Lawful Intercept Overview - (continued)
Administration Functions
The ADMF must only be accessed by authorized users. It will manage the deployment of tasks to the other LI elements.
Tasking Targets - Each target will require a Warrant ID and Case ID assigned by the LEA. Each case may require IRI or CC or both to be intercepted. Each task is assigned a start date and an end date, upon which the case will expire.
Auditing Tasks - The ADMF is typically responsible for auditing the network of IIFs to ensure that the target lists match; differences should be automatically reconciled.
Mediation Function Configuration – Each interface to the LEMF must be individually specified to match the required standard output.
Information Volatility
Essential target information must be encrypted by the ADMF and any information stored in the IIF in encoded form, thereby preventing unauthorized access to sensitive warrant information. Any information stored within the IIF should be stored in volatile memory, so that this information is erased if a component of the network node is removed or powered down. Only the encrypted database of the ADMF should be maintained during power-down situations.
In the event of a link failure between the MF and the LEMF the intercept products may be buffered for a short time in memory only. Any long term failure of the interface will result in intercept products being lost - this information must not be spooled to permanent storage.
Conclusion
Recently it has become increasingly clear that VoIP services will be expected to provide Lawful Intercept and Emergency Call Handling services to the same level experienced in the PSTN. The FCC in North America for example has mandated that both emergency calls and Lawful Intercept must be available. Whilst not all countries mandate this capability, any network operator building a publicly available voice or multimedia over IP service today will need to plan a network which is flexible enough to implement these regulatory services in the future. Session border controllers are being deployed at strategic points within VoIP networks to execute a number of access, security and quality management roles; they offer an ideal location to implement a Lawful Intercept solution. Carrier class SBCs already offer the levels of redundancy and resilience to provide 'five 9s' availability, further endorsing their suitability for the location of the IIF.■
Terminology
| ADMF |
Administration Function |
| CALEA |
Communications Assistance for Law Enforcement Act |
| CC |
Contents of Communication |
| ETSI |
European Telecommunications Standards Institute |
| HI |
Handover Interface |
| IIF |
Internal Intercept Function |
| INI |
Internal Networks Interface |
| IRI |
Intercept Related Information |
| LEA |
Law Enforcement Agency |
| LEMF |
Law Enforcement Monitoring Facility |
| LI |
Lawful Interception |
| MF |
Mediation Function |
| PSTN |
Public Switched Telephone Network |
| PTN |
Public Telecom Network |
| VoIP |
Voice over IP |
References
ETSI TS 101 331 - Telecommunications security; Lawful Interception (LI) Requirements of Law Enforcement Agencies
ETSI TR 101 943 - Telecommunications security; Lawful Interception (LI); Concepts of Interception in a Generic Network Architecture
ETSI TS 101 671 - Telecommunications security; Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic
PKT-SP-ESP1.5-I01-050128; PacketCable™ 1.5 Specifications; Electronic Surveillance
A summary of the ETSI LI specs is located at portal.etsi.org/li/Summary.asp, and specs can be downloaded from portal.etsi.org/li/status.asp
|
IPsec and VoIP
