World Class Standards
Lawful interception
and Retained Data
Presentazione per l’Osservatorio Sicurezza
Anfov
Autore:Dionisio Zumerle
Technical Officer - ETSI
[email protected]
© ETSI 2007. All rights reserved
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
World Class Standards
Why Lawful Interception implementation in EU
17th January 1995: EU Council of Ministers
adopted resolution COM 96/C329/01 on Lawful Interception
“The providers of public telecommunications networks and
services are legally required to make available to the authorities
the information necessary to enable them to investigate
telecommunications”
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
2
World Class Standards
What is Lawful interception?
 A legally sanctioned official access to private communications
 telephone calls
 e-mail messages
 …
 A security process: a communication service provider collects
and provides law enforcement with intercepted communications
of private individuals or organizations
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
3
World Class Standards
Scenario and actors
Interception
interface
Regulators
Correspondent
Interception Vendors
Providers
target
Mediation Vendors
Handover interface
Collection Vendors
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Monitor
4
World Class Standards
Why standardisation of LI?
 Easier to define own LI mechanism
 Guidance is given for network architecture
 No need to define/invent complete own LI system
 Less expensive LI products
 Manufacturers need to develop one basic product
 National options are additional
 Intercepted result is meeting international requirements by
Law Enforcement Agencies
 Worldwide input
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
5
World Class Standards
Lawful Interception TC in ETSI
 ETSI/Technical Committee Security (TC SEC)
 Working Group Lawful Interception (SEC-WGLI) (1997)
 ETSI/Technical Committee Lawful Interception (TC LI)
 Established as stand-alone TC in Oct 2002
 Meetings
 Three plenary meetings a year (65-75 participants)
 Rapporteur meetings on specific technical issues
(4 Rapp meetings per year average, 15-25 participants)
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
6
World Class Standards
What does ETSI TC LI do?
Cost
Political
Interception
Business
Retrieval
Handover
Analysis
Legal
process
Relations
Storage
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
7
World Class Standards
Participation in ETSI TC LI
 Law Enforcement Agencies / Governments organisations
 NL, UK, DE, AS, S, GR, ES, FR, RU, FIN, IT, NO, CY, HU
 USA, CA, AU, KR
 Operators
 KPN (NL), DT (DE), BT (UK), TeliaSonera (S), Inmarsat, Telenor (NO),
UPC, Telecom Italia, Telstra (AU), T-Mobile (DE), Vodafone (DE)
 Manufacturers (switch)
 Nokia Siemens Networks, Ericsson, Cisco,
Alcatel Lucent, Nortel, Marconi, Motorola
 Manufacturers (mediation / LEA equipment)
 Pine Digital Security, Aqsacom, ETI, VeriSign, Siemens, GTEN,
Utimaco Safeware, Verint, Detica, NICE Systems, Thales, AREA,
ATIS Systems, SS8, Spectronic, Group 2000, ZTE
Manufacturers may be active in all areas
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
8
World Class Standards
LI Handover Interface
 Handover Interface for Lawful Interception (TS 101 671)




Generic flow of information and procedures and information elements
Applicable to any future telecommunication network or service
Circuit switched and packet data
Covered technologies:
•
•
•
•
•
•
•
PSTN/ISDN
GSM
UMTS (CS)
GPRS
TETRA
wireline NGN (including PES)
wireline IMS PSTN simulation
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
9
World Class Standards
The ETSI LI Model
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
10
World Class Standards
Types of Lawful Intercepted data
 Content of Communication (CC)
 Information exchanged between two or more users of a
telecommunications service
 Intercept Related Information (IRI)
 Collection of information or data associated with telecommunication
services involving the target identity:
• communication associated information or data
(including unsuccessful communication attempts)
• service associated information or data
(e.g. service profile management by subscriber)
• location information
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
11
World Class Standards
Handover Interface ports (TS 101 671)
 HI1: for administrative information
 Request for lawful interception:
target identity, LIID, start/duration, IRI or IRI+CC,
IRI delivery address, CC delivery address, ...
 Management information
 HI2: for delivery of Intercept Related Information
 All data related to establish the telecommunication service and to
control its progress
 Correlation information
 HI3: for delivery of Content of Communication
 Transparent en-clair copy of the communication
 Correlation information
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
12
World Class Standards
Parameters in IRI records (TS 101 671)
 LI related identities
 LIID, target, network operator, network element, call ID, ...




