calea implementation in voip networks by cemal dikmen, ph.d. general manager lawful intercept...
Post on 29-Jan-2016
220 Views
Preview:
TRANSCRIPT
CALEA IMPLEMENTATION
IN VoIP NETWORKS
ByCemal Dikmen, Ph.D.
General ManagerLawful Intercept Products
SS8 Networks, Inc.
Thursday - 02/24/05, 8:15-9:00am
Regulatory Update - VoIP
DoJ/FBI/DEA petition filed on 3/10/04 asked FCC to initiate proceeding to resolve outstanding issues delaying CALEA implementation.
FCC has initiated a process called Notice of Proposed Rule Making (NPRM) on 8/4/2004 to clarify the issues regarding interception of IP traffic. The comments from DoJ, service providers, and vendors were filed on 11/8/2004. The reply comments were filed on 12/22/2004. The decision is expected in mid 2005.
NPRM tentatively concludes that CALEA applies to: Facilities-based providers of broadband internet access; Providers of “managed” VoIP service.
Why both broadband and managed VoIP providers? Communications identifying information and content may only be available by access to
both broadband access and VoIP providers.
VoIP providers such as Vonage are probably going to be covered under CALEA under the FCC’s upcoming decision.
Peer-to-Peer communications such as Skype will probably not be covered under CALEA.
Regulatory Update – IP Data
Based on the NPRM on 8/4/2004, Facilities-based providers of broadband internet access are expected to be covered under the CALEA law.
Why broadband service providers? Communications identifying information and content may only
be available by access to both broadband access and VoIP providers.
The specifications for IP interception are not available yet. Old wiretap rules still apply – deliver everything to the LEA.
Likely cause concerns over privacy. Need to define call-identifying information clearly for Pen Register & Trap and Trace type court orders.
Regulatory Update - PoC
Push-To-Talk over Cellular (PoC) in many cases uses VoIP technology over wireless data networks.
Several major wireless service providers are planning PoC deployments.
FCC has already declared that Push-To-Talk over Cellular (PoC) is subject to the CALEA requirements.
TIA is working on creating new lawful intercept specifications for PoC. The new specifications are expected to be published mid 2005.
The difficulty is obtaining information and call events from all the conference participants.
Requirements for Lawful Interception
Access to the information – Define Intercept Access Points
Provision the court order and define the target’s identity at the Intercept Access Points
Receive information from the Intercept Access Points to/from the target’s communication channel
Format the intercepted information based on the standards
Filter the information based on the court order
Deliver the intercepted communications to one or more authorized law enforcement agencies
Collect, store, and analyze the intercepted communications
Common CALEA Implementation
InterceptAccessPoints(IAP)
DeliveryFunction
(DF)
CollectionFunction
(CF)
Call Data Events
(d-CII)
Call Content
(d-CC)
Provisioning
(a)
Call Content
(e-CC)
Call Data Channel
(e-CII)
CourtOrder
Service Provider LEA
Demarcation Point
Standards BasedHandover Interface
ProprietaryInternal Network Interface
SPAF
Lawful Intercept Standards
J-STD-025 Rev. A – For interception in wireless and wireline circuit-switched networks.
J-STD-025 Rev. B – For interception of packet data telecommunications services (e.g., cdma2000® packet data).
PacketCable™ – For interception of Voice over IP (VoIP) type telecommunications services. The first specifications for VoIP interception.
T1S1 T1.678 – Lawfully authorized electronic surveillance for voice over packet technologies in wireline telecommunications networks.
ETSI TS 101 671 – Defines the handover interface for interception of telecommunications traffic.
ETSI TS 133 106, 133 107, 133 108 – Define interception in a GPRS/UMTS network.
ETSI TS 102 232 – Defines the handover interface for IP delivery.
ETSI TS 102 233 – Defines the handover interface for E-mail interception.
Intercept Access Points in PacketCable™ Architecture
CMS (Call Management System)
The Call Management System (CMS) provides service to the subscriber. The CMS is responsible for intercepting the Call-Identifying information.
Cable Model Termination System (CMTS)
The Cable Modem Termination System (CMTS) which controls the set of cable modems attached to the shared medium of the DOCSIS network. The CMTS is responsible for intercepting the Call Content, and certain call-identifying information.
