Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept Briefing LI for VoIP, IP Scott W. Coleman Dir. Of Marketing - LI SS8 Networks.

Similar presentations


Presentation on theme: "January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept Briefing LI for VoIP, IP Scott W. Coleman Dir. Of Marketing - LI SS8 Networks."— Presentation transcript:

1

2 January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept Briefing LI for VoIP, IP Scott W. Coleman Dir. Of Marketing - LI SS8 Networks

3 January 23-26, 2007 Ft. Lauderdale, Florida SS8 Networks Overview Privately held company with 20+ years of operating history 12 years providing Law Intercept solutions Headquartered in San Jose, CA Market leader in lawful intercept delivery function solution 250 worldwide service provider customers OEM relationship with some of the largest equipment vendors (Lucent, Nortel, Alcatel) Partnerships with many equipment providers (Juniper, AcmePacket, NexTone, Sylantro, Cisco, Samsung)

4 January 23-26, 2007 Ft. Lauderdale, Florida What is Lawful Intercept? The targeted intercept of voice and data services, by a service provider on the behalf of Law Enforcement, when authorized by a court Uses: –Criminal - Investigation and Prosecution of criminal activity –Intelligence Gathering - Investigation of individuals for Homeland security, anti-terrorism and other threats Tightly controlled in both approval and operation

5 January 23-26, 2007 Ft. Lauderdale, Florida CALEA – Areas of Responsibility Passes Legislation (CALEA ) Tasked with enforcement and implementation Standards include: J-STD-025A, B PacketCable, T1.678, T1.IPNA FBI Dept of Justice Industry Standards Body Carriers FCC Congress Equipment providers Arbitrator between Law Enforcemen t and service providers Required to implement CALEA solution in their networks.

6 January 23-26, 2007 Ft. Lauderdale, Florida Regulatory Events 2004 FBI, DOJ, DEA file joint petition asking FCC to clarify implementation of CALEA for Broadband and VoIP providers. –Information Services –VoIP in Cable environments August 2005 FCC issued First Report and Order deeming that Facilities based broadband and inter-connected VoIP providers must provide CALEA support within 18 months of the Order. May 2006 FCC issued Second Report and Order confirming that there would be no extensions and or exceptions June 9 th, lawsuit on behalf of Service providers seeking to stall or alter the FCC report was denied by the DC Circuit Court 105 Filing – Security Policy and Procedure – March 12, 2007 Monitoring Reports – February 12, 2007 Compliance deadline of May 14 th 2007 Solution Certification – FBI/CIU

7 January 23-26, 2007 Ft. Lauderdale, Florida Types and Quantities of Warrants Subpoena –Call records (copies of phone bills). –Up to 2 million of these are done on an annual basis. Pen Register or Trap and Trace –Real time delivery of call data only (off-hook, ringing, answer, disconnect, call forward, hookflash etc.) –Far fewer done than the subpoenas for call records (130,000) Title III –Call Content included. Only 2600 done per year –Only approved after a true need is demonstrated to the judge. –Quite expensive for Law Enforcement. Monitored live 24 hours a day Ground team surveilling the target

8 January 23-26, 2007 Ft. Lauderdale, Florida CALEA Report Requirements for Congress Department of Justice - CALEA Federal and State LEA Congress Department of Justice - FISA Audit Report DOJ Inspector General – April DOJ Attorney General Report - April Admin. Office of US Courts – Wiretap Report - April

9 January 23-26, 2007 Ft. Lauderdale, Florida Intercept Statistics 2004 Authorized Intercept Orders: 1,710 Federal: 730 State: 980 Four states accounted for 76% of intercept orders Average duration of 43 days Longest was 390 days 88% for portable devices (94% telephonic) Average cost of $63,011 Foreign Intelligence Surveillance Act: 1,754 orders approved New Jersey - 144 Florida - 72 New York - 347 California – 144

10 January 23-26, 2007 Ft. Lauderdale, Florida Intercept Applications by Offense Type.

11 January 23-26, 2007 Ft. Lauderdale, Florida How is Lawful Intercept performed? Identify the user –Determine the target identifier (phone number, email address, IP address etc.) Wait for authentication –When the target utilizes the network they must be authenticated. Watch for that event. Find the edge –When the target authenticates, find the edge device closest to the target (so as not to miss any peer-to-peer transactions) and obtain a copy of the targets communications.