Timestamp
Intercepted call direction (to / from target)
Intercepted call state (in progress, connected)
Address: Calling party / Called party / Forwarded-to-party / ..
 E164, TEL URI, IMSI, IMEI, MSISDN, SIP URI, …
 Ringing tone duration / conversation duration
 Type of intercept:
 PSTN, ISDN, GSM (CS), TETRA, GPRS (PD), UMTS (CS)





Supplementary service information
Location information
National parameters
IRI record type (Begin, Continue, End, Report)
....
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
13
World Class Standards
Handover of LI via IP Networks
 TS 102 232-1: Delivery of IP based interception





Handover aspects (based on TS 101 671) for IP-based platforms
Header added to IRI and CC sent over the HI2 and HI3 interfaces
Protocols for transfer of IRI and CC across HO interfaces
Other parts define the service-specific IRI data formats
Generic header information to be added to HI2 and HI3 traffic
•
•
•
•
•
•
•
LIID
Communication Identifier
Sequence number
Timestamp
Payload direction
IRI record type (Begin, Continue, End, Report)
...
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
14
World Class Standards
IP Service-Specific Details (SSD)
 TS 102 232-2: SSD details for E-Mail Services
 Description for handover of E-mail messages (POP3, IMAP4)
 TS 102 232-3: SSD for Internet Access Services
 Description for handover of Internet Access Information and TCP/IP
information (DHCP, RADIUS)
 TS 102 232-4: SSD for Layer 2 Services
 Description for LI functionality of Layer 2 access
 TS 102 232-5: SSD for IP Multimedia Services
 Based on SIP and RTP, and services described by ITU-T H.323, H.248
 TS 102 232-6: SSD for PSTN/ISDN Services
 TS 102 232-7: SSD for Mobile Packet Services (drafting stage)
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
15
TS 102 232 IP HO World
Family
Class Standards
Application
SSD
for
E-mail
SSD
for
Internet
SSD
for
Layer-2
SSD
for IP
SSD
for
multimedia
PSTN/ISDN
Services
Services
Services
Services
Services
part 02
part 03
part 04
part 05
part 06
SSD
for
Mobile
Services
part 07
Presentation
Generic Headers
Session
Transport
Handover manager
Delivery session
Transport layer
Network layer
Network
and below
Delivery network
TS 102 232-1
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
16
Reference model for LI in IPWorld
networks
(TR 102 528)
Class Standards
(ETSI TR 102 528)
CSP Domain
HI
(ETSI TR 102 528)
HI1
LI Administration Function
(AF)
INI1b
INI1a
Intercept Related
Information Internal
Interception
Function (IRI-IIF)
INI1c
LEA Domain
Authorisation
authority /
Law
Enforcement
Agency
INI2
CCTI
Content of
Communication
Trigger Function
(CCTF)
Lawful
Interception
Mediation
Function
(MF)
CCCI
Content of
Communication
Internal Interception
Function (CC-IIF)
INI3
HI2
(IRI)
Law
Enforcement
Agency
HI3
(CC)
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
17
World Class
Standards
LI scenario on a VoIP MM platform
(TR 102
528)
Call Agent
INI1a
IRI-IIF
CCTF
AF
LEAF
HI2
INI2
Call
Control
HI1
MF
HI3
LEMF
CCCI
INI3
CC-IIF
PSTN
Target
Aggregation
router
Media
gateway
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
18
World Class Standards
Basic IP Multimedia message exchange (TR 102 528)
Target
End Point
CCIF
IRIIF
Remote
End Point
LIAF
LIMF
LEA
LEMF
HI1 court order (1)
INI1a LI_Activation_Req (2)
Invite (3)
INI2 Begin (4)
HI2 Begin (5)
INI1b LI_Activation_Req (6)
INI2 Begin_Ack (7)
180 Ringing (8)
200 OK (11)
ACK (14)
RTP (17)
INI2 Continue (9)
HI2 Continue (10)
INI2 Continue (12)
HI2 Continue (13)
INI2 Continue(15)
HI2 Continue (16)
RTP (17)
INI3 RTP (18)
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
HI3 RTP (19)
19
World Class Standards
General on security of LI
 Protection of Target information
 Protection of Rooms, Systems, Connections, Signalling
 Local staff
 Only authorised personnel has knowledge that interception has been
activated on a target
 Target
 Target should not be able to detect that interception is taking place
 Other parties
 Other parties of any telecommunications service should not be able,
by any means, to detect that any interception facility has been
(de)activated or that interception is taking place
 DTR/LI-00044
 Security framework in Lawful Interception and Retained Data
environment
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
20
World Class Standards
LI specifications in 3GPP and TISPAN
 TS 133 106 (3GPP TS 33.106)
Lawful interception requirements
 provides basic interception requirements
 partly based on ETSI TS 101 331
 TS 133 107 (3GPP TS 33.107)
Lawful interception architecture and functions
 TS 133 108 (3GPP TS 33.108)
Handover interface for Lawful Interception
 TS 187 005
NGN Lawful Interception; Lawful Interception functional entities,
information flow and reference points
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
21
World Class Standards
Retained Data in EU
15th of March 2006: the European Parliament
and the Council of the European Union adopted
Directive 2006/24/EC on Data Retention
“Data generated or processed in connection with the provision of
publicly available electronic communications services or of public
communications networks need to be retained”
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
22
World Class Standards
Relation of RD to LI
 Retention of Data is similar to LI
 Process of providing information on private communications
 Legally sanctioned
 Concerns stored traffic, rather than traffic in transit (LI)
 In ETSI, the stakeholders are the same




