Lawful interception and Retained Data Presentazione per l’Osservatorio Sicurezza Anfov Autore:Dionisio Zumerle Technical Officer - ETSI dionisio.zumerle@etsi.org © ETSI 2007. All rights reserved Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Why Lawful Interception implementation in EU 17th January 1995: EU Council of Ministers adopted resolution COM 96/C329/01 on Lawful Interception “The providers of public telecommunications networks and services are legally required to make available to the authorities the information necessary to enable them to investigate telecommunications” Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
What is Lawful interception? A legally sanctioned official access to private communications telephone calls e-mail messages … A security process: a communication service provider collects and provides law enforcement with intercepted communications of private individuals or organizations Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007 Regulators Scenario and actors Correspondent Interception interface Providers Interception Vendors Mediation Vendors target Collection Vendors Handover interface Monitor Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Why standardisation of LI? Easier to define own LI mechanism Guidance is given for network architecture No need to define/invent complete own LI system Less expensive LI products Manufacturers need to develop one basic product National options are additional Intercepted result is meeting international requirements by Law Enforcement Agencies Worldwide input Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Lawful Interception TC in ETSI ETSI/Technical Committee Security (TC SEC) Working Group Lawful Interception (SEC-WGLI) (1997) ETSI/Technical Committee Lawful Interception (TC LI) Established as stand-alone TC in Oct 2002 Meetings Three plenary meetings a year (65-75 participants) Rapporteur meetings on specific technical issues (4 Rapp meetings per year average, 15-25 participants) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007 What does ETSI TC LI do? Cost Political Interception Business Handover Legal Retrieval Analysis process Relations Storage Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Participation in ETSI TC LI Law Enforcement Agencies / Governments organisations NL, UK, DE, AS, S, GR, ES, FR, RU, FIN, IT, NO, CY, HU USA, CA, AU, KR Operators KPN (NL), DT (DE), BT (UK), TeliaSonera (S), Inmarsat, Telenor (NO), UPC, Telecom Italia, Telstra (AU), T-Mobile (DE), Vodafone (DE) Manufacturers (switch) Nokia Siemens Networks, Ericsson, Cisco, Alcatel Lucent, Nortel, Marconi, Motorola Manufacturers (mediation / LEA equipment) Pine Digital Security, Aqsacom, ETI, VeriSign, Siemens, GTEN, Utimaco Safeware, Verint, Detica, NICE Systems, Thales, AREA, ATIS Systems, SS8, Spectronic, Group 2000, ZTE Manufacturers may be active in all areas Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007 LI Handover Interface Handover Interface for Lawful Interception (TS 101 671) Generic flow of information and procedures and information elements Applicable to any future telecommunication network or service Circuit switched and packet data Covered technologies: PSTN/ISDN GSM UMTS (CS) GPRS TETRA wireline NGN (including PES) wireline IMS PSTN simulation Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007 The ETSI LI Model Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Types of Lawful Intercepted data Content of Communication (CC) Information exchanged between two or more users of a telecommunications service Intercept Related Information (IRI) Collection of information or data associated with telecommunication services involving the target identity: communication associated information or data (including unsuccessful communication attempts) service associated information or data (e.g. service profile management by subscriber) location information Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Handover Interface ports (TS 101 671) HI1: for administrative information Request for lawful interception: target identity, LIID, start/duration, IRI or IRI+CC, IRI delivery address, CC delivery address, ... Management information HI2: for delivery of Intercept Related Information All data related to establish the telecommunication service and to control its progress Correlation information HI3: for delivery of Content of Communication Transparent en-clair copy of the communication For each target identity related to an interception measure, the authorized CSP operator shall assign a special Lawful Interception IDentifier (LIID), which has been agreed between the LEA and the CSP. For each activity relating to a target identity a CID is generated by the relevant network element. The CID consists of the following two identifiers: - Network IDentifier (NID), consists of one or both of the following two identifiers: NWO/AP/SvP- identifier (mandatory): unique identification of CSP. Network Element IDentifier (NEID) (optional): the purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc. - Communication Identity Number (CIN): The Communication Identity Number (CIN) identifies uniquely an intercepted communication session within the relevant network element. Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Parameters in IRI records (TS 101 671) LI related identities LIID, target, network operator, network element, call ID, ... Timestamp Intercepted call direction (to / from target) Intercepted call state (in progress, connected) Address: Calling party / Called party / Forwarded-to-party / .. E164, TEL URI, IMSI, IMEI, MSISDN, SIP URI, … Ringing tone duration / conversation duration Type of intercept: PSTN, ISDN, GSM (CS), TETRA, GPRS (PD), UMTS (CS) Supplementary service information Location information National parameters IRI record type (Begin, Continue, End, Report) .... Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Handover of LI via IP Networks TS 102 232-1: Delivery of IP based interception Handover aspects (based on TS 101 671) for IP-based platforms Header added to IRI and CC sent over the HI2 and HI3 interfaces Protocols for transfer of IRI and CC across HO interfaces Other parts define the service-specific IRI data formats Generic header information to be added to HI2 and HI3 traffic LIID Communication Identifier Sequence number Timestamp Payload direction IRI record type (Begin, Continue, End, Report) ... Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
