Assumes all responsibilities and obligations
  • Pros:
    • Continued protection from criminal & civil liability
    • Reduces operating costs and conserves capital
    • Assumes risk and up-front investment (personnel, technology)
    • Future-proof services
  • Cons:
    • CALEA activities are handled by third party
    • TTP requires access (physical and admin) to your network
  • Cost:
    • Initial assessment/setup fee: $10K+ (depends on size of network)
    • Monthly service fee: $1.5K+ (depends on size of network)
    • Per intercept fee: Records production = $500?, Pen/Trap = $1000?,
    • Full Content = $1500? (Reimbursable by LEA)
key cisco sii architecture features
Key Cisco SII Architecture Features
  • Standard architecture (same for voice or data)
  • Places control of LI on Mediation Device (instead of on call control equipment)
  • Separates lawful intercept control from call control
  • Common interface to Mediation Device and Call Control partners
  • Modular architecture, easily adapted to regional requirements through mediation device
generic view of the li architecture
Generic View of the LI Architecture

Demarcation Point (SP, LEA Responsibility)

Service Provider

LI Administration

Function

Law Enforcement

Agency (LEA)

Intercept

Related

Info (IRI)

Intercepting

Control

Element

(ICE)

Request

Mediation

Device

Collection

Function

IRI

Communication

Content (CC)

Content

Request

Information for the Same Intercept May Be Sent to Multiple LEAs

Intercepting

Network

Element

(INE)

Request

Access Function (AF)/

Intercept Access Point (IAP)

Cisco Equipment

3rd Party Equipment

cisco service independent intercept
Cisco Service Independent Intercept

Configuration Commands

Service Provider

LI Administration

Function

Voice - Call Agent

Data - Radius, AAA

Law Enforcement

Agency (LEA)

Intercept

Related

Info (IRI)

Intercepting

Control

Element

(ICE)

Request

Mediation

Device

Collection

Function

IRI

Communication

Content (CC)

Content

Request

RTP or UDP transport for delivery

RADIUS Event Messages

Intercepting

Network

Element

(INE)

SNMPv3

Cisco Equipment

Voice - Edge router, Trunk G/W

Data – Access/Aggregation router

3rd Party Equipment

ietf rfc 3924
IETF—RFC 3924

Law Intercept

Administration Function

Law Enforcement

Agency (LEA)

HI1(a)

MD Provisioning

Interface

b

HI2(g)

c

Intercept Related

Information (IRI) IAP

Mediation Device (MD)

HI3(h)

e

HI3(h)

IRI (e)

d

f

Intercepted Content (f)

Intercept Request (d)

Content Intercept

Access Point (IAP)

User Content

User Content

Service Provider Functions

Lawful Intercept Architecture Reference Model

cisco lawful intercept architecture
Cisco Lawful Intercept Architecture
  • IETF first draft June 2003
  • IETF second draft October 2003
  • Informational RFC 3924 adopted October 2004
  • Modular architecture—adapts to regional requirements via partner equipment (mediation device)
  • Key Features:
    • Common architecture (SII) for voice and data
    • Separation of intercept control from call control (voice) and session control (data)
    • Controlled by mediation device
    • Standardized interface for mediation device to provision intercepts via SNMPv3
li architecture voice intercept

1

Admin (HI1)

2

Admin

LEA

Intercept Request

3

Config

Call

Control

IRI

Collection

Function

8

7

5

11

IRI

CC

6

10

Intercepted Data

4

CPE Adapter or IP Phone

Call

Control

9

Target

Subscriber

RTP Stream

LI Architecture—Voice Intercept

LI Administration

Function

Gatekeeper,

SIP Proxy,

Call Agent

Mediation

Device

CPE Adapter or IP Phone

Aggregation Router

Aggregation Router

li architecture data intercept

1

Admin (HI1)

2

Admin

LEA

Intercept Request

11

3

Config

IRI

Collection

Function

7

10

5

14

IRI

CC

Config

6

13

4

3

Acct

Start

Sniffer/

Probe

AccessRequest

Intercepted Data

9

12

Access Accept

8

Target

Subscriber

Data Stream

LI Architecture—Data Intercept

LI Administration

Function

AAA Server

(Cisco Access Registrar, Other)

Mediation

Device

Aggregation Router