12 January 23-26, 2007 Ft. Lauderdale, Florida Law Enforcement Domain Service Provider Domain Xcipio Lawful Intercept Network Architecture Access FunctionDelivery FunctionCollection Function Phone switches SBC Routers, data switches VoIP Call Agent Passive probe Raw Network Data Standards Based Delivery (J-STD, ETSI, PacketCable) LEA Provisions the access functions with target identifying information Receives copies of target s traffic Correlates and converts raw target traffic to standards based interface towards LEA Recording and storage of intercepted traffic Analysis tools to track, correlate and interpret intercepted traffic Access elements that provide connectivity to targets voice & data communications Identifies and replicates targets traffic PSTN switches, SBC, routers, BRAS SS8 passive probe

13 January 23-26, 2007 Ft. Lauderdale, Florida Standards

14 January 23-26, 2007 Ft. Lauderdale, Florida Standards Impact: Defined the components: –Access Function (AF), Delivery Function (DF), Collection Function (CF) Defined the demarcation points and the need for interfaces Created an environment where customization was reduced and reproducible products could be built. Standards in common use in the U.S.: J-STD-25A – Punchlist J-STD-25B – CDMA2000 wireless data PacketCable – VoIP for Cable networks T1.678 – VoIP for wireline, PTT, PoC ETSI 33.108 – GPRS wireless data ATIS – T1.IPNA – ISP data (brand new) ETSI 33.108 – GPRS wireless data ETSI 201.671 – TDM voice International standards in common use: ETSI 102.232, 102.233, 102.234 – ISP Data intercept (email, IP packets)

15 January 23-26, 2007 Ft. Lauderdale, Florida Service Provider Domain Law Enforcement Domain Defining the Interfaces Access FunctionDelivery FunctionCollection Function Phone switches SBC Routers, data switches VoIP Call Agent Passive probe Raw Network Data Standards Based Delivery (J-STD, ETSI, PacketCable) LEA INI-1 Provisioning Internal Network Interface #1 INI-2 Communication Data / Signaling Internal Network Interface #2 INI-3 Media Content Internal Network Interface #3 HI-1 HI-2 HI-3 Data / Signaling Handover Interface #2 Provisioning Handover Interface #1 Media Content Handover Interface #3 Xcipio

16 January 23-26, 2007 Ft. Lauderdale, Florida Service Provider Domain Law Enforcement Domain Applying Standards Access FunctionDelivery FunctionCollection Function LEA Provisioning Internal Network Interface #1 Media Content Internal Network Interface #3 Communication Data / Signaling Internal Network Interface #2 INI-2 INI-1 Provisioning Handover Interface #1 HI-3 Media Content Handover Interface #3 Xcipio INI-3 HI-2 Data / Signaling Handover Interface #2 HI-1 Standards only apply to HI-2 and HI-3 Only exception is PacketCable that also defines INI-2 and INI-3

17 January 23-26, 2007 Ft. Lauderdale, Florida Methods for Lawful Intercept Active Approach Work with the network equipment manufacturers to develop lawful intercept capability in the network elements. Utilize existing network elements for lawful intercept Sometimes serious impact to network performance No need for additional hardware Passive Approach Use passive probes or sniffers as Access Function to monitor the network and filter targets traffic Requires expensive additional hardware No impact to the network performance Hybrid – utilizes both

18 January 23-26, 2007 Ft. Lauderdale, Florida Law Enforcement Agency Service Provider Domain DELIVERY FUNCTION HI-2 Admin (INI-1) VoIP Active Intercept (Cisco SII) HI-3 LI Administration Function XCIPIO Law Enforcement Monitoring Facility Customer Premise IAD Target Subscriber Customer Premise IAD (SIP, H.323, or MGCP based Gateway) SoftSwitch Cisco BTS CMTS Provisioning of Warrant Admin HI-1 Call Control RTP Stream INI-2 Call Control Xcipio LEMF DR-2400 SNMPv3 Request INI-1 Voice Packets INI-3

