slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Lawful Intercept Briefing PowerPoint Presentation
Download Presentation
Lawful Intercept Briefing

Loading in 2 Seconds...

play fullscreen
1 / 26

Lawful Intercept Briefing - PowerPoint PPT Presentation


  • 237 Views
  • Uploaded on

Lawful Intercept Briefing. LI for VoIP, IP. Scott W. Coleman Dir. Of Marketing - LI SS8 Networks. SS8 Networks Overview. Privately held company with 20+ years of operating history 12 years providing Law Intercept solutions Headquartered in San Jose, CA

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Lawful Intercept Briefing' - terry


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
lawful intercept briefing

Lawful Intercept Briefing

LI for VoIP, IP

Scott W. Coleman

Dir. Of Marketing - LI

SS8 Networks

ss8 networks overview
SS8 Networks Overview
  • Privately held company with 20+ years of operating history
  • 12 years providing Law Intercept solutions
  • Headquartered in San Jose, CA
  • Market leader in lawful intercept delivery function solution
  • 250 worldwide service provider customers
  • OEM relationship with some of the largest equipment vendors (Lucent, Nortel, Alcatel)
  • Partnerships with many equipment providers

(Juniper, AcmePacket, NexTone, Sylantro, Cisco, Samsung)

what is lawful intercept
What is Lawful Intercept?
  • The targeted intercept of voice and data services, by a service provider on the behalf of Law Enforcement, when authorized by a court
  • Uses:
    • Criminal - Investigation and Prosecution of criminal activity
    • Intelligence Gathering - Investigation of individuals for Homeland security, anti-terrorism and other threats
  • Tightly controlled in both approval and operation
calea areas of responsibility
CALEA – Areas of Responsibility

Passes Legislation

(CALEA)

Arbitrator between Law Enforcement and service providers

Congress

Tasked with enforcement and implementation

Dept of Justice

FCC

FBI

Carriers

Required to implement CALEA solution in their networks.

Industry Standards Body

Standards include:

J-STD-025A, B

PacketCable,

T1.678, T1.IPNA

Equipment providers

regulatory events
Regulatory Events
  • 2004 FBI, DOJ, DEA file joint petition asking FCC to clarify implementation of CALEA for Broadband and VoIP providers.
    • “Information Services”
    • VoIP in Cable environments
  • August 2005 FCC issued “First Report and Order” deeming that “Facilities based broadband and inter-connected VoIP providers” must provide CALEA support within 18 months of the Order.
  • May 2006 FCC issued “Second Report and Order” confirming that there would be no extensions and or exceptions
  • June 9th, lawsuit on behalf of Service providers seeking to stall or alter the FCC report was denied by the DC Circuit Court
  • 105 Filing – Security Policy and Procedure – March 12, 2007
  • Monitoring Reports – February 12, 2007
  • Compliance deadline of May 14th 2007
  • Solution Certification – FBI/CIU
types and quantities of warrants
Types and Quantities of Warrants
  • Subpoena
    • Call records (copies of phone bills).
    • Up to 2 million of these are done on an annual basis.
  • Pen Register or Trap and Trace
    • Real time delivery of call data only (off-hook, ringing, answer, disconnect, call forward, hookflash etc.)
    • Far fewer done than the subpoenas for call records (130,000)
  • Title III
    • Call Content included. Only 2600 done per year
    • Only approved after a true need is demonstrated to the judge.
    • Quite expensive for Law Enforcement.
      • Monitored live 24 hours a day
      • Ground team surveilling the target
calea report requirements for congress
CALEA Report Requirements for Congress

Department of Justice - CALEA

Audit Report DOJ Inspector General – April

Department of Justice - FISA

DOJ Attorney General Report - April

Federal and State LEA

Admin. Office of US Courts – Wiretap Report - April

Congress

intercept statistics
Intercept Statistics
  • 2004 Authorized Intercept Orders: 1,710
  • Federal: 730 State: 980
  • Four states accounted for 76% of intercept orders
  • Average duration of 43 days
  • Longest was 390 days
  • 88% for portable devices (94% telephonic)
  • Average cost of $63,011
  • Foreign Intelligence Surveillance Act: 1,754 orders approved