Regulators
LI equipment vendors
Telecom equipment vendors
Communication Service Providers
 Similar technology and protocols
 Similar EU Regulatory framework
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
23
World Class Standards
Applicability of the Directive
 The content of the communication (CC) is not part of the directive
 only signaling (IRI)
 Storage of all types of communication:




Wireline
Wireless
Internet services
Successful AND unsuccessful communication attempts
 Provided data must identify:






source of a communication
destination of a communication
date, time and duration of a communication
the type of communication
users' communication equipment
location of mobile communication equipment
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
24
World Class Standards
Retained Data Handover Interface
Handover Interface HI-A
administrative
Communication
Service
Provider
Handover Interface HI-B
transmission RD material
Requesting
Authority /
Law
Enforcement
Agency
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
25
World Class Standards
Retained Data Handover Protocol
CSP
Successful delivery
LEA
REQUEST: Request for Retained Data (HI-A)
REQ(ACK): Acknowledge request (HI-A)
Results of RD request (HI-B)
RESPONSE: confirm results have been sent (HI-A)
RES(ACK): Acknowledge Res message (HI-A)
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
26
World Class Standards
Modular approach
Framework standard
• Message sets for request and delivery
• Secure and reliable transport
Annex:
PSTN
Annex:
GSM
Annex:
Internet
access
services
Annex:
Multimedia
services
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
…
27
World Class Standards
Actual RD working/study issues in TC LI
 ETSI TS 102 656 (to be published)
Requirements of LEAs for handling Retained Data
 guidance and requirements for the delivery and associated issues of
retained data of telecommunications and subscribers
 set of requirements relating to handover interfaces for retained data
 requirements to support the implementation of Directive 2006/24/EC
 ETSI TS 105 601 (to be published)
Handover interface for the request and delivery of retained data
 handover requirements and handover specification for the data that
is identified in EU Directive 2006/24/EC on retained
 considers both the requesting of retained data and the delivery of the
results
 defines an electronic interface
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
28
World Class Standards
More information
http://portal.etsi.org/li
http://www.etsi.org/WebSite/Technologies/LawfulInterception.aspx
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
29