Media Gateway (MG)
The Media Gateway (MG) is designated as an Intercept Access Point for purposes of intercepting Call Content for redirected calls to the PSTN.
PacketCable Voice Intercept - CMTS
Service Provider Domain
DELIVERY FUNCTION
CDCAdmin
CCC
LI Administration Function
DELIVERY FUNCTION
Law Enforcement Collection Function
Customer Premise
IAD (MTA)
Target Subscriber
Customer Premise IAD
(SIP, H.323, or MGCP based Gateway)
Call ManagementServer (CMS)
CMTSCMTS
War
ran
t Admin
CallControl
RTP Stream
CDC
COPS Request
Voice Packets
CallControl
PacketCable Voice Intercept – Media GW
Service Provider Domain
LI Administration Function
Call ManagementServer (CMS)
PSTNCustomer Premise IAD
(SIP, H.323, or MGCP based Gateway)
Target Subscriber
Law Enforcement Collection Function
GatewayCMTS
XCIPIO SSDF
CallControl
Voice Packets
Forwarded Call
Call to Target
War
ran
t
CCC
Admin
CallForward to
PSTN
CDC
CDC
Admin
CDC
CDC
MGCP
DELIVERY FUNCTION
Session Border Controller for VoIP A single Intercept Access Point (IAP) for both call
identifying information and call content.
Eliminates the need to provision for call content interception in real-time.
Eliminates the dependency on the lawful intercept capabilities of the softswitch, trunking gateway, CMTS and/or edge routers.
Transparent handling of call forwarding type features.
Session Border Controller as IAPService Provider Domain
LI Administration Function
XCIPIO SSDF
Law Enforcement Collection Function
Customer Premise
IAD
SBC
Cisco CMTS And Routers
Pro
visi
on
ing
of
War
ran
t
IRI
Provisioning and Call Events over TCP/IP
Based SS8 Interface
Admin
CC
IRI
CallControl
CallControl
CC
Target Subscriber
Customer Premise IAD
(SIP, H.323, or MGCP based Gateway)
Technical Challenges
PacketCable is the most widely deployed implementation and it requires DQoS. Call content interception cannot be performed if CMTS does not support DQoS. This situation created new and different architectures which required Delivery Function to take an active role in call content interception.
Most of the network elements (Call Management Systems, Gatekeepers, Media Gateways, Aggregation Routers, CMTS, etc.) need to support lawful interception within the distributed IP environment.
CMS Subscriber Provisioning interface does not address lawful interception provisioning. The target provisioning requires proprietary interfaces.
It is extremely difficult (or sometimes impossible) to capture call identifying information and call content in some of the call features, specifically for the features implemented within the customer premise IAD.
Intercepting Conference Calls
Conferencing is implemented within the Customer Premise Equipment (CPE) in some of the technologies. In this case, there is no way of knowing a conference is taking place.
Calls are intercepted as individual calls.
There is no call data information to report conference events.
Each leg of the call content is delivered to the LEA separately.
Hosted Conference Service
Service Provider Domain
Target Subscriber
Customer Premise IAD
ConferenceServer
CMTS
CMTS
PSTN
TGW
1-800-CONFERENCE
IP Network
3rd Party Conference Service
Conference Service Provider
Service Provider Domain
Target Subscriber
Customer Premise IAD
CMTS
CMTS
PSTN
TGW
1-800-CONFERENCE
IP Network
Real Life Problem ! ! !
Target Subscriber
Customer Premise IAD
Call ManagementServer (CMS)
CallControl
RTP Stream
CallControl
Associate
Customer Premise IAD
CMTSCMTS
VoIP Service Provider
AccessProvider
IP BackboneProvider
AccessProvider
Delivery Function As A Network Element
The Delivery Function should provide the user with:
Single point for surveillance administration
Built-in test tools for remote testing
Standard MML and remote GUI support
Alarm reporting and Error logging
Automatic software fault recovery
Automatic or manual disk backup
SNMP support for alarm reporting
Cemal Dikmen
cemal.dikmen@SS8.com
Phone: +1.203.567.0603
http://www.ss8.com
Thank You ! ! !
top related