IP Service-Specific Details (SSD) TS 102 232-2: SSD details for E-Mail Services Description for handover of E-mail messages (POP3, IMAP4) TS 102 232-3: SSD for Internet Access Services Description for handover of Internet Access Information and TCP/IP information (DHCP, RADIUS) TS 102 232-4: SSD for Layer 2 Services Description for LI functionality of Layer 2 access TS 102 232-5: SSD for IP Multimedia Services Based on SIP and RTP, and services described by ITU-T H.323, H.248 TS 102 232-6: SSD for PSTN/ISDN Services TS 102 232-7: SSD for Mobile Packet Services (drafting stage) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
SSD for IP multimedia Services TS 102 232 IP HO Family part 02 SSD for E-mail Services part 03 SSD for Internet Services part 04 SSD for Layer-2 Services part 05 SSD for IP multimedia Services part 06 SSD for PSTN/ISDN Services SSD for Mobile Services Application part 07 Presentation Generic Headers Handover manager Delivery session Transport layer Network layer Session Transport Network and below Delivery network TS 102 232-1 Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Reference model for LI in IP networks (TR 102 528) (ETSI TR 102 528) CSP Domain HI LEA Domain (ETSI TR 102 528) HI1 LI Administration Function Authorisation (AF) authority / Law INI1b INI1a INI1c Enforcement Intercept Related Agency Information Internal INI2 Interception Function (IRI - IIF) CCTI Content of Lawful Communication Interception Law Trigger Function Mediation Enforcement (CCTF) Agency Function CCCI HI2 (MF) (IRI) Content of INI3 Communication HI3 Internal Interception (CC) Function (CC - IIF) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
LI scenario on a VoIP MM platform (TR 102 528) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Basic IP Multimedia message exchange (TR 102 528) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
General on security of LI Protection of Target information Protection of Rooms, Systems, Connections, Signalling Local staff Only authorised personnel has knowledge that interception has been activated on a target Target Target should not be able to detect that interception is taking place Other parties Other parties of any telecommunications service should not be able, by any means, to detect that any interception facility has been (de)activated or that interception is taking place DTR/LI-00044 Security framework in Lawful Interception and Retained Data environment Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
LI specifications in 3GPP and TISPAN TS 133 106 (3GPP TS 33.106) Lawful interception requirements provides basic interception requirements partly based on ETSI TS 101 331 TS 133 107 (3GPP TS 33.107) Lawful interception architecture and functions TS 133 108 (3GPP TS 33.108) Handover interface for Lawful Interception TS 187 005 NGN Lawful Interception; Lawful Interception functional entities, information flow and reference points Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007 Retained Data in EU 15th of March 2006: the European Parliament and the Council of the European Union adopted Directive 2006/24/EC on Data Retention “Data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks need to be retained” Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007 Relation of RD to LI Retention of Data is similar to LI Process of providing information on private communications Legally sanctioned Concerns stored traffic, rather than traffic in transit (LI) In ETSI, the stakeholders are the same Regulators LI equipment vendors Telecom equipment vendors Communication Service Providers Similar technology and protocols Similar EU Regulatory framework Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Applicability of the Directive The content of the communication (CC) is not part of the directive only signaling (IRI) Storage of all types of communication: Wireline Wireless Internet services Successful AND unsuccessful communication attempts Provided data must identify: source of a communication destination of a communication date, time and duration of a communication the type of communication users' communication equipment location of mobile communication equipment Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Retained Data Handover Interface Handover Interface HI-A administrative Requesting Authority / Law Enforcement Agency Communication Service Provider Handover Interface HI-B transmission RD material Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Retained Data Handover Protocol CSP Successful delivery LEA REQUEST: Request for Retained Data (HI-A) REQ(ACK): Acknowledge request (HI-A) Results of RD request (HI-B) RESPONSE: confirm results have been sent (HI-A) RES(ACK): Acknowledge Res message (HI-A) Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Modular approach Framework standard Message sets for request and delivery Secure and reliable transport Annex: PSTN Annex: GSM Annex: Internet access services Annex: Multi-media services … Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Actual RD working/study issues in TC LI ETSI TS 102 656 (to be published) Requirements of LEAs for handling Retained Data guidance and requirements for the delivery and associated issues of retained data of telecommunications and subscribers set of requirements relating to handover interfaces for retained data requirements to support the implementation of Directive 2006/24/EC ETSI TS 105 601 (to be published) Handover interface for the request and delivery of retained data handover requirements and handover specification for the data that is identified in EU Directive 2006/24/EC on retained considers both the requesting of retained data and the delivery of the results defines an electronic interface Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007
Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007 More information http://portal.etsi.org/li http://www.etsi.org/WebSite/Technologies/LawfulInterception.aspx L i Osservatorio Sicurezza ANFOV - Milano, 14 Novembre 2007