January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept in VoIP Networks Manohar Mahavadi Vice President, Software Engineering Centillium Communications.

Slides:

Advertisements

Similar presentations

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

Advertisements

Mr. Thilak de Silva. BSc. Eng., MSc, CEng, FIE(SL), FIET(UK), CITP(UK), MBCS(UK), MIEEE (USA) M.Sc. in IT - Year 1 Semester II

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.

EduCause LI Overview February 2007

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

Voice over IP Fundamentals

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

1 © 2000, Cisco Systems, Inc. CALEA_NANOG_2000_0611.ppt Impact of CALEA on Network Operators What it is and what it ain’t Chip Sharp Cisco System, Inc.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.

Why Converged Networks Make Sense: VoIP a First Step July 26, 2006.

Module 3.4: Switching Circuit Switching Packet Switching K. Salah.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Data Communications Circuit Switching. Switching Networks Long distance transmission is typically done over a network of switched nodes Nodes not concerned.

EE 4272Spring, 2003 EE4272: Computer Networks Instructor: Tricia Chigan Dept.: Elec. & Comp. Eng. Spring, 2003.

EE 4272Spring, 2003 Chapter 9: Circuit Switching Switching Networks Circuit-Switching Networks Circuit-Switching Concept  Space-Division Switching  Time-Division.

Chapter 12: Circuit Switching and Packet Switching

Telecommunication and Networks

VoIP By Godson Gera. Introduction Basic electronic communication system History of electronic communication Introduction to VoIP Benefits of VoIP Detailed.

Scott Hoffpauir BroadSoft, Inc. Vice President, Engineering OPENSIG October 15, 1999 The Enhanced Services Layer in a Distributed Packet Network.

Signaling interworks in PSTN and Voice-over-IP networks

COMPUTER NETWORKS.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Presented by Zhi-Hong Guo Instructed by Assistant Professor Quincy Wu

January 23-26, 2007 Ft. Lauderdale, Florida Integrating Your IP PBX with an ITSP Leveraging SIP Trunking for Broadband Services John Blasko Vice President.

DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.

Signaling and Switching Chapter 6. Objectives In this chapter, you will learn to: Define modulation and explain its four basic versions Explain the different.

Session Initiation Protocol Team Members: Manjiri Ayyar Pallavi Murudkar Sriusha Kottalanka Vamsi Ambati Girish Satya LeeAnn Tam.

SIGNALING. To establish a telephone call, a series of signaling messages must be exchanged. There are two basic types of signal exchanges: (1) between.

Agenda Welcome – Don Welch Introduction to CALEA – Mary McLaughlin Non-CALEA Assistance Obligations – Beth Cate CALEA Update – Matt Brill Making the Compliance.

CALEA Market Overview Robert Golden Chief Research Officer Merit Network CALEA and Beyond January 31, 2007.

CALEA Discussion Internet2 Joint Techs July 19, 2006 Doug Carlson Executive Director, Communications & Computing Services New York University

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Introduction Slide 1 A Communications Model Source: generates.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Copyright © 2003, SS8 Networks, Inc. Proprietary. Do Not Copy or Distribute Without Permission. Emergency Services & Regulatory Compliance Internet Telephony.

Introduction to SIP Based ENUM IP Telephony Infrastructure 資策會網路及通訊實驗室 Conference over IP Team 楊政遠博士

© Copyright 2007 Arbinet-thexchange, Inc. All Rights Reserved. VoIP Peering Pilot Using the Internet2 Backbone.

CALEA Communications Assistance for Law Enforcement Act October 20, 2005.

CALEA and J-STD-025 revisions. CALEA  Communications Assistance for Law Enforcement Act (1994)  Standardized access to telecommunications systems using.

CSCI 465 D ata Communications and Networks Lecture 13 Martin van Bommel CSCI 465 Data Communications & Networks 1.

Sridhar Ramachandran Chief Technology Officer Core Session Controller.

William Stallings Data and Computer Communications Chapter 9 Circuit Switching.

TELEPHONE NETWORK Telephone networks use circuit switching. The telephone network had its beginnings in the late 1800s. The entire network, which is referred.

CALEA Communications Assistance for Law Enforcement Act Current Campus Perspective of Implementation Issues November 17, 2005 Doug Carlson – New York University.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

CALEA IMPLEMENTATION IN VoIP NETWORKS By Cemal Dikmen, Ph.D. General Manager Lawful Intercept Products SS8 Networks, Inc. Thursday - 02/24/05, 8:15-9:00am.

William Stallings Data and Computer Communications

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

EEC4113 Data Communication & Multimedia System Chapter 7: Network Layer by Muhazam Mustapha, October 2011.