New York - 347

California – 144

New Jersey - 144

Florida - 72

how is lawful intercept performed
How is Lawful Intercept performed?
  • Identify the user
    • Determine the target identifier (phone number, email address, IP address etc.)
  • Wait for authentication
    • When the target utilizes the network they must be authenticated. Watch for that event.
  • Find the edge
    • When the target authenticates, find the edge device closest to the target (so as not to miss any peer-to-peer transactions) and obtain a copy of the target’s communications.
lawful intercept network architecture

SBC

Phone switches

Xcipio

LEA

VoIP

Call Agent

Service Provider

Domain

Law Enforcement

Domain

Passive probe

Routers, data switches

Lawful Intercept Network Architecture

Access Function

Delivery Function

Collection Function

  • Provisions the access functions with target identifying information
  • Receives copies of target ‘s traffic
  • Correlates and converts raw target traffic to standards based interface towards LEA
  • Recording and storage of intercepted traffic
  • Analysis tools to track, correlate and interpret intercepted traffic
  • Access elements that provide connectivity to target’s voice & data communications
  • Identifies and replicates target’s traffic
  • PSTN switches, SBC, routers, BRAS
  • SS8 passive probe

Raw Network Data

Standards Based Delivery

(J-STD, ETSI, PacketCable)

standards
Standards

Impact:

  • Defined the components:
    • Access Function (AF), Delivery Function (DF), Collection Function (CF)
  • Defined the demarcation points and the need for interfaces
  • Created an environment where customization was reduced and reproducible products could be built.

Standards in common use in the U.S.:

  • J-STD-25A – Punchlist
  • J-STD-25B – CDMA2000 wireless data
  • PacketCable – VoIP for Cable networks
  • T1.678 – VoIP for wireline, PTT, PoC
  • ETSI 33.108 – GPRS wireless data
  • ATIS – T1.IPNA – ISP data (brand new)

International standards in common use:

  • ETSI 33.108 – GPRS wireless data
  • ETSI 201.671 – TDM voice
  • ETSI 102.232, 102.233, 102.234 – ISP Data intercept (email, IP packets)
defining the interfaces

SBC

HI-1

INI-1

LEA

INI-2

Phone switches

Xcipio

HI-2

VoIP

Call Agent

HI-3

INI-3

Service Provider

Domain

Law Enforcement

Domain

Passive probe

Routers, data switches

Defining the Interfaces

Access Function

Delivery Function

Collection Function

Provisioning

Internal Network Interface #1

Provisioning

Handover Interface #1

Raw Network Data

Communication Data /

Signaling

Internal Network Interface #2

Data / Signaling

Handover Interface #2

Standards Based Delivery

(J-STD, ETSI, PacketCable)

Media Content

Handover Interface #3

Media Content

Internal Network Interface #3

applying standards

INI-1

HI-1

INI-1

INI-2

LEA

Xcipio

HI-2

INI-3

HI-3

Service Provider

Domain

Law Enforcement

Domain

Applying Standards

Access Function

Delivery Function

Collection Function

Only exception is PacketCable that also defines INI-2 and INI-3

Provisioning

Internal Network Interface #1

Provisioning

Handover Interface #1

Communication Data /

Signaling

Internal Network Interface #2

Data / Signaling

Handover Interface #2

Media Content

Handover Interface #3

Media Content

Internal Network Interface #3

Standards only apply to HI-2 and HI-3

methods for lawful intercept
Methods for Lawful Intercept
  • Active Approach
    • Work with the network equipment manufacturers to develop lawful intercept capability in the network elements.
    • Utilize existing network elements for lawful intercept
    • Sometimes serious impact to network performance
    • No need for additional hardware
  • Passive Approach
    • Use passive probes or sniffers as Access Function to monitor the network and filter target’s traffic
    • Requires expensive additional hardware
    • No impact to the network performance
  • Hybrid – utilizes both
voip active intercept cisco sii

Service Provider Domain

LI Administration

Function

Admin HI-1

Provisioning

of Warrant

SoftSwitch

Cisco BTS

Law Enforcement Monitoring Facility

Admin (INI-1)

HI-2

INI-2

XCIPIO

HI-3

Call

Control

Voice

Packets

INI-3

SNMPv3 Request

INI-1

Call

Control

RTP Stream

CMTS

CMTS

VoIP Active Intercept (Cisco SII)