19 January 23-26, 2007 Ft. Lauderdale, Florida Law Enforcement Agency Service Provider Domain LI Administration Function SoftSwitch Cisco BTS PSTN Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Target Subscriber Law Enforcement Monitoring Facility Media Gateway CMTS XCIPIO SSDF VoIP – Intercept at Trunk/Media Gateway (for Forwarded Calls) Call Control Voice Packets INI-3 Forwarded Call Call to Target Provisioning of Warrant HI-3 INI-1 Call Forward to PSTN HI-2 INI-2 Admin HI-1 HI-2 INI-2 SNMPv3 INI-1 XCIPIO Xcipio LEMF DR-2400

20 January 23-26, 2007 Ft. Lauderdale, Florida Target Subscriber Law Enforcement Agency Service Provider Domain AAA Server Router LI Administration Function Law Enforcement Monitoring Facility Internet Provisioning of Warrant HI-2 INI-1 Admin SNMPv3 Request HI-1 Radius Authenticate XCIPIO INI – 2 IRI HI-3 Intercepted Data – INI-3 Data Stream/IP Access Active Approach to IP Data Intercept

21 January 23-26, 2007 Ft. Lauderdale, Florida Target Subscriber Law Enforcement Agency Service Provider Domain AAA Server Router LI Administration Function Law Enforcement Monitoring Facility Internet Provisioning of Warrant HI-2 INI-1 Admin SNMPv3 Request HI-1 Radius Authenticate XCIPIO INI – 2 IRI HI-3 Intercepted Data – INI-3 Passive Approach to IP Data Intercept INI -1 Provisioning Provisioning Report Intercepted Data INI-3 Data Stream/IP Access

22 January 23-26, 2007 Ft. Lauderdale, Florida A bit about Xcipio

23 January 23-26, 2007 Ft. Lauderdale, Florida Service Provider Domain Law Enforcement Domain The Components of Xcipio Access FunctionDelivery FunctionCollection Function LEA Provisioning Internal Network Interface #1 Media Content Internal Network Interface #3 Communication Data / Signaling Internal Network Interface #2 INI-2 INI-1 Provisioning Handover Interface #1 HI-3 Media Content Handover Interface #3 Xcipio INI-3 HI-2 Data / Signaling Handover Interface #2 HI-1

24 January 23-26, 2007 Ft. Lauderdale, Florida Content Processor processing, routing, replicating, identification, encapsulation, encryption and delivery of content (packet and/or TDM voice) to law enforcement in real-time. The Components of Xcipio Physical Layer Sun servers, Ethernet connectivity, IP packets, switch matrix cards LIS Software release LIS – Lawful Intercept Server Core Software Application - real-time processing - IE-2100 Software module PE-2200 Software module Intercept Engine Call data, call events, signaling Provisioning Element Database, User Interface User Interface Remote or local access to Xcipio CP-2300 Software module Content Processor Filters, encapsulates content (IP, VoIP, TDM, HTTP etc.) Primary Server Passive probe TDM Switch Matrix IP Packet processing LIS: Signaling stacks (SIP,SS7), TCP/IP stacks, error logs, alarms, SNMP, Managed object structure etc. Intercept Engine: Receives call data, call events, network signaling, INI-2 and HI-2 INI-2 HI-2 Provisioning Element: Database, supports User Interface, maintains all warrant information, creates shared memory image of intercept information HI-1 INI-1 HI-3 INI-3

25 January 23-26, 2007 Ft. Lauderdale, Florida Summary SS8 has over 12 years of experience providing Lawful Intercept solutions internationally both directly and through partners. –Current customers include government agencies and carriers that range from very large nationwide carriers to small rural carriers. –We partner with many different network equipment vendors to deliver comprehensive LI solutions. In the US there is a deadline (May 14, 2007) that is approaching quickly and carriers need to address their obligations. –Small carriers seem to be lagging in terms of meeting the deadline so to address that need, SS8 is designing cost effective programs to specifically for small carriers and enterprises. –These programs address short term capital expenditures as well as long term operating costs.

26 January 23-26, 2007 Ft. Lauderdale, Florida Thank You Scott W. Coleman Dir. Of Marketing - LI SS8 Networks


Download ppt "January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept Briefing LI for VoIP, IP Scott W. Coleman Dir. Of Marketing - LI SS8 Networks."

Similar presentations


Ads by Google