John Morris 1 Hot Topic - IP Services Wiretapping the Internet EDUCAUSE Policy Conference May 20, 2004 John Morris, Center for Democracy and Technology.

CALEA General Session February 6, CALEA Communications Assistance for Law Enforcement Act Basic purpose: to provide an easier way for Law.

DECISION Group Inc.. Decision Group Monitoring Center Solution on Internet Access for LEA or Intelligence.

Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 5 – VoIP and the OSI Model.

S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,

Mr. Sathish Kumar. M Department of Electronics and Communication Engineering I’ve learned that people will forget what you said, people will forget what.

Circuit Switched vs. Packet Switched Technology. Old Technology vs. New Technology.

سمینار تخصصی What is PSTN ? (public switched telephone network) تیرماه 1395.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Muhammad Waseem Iqbal Lecture # 20 Data Communication.

VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.

MISY 3312: Introduction to Telecommunications Summer 2012 VoIP

IP Telephony (VoIP).

How Does Electronic Surveillance Work Legally?

Introduction to Networking

Intercepting Communications

William Stallings Data and Computer Communications

Chapter 12: Circuit Switching and Packet Switching

Lawfully Authorized Electronic Surveillance (LAES)

Presentation transcript:

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept in VoIP Networks Manohar Mahavadi Vice President, Software Engineering Centillium Communications Inc. Fremont, California

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – Introduction Omnibus Crime Prevention and Safe Streets Act of 1968 –Title III legalizes law enforcement wiretaps in criminal investigations Foreign Intelligence Surveillance Act of 1978 (FISA) –Wiretapping in advance of a crime being perpetrated The Electronic Communications Privacy Act of 1986 (ECPA) –Sets standards for access to cell phones, and other electronic communications and transactional records (subscriber identifying information, logs, toll records) Communications Assistance for Law Enforcement Act of 1994 (CALEA) –Preserve law enforcement wiretapping capabilities by requiring telephone companies to design their systems to ensure a basic level of government access H.R.3162 (The PATRIOT Act of 2001) –Post 9/11 –Expands the scope of Title III wiretaps and FISA to include computer fraud, abuse, etc.

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – CALEA (U.S.) What is CALEA? –Defines the obligations of telecom carriers to assist law enforcement agencies (LEAs) in electronic surveillance pursuant to lawful authorization –Requires carriers to design and modify their systems to ensure that electronic surveillance can be performed –Communications infrastructure should be made wiretap-ready – call forwarding, caller ID, conferencing, etc. Progress –The last decade has seen a lot of evolution of regulations backed by the FBI, FCC, DOJ, DEA –Broadened to cover many new technology solutions such as push-to-talk, SMS messaging, chat sessions, etc. for a list of standards

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception PSTN world wiretapping –Dedicated connection – point-to-point –Dedicated resources for the call duration –Voice routed using mechanical switches or line connectivity tables –Wiretapping in local loop or at the local exchange Packet world wiretapping –Shared transmission medium: Packets contain addresses not tied to a location –Routing is dynamic and can take multiple paths –Many applications traverse the same transmission path –Decentralized VOP (SBCs, gateways, proxies, routers, switches, etc.) makes it difficult for wiretapping –Requires cooperation from infrastructure device vendors

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – Terminology LAES: Lawfully authorized electronic surveillance LEA: Law enforcement agency –A government entity authorized to conduct LAES (FBI, police, DEA, etc.) CC: Call content (payload of multi-media packets) CCC: Call content channel CII: Call-identifying information or call data (CD) –Signaling or dialing information that identifies origin, direction, destination or termination generated or received by a subscriber CDC: Call data channel

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – Terminology IAP: Intercept access point –A point within a telecommunications system or VOP network where some of the communications or CII of an intercept subject’s equipment, facilities or services are accessed Intercept subject: Subscriber whose communications, CII or both have been authorized by a court to be intercepted, monitored and delivered to an LEA Associate: The called party in the conversation TSP: Telecommunications service provider

January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Model Lawful Authorization Service Provider Administration Law Enforcement Administration Delivery Function Access Function Collection Function TSP LEA CII CC VoP Signaling

January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Model Access function (AF) –One or more IAPs Delivery function (DF) –CCCs and CDCs Collection function (CF) –Collecting and analyzing intercepted communications Service provider administration function (SPAF) –Controlling the TSP access and delivery functions Law enforcement administration function (LEAF) –Controlling the LEA collection function Mediation function (MF) –Presentation of data (CC or CII) to DF (VoIP→TDM or VoIP → VoIP)