Law Enforcement Agency

DELIVERY FUNCTION

Xcipio LEMF

DR-2400

Target

Subscriber

Customer Premise IAD

Customer

Premise IAD

(SIP, H.323, or MGCP

based Gateway)

voip intercept at trunk media gateway for forwarded calls

Service Provider Domain

LI Administration

Function

Provisioning

of Warrant

SoftSwitch

Cisco BTS

Law Enforcement Monitoring Facility

Admin HI-1

INI-1

HI-2

HI-2

XCIPIO SSDF

INI-2

INI-2

XCIPIO

HI-3

Call

Forward to PSTN

SNMPv3

INI-1

Target

Subscriber

Voice

Packets

INI-3

Call

Control

Call to

Target

PSTN

Customer

Premise IAD

(SIP, H.323, or MGCP

based Gateway)

Forwarded

Call

CMTS

Media

Gateway

VoIP – Intercept at Trunk/Media Gateway (for Forwarded Calls)

Law Enforcement Agency

Xcipio LEMF

DR-2400

active approach to ip data intercept

LI Administration

Function

HI-1

Law Enforcement Monitoring Facility

Provisioning

of Warrant

AAA Server

INI-1 Admin

HI-2

XCIPIO

INI – 2 IRI

HI-3

Internet

Radius

Authenticate

Router

Active Approach to IP Data Intercept

Service Provider Domain

Law Enforcement Agency

SNMPv3

Request

Intercepted

Data – INI-3

Data Stream/IP Access

Target

Subscriber

passive approach to ip data intercept

LI Administration

Function

HI-1

Law Enforcement Monitoring Facility

Provisioning

of Warrant

AAA Server

INI-1 Admin

HI-2

XCIPIO

INI – 2 IRI

HI-3

INI -1 Provisioning

Internet

Radius

Authenticate

Provisioning

Report

Intercepted

Data

INI-3

Router

Passive Approach to IP Data Intercept

Service Provider Domain

Law Enforcement Agency

SNMPv3

Request

Intercepted

Data – INI-3

Data Stream/IP Access

Target

Subscriber

the components of xcipio

HI-1

INI-1

INI-1

INI-2

LEA

Xcipio

HI-2

INI-3

HI-3

Service Provider

Domain

Law Enforcement

Domain

The Components of Xcipio

Access Function

Delivery Function

Collection Function

Provisioning

Internal Network Interface #1

Provisioning

Handover Interface #1

Communication Data /

Signaling

Internal Network Interface #2

Data / Signaling

Handover Interface #2

Media Content

Handover Interface #3

Media Content

Internal Network Interface #3

the components of xcipio24

INI-3

INI-1

INI-2

HI-1

HI-2

HI-3

IP Packet processing

TDM Switch Matrix

Passive probe

Provisioning Element:

Database, supports User Interface, maintains all warrant information, creates shared memory image of intercept information

The Components of Xcipio

User Interface

Remote or local access to Xcipio

Intercept Engine:

Receives call data, call events, network signaling,

INI-2 and HI-2

LIS:

Signaling stacks (SIP,SS7), TCP/IP stacks, error logs, alarms, SNMP, Managed object structure etc.

Provisioning Element

Database, User Interface

PE-2200

Software module

Intercept Engine

Call data, call events, signaling

  • Content Processor

processing, routing, replicating, identification, encapsulation, encryption and delivery of content (packet and/or TDM voice) to law enforcement in real-time.

IE-2100

Software module

LIS – Lawful Intercept Server

Core Software Application

- real-time processing -

LIS

Software release

Primary Server

Physical Layer

Sun servers, Ethernet connectivity, IP packets, switch matrix cards

CP-2300

Software module

Content Processor

Filters, encapsulates content

(IP, VoIP, TDM, HTTP etc.)

summary
Summary
  • SS8 has over 12 years of experience providing Lawful Intercept solutions internationally both directly and through partners.
    • Current customers include government agencies and carriers that range from very large nationwide carriers to small rural carriers.
    • We partner with many different network equipment vendors to deliver comprehensive LI solutions.
  • In the US there is a deadline (May 14, 2007) that is approaching quickly and carriers need to address their obligations.
    • Small carriers seem to be lagging in terms of meeting the deadline so to address that need, SS8 is designing cost effective programs to specifically for small carriers and enterprises.
    • These programs address short term capital expenditures as well as long term operating costs.
slide26

Thank You

Scott W. Coleman

Dir. Of Marketing - LI

SS8 Networks