January 23-26, 2007 Ft. Lauderdale, Florida LI – Functional Architecture CII AF CC AF CC MF CII MF CC DF CII DF Terminal LEA-CF Subject’s Domain Network’s Domain LEA’s Domain VoP Signaling VoP IAP VoP VoP, TDM VoP/Network Signaling VoP

January 23-26, 2007 Ft. Lauderdale, Florida LI – Functional Architecture 7 1 CC/CII 7 1 DF App CF App Delivery Method Delivery Method OSI Stack A-PDU Delivery Function Collection Function CCC and CDC should be separate channels CCC and CDC can share same medium

January 23-26, 2007 Ft. Lauderdale, Florida LI – Intercept Access Points Physical locations on the network from where the CC or CII is delivered to delivery function –Can be in multiple locations –CII and CC IAPs can be co-located Call identifying information IAP –CII directly associated with the call Management of an existing call between intercept subject and associate(s) (establishing, managing and releasing) –CII indirectly associated with the call ServingSystem message: Register or deregister addressing info Call content IAP

January 23-26, 2007 Ft. Lauderdale, Florida - Access Router - Border Router VOIP Phone Alice VOIP Phone Bob Bob’s VOIP SP Alice’s VOIP SP VOIP Conversation Transport ISP A Transport ISP B Transport ISP C Transport ISP D R1 R2 Call Setup VoIP SPs first enable setup VoIP calls directly take place Preferred wiretaps – R1 and R2 R1/R2 should be configured to tap Single SP makes life easier LI – Intercept Access Points Courtesy: Ref[1]

January 23-26, 2007 Ft. Lauderdale, Florida LI – Intercept Access Points Media gateways Session border controllers Access routers Signaling proxies CII and CC are typically delivered over secure channels to LEA

January 23-26, 2007 Ft. Lauderdale, Florida LI on TDM_PKT_CHANNEL LI - TDM Enc/Dec DSP NP NP Packetizer UnPacketizer B IP Phone TDM_PKT _CHANNEL A Legacy Phone EC TAP TRAFFIC COMING TO PKT LI - PKT NP Packetizer TAP TRAFFIC COMING FROM PKT NP Packetizer

January 23-26, 2007 Ft. Lauderdale, Florida LI on PKT_PKT_CHNL Encoder Decoder DSP NP Packetizer UnPacketizer A IP Phone Encoder Decoder DSP NP Packetizer UnPacketizer B IP Phone Encoder DSP NP Packetizer LI-A Encoder DSP NP Packetizer LI-B

January 23-26, 2007 Ft. Lauderdale, Florida LI – TDM_PKT_CONF_CHNL LI Model with Conferencing Courtesy: [4]

January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Events Information events –Call-control related events Answer: Call accepted Origination: Subject initiated a VoP session Release: Session released along with resources Termination attempt: Session termination requested –Signaling events Dialed digit extraction: Digits dialed after a call is connected Direct signal reporting: Signaling from and to intercept subject Network signal: Tone or message indicating CII (busy, ringing, etc.) Subject signal: Call waiting, forwarding, etc.

January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Events Information events –Feature use events Change Connection Connection break Redirection –Registration events Address registration Content events –CCChange: Media characteristics established or modified –CCClose: CC delivery is disabled –CCOpen: CC delivery is enabled –CCUnavailable: Network loses access for the call under interception

January 23-26, 2007 Ft. Lauderdale, Florida LI Challenges Security vs. CALEA requirements –Security ensures privacy, packet integrity, authenticity and non-repudiation –CALEA requires intercepted packets are not secured –SRTP and secured SIP with end-to-end security poses challenge –Peer-to-peer VoIP communication with security enabled prevents interception –Secured traffic needs to be decrypted and re-encrypted for interception Security Association termination and re-initiation –Key distribution or sharing with LEA

January 23-26, 2007 Ft. Lauderdale, Florida LI Challenges Channel capacity affected if channel duplication is required Design should consider requirements for extra performance Should support all call models like Forking, Handoff, etc. Should support all codecs in use Requires additional interface support

January 23-26, 2007 Ft. Lauderdale, Florida References [1] Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP, Steve Bellovin, et al, June 13, 2006 [2] Electronics Surveillance Needs for Carrier-Grade Voice Over Packet (CGVoP) Service, FBI Document for CALEA [3] Lawfully Authorized Electronic Surveillance (LAES) for voice over Packet Technologies in Wireline Telecommunications Networks ANSI T1.678.xxxx [4] 05/2000, TIA/EIA/J-STD-025 Lawfully Authorized Electronic Surveillance, revision A: updated [5] 09/200, TIA/EIA/J-STD-025 Lawfully Authorized Electronic Surveillance, updated [6] [7]