Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lawful Intercept Briefing

Published byJacob Weber Modified over 10 years ago

Similar presentations

Presentation on theme: "Lawful Intercept Briefing"— Presentation transcript:

1

2 Lawful Intercept Briefing
LI for VoIP, IP Scott W. Coleman Dir. Of Marketing - LI SS8 Networks

3 SS8 Networks Overview Privately held company with 20+ years of operating history 12 years providing Law Intercept solutions Headquartered in San Jose, CA Market leader in lawful intercept delivery function solution 250 worldwide service provider customers OEM relationship with some of the largest equipment vendors (Lucent, Nortel, Alcatel) Partnerships with many equipment providers (Juniper, AcmePacket, NexTone, Sylantro, Cisco, Samsung)

4 What is Lawful Intercept?
The targeted intercept of voice and data services, by a service provider on the behalf of Law Enforcement, when authorized by a court Uses: Criminal - Investigation and Prosecution of criminal activity Intelligence Gathering - Investigation of individuals for Homeland security, anti-terrorism and other threats Tightly controlled in both approval and operation

5 CALEA – Areas of Responsibility
Passes Legislation (CALEA) Congress Arbitrator between Law Enforcement and service providers Tasked with enforcement and implementation Dept of Justice FCC FBI Carriers Required to implement CALEA solution in their networks. Industry Standards Body Standards include: J-STD-025A, B PacketCable, T1.678, T1.IPNA Equipment providers

6 Regulatory Events 2004 FBI, DOJ, DEA file joint petition asking FCC to clarify implementation of CALEA for Broadband and VoIP providers. “Information Services” VoIP in Cable environments August 2005 FCC issued “First Report and Order” deeming that “Facilities based broadband and inter-connected VoIP providers” must provide CALEA support within 18 months of the Order. May 2006 FCC issued “Second Report and Order” confirming that there would be no extensions and or exceptions June 9th, lawsuit on behalf of Service providers seeking to stall or alter the FCC report was denied by the DC Circuit Court 105 Filing – Security Policy and Procedure – March 12, 2007 Monitoring Reports – February 12, 2007 Compliance deadline of May 14th 2007 Solution Certification – FBI/CIU

7 Types and Quantities of Warrants
Subpoena Call records (copies of phone bills). Up to 2 million of these are done on an annual basis. Pen Register or Trap and Trace Real time delivery of call data only (off-hook, ringing, answer, disconnect, call forward, hookflash etc.) Far fewer done than the subpoenas for call records (130,000) Title III Call Content included. Only 2600 done per year Only approved after a true need is demonstrated to the judge. Quite expensive for Law Enforcement. Monitored live 24 hours a day Ground team surveilling the target

8 CALEA Report Requirements for Congress
Department of Justice - CALEA Audit Report DOJ Inspector General – April Department of Justice - FISA DOJ Attorney General Report - April Federal and State LEA Admin. Office of US Courts – Wiretap Report - April Congress

9 Intercept Statistics 2004 Authorized Intercept Orders: 1,710
Federal: State: 980 Four states accounted for 76% of intercept orders Average duration of 43 days Longest was 390 days 88% for portable devices (94% telephonic) Average cost of $63,011 Foreign Intelligence Surveillance Act: 1,754 orders approved New York - 347 California – 144 New Jersey - 144 Florida - 72

10 Intercept Applications by Offense Type
.

11 How is Lawful Intercept performed?
Identify the user Determine the target identifier (phone number, address, IP address etc.) Wait for authentication When the target utilizes the network they must be authenticated. Watch for that event. Find the edge When the target authenticates, find the edge device closest to the target (so as not to miss any peer-to-peer transactions) and obtain a copy of the target’s communications.

12 Lawful Intercept Network Architecture
Service Provider Domain Access Function Delivery Function Collection Function Law Enforcement Domain Provisions the access functions with target identifying information Receives copies of target ‘s traffic Correlates and converts raw target traffic to standards based interface towards LEA SBC Recording and storage of intercepted traffic Analysis tools to track, correlate and interpret intercepted traffic Phone switches Access elements that provide connectivity to target’s voice & data communications Identifies and replicates target’s traffic PSTN switches, SBC, routers, BRAS SS8 passive probe LEA Raw Network Data Xcipio VoIP Call Agent Routers, data switches Standards Based Delivery (J-STD, ETSI, PacketCable) Passive probe

13 Standards

14 Standards Impact: Defined the components:
Access Function (AF), Delivery Function (DF), Collection Function (CF) Defined the demarcation points and the need for interfaces Created an environment where customization was reduced and reproducible products could be built. Standards in common use in the U.S.: J-STD-25A – Punchlist J-STD-25B – CDMA2000 wireless data PacketCable – VoIP for Cable networks T1.678 – VoIP for wireline, PTT, PoC ETSI – GPRS wireless data ATIS – T1.IPNA – ISP data (brand new) International standards in common use: ETSI – GPRS wireless data ETSI – TDM voice ETSI , , – ISP Data intercept ( , IP packets)

15 Defining the Interfaces
Service Provider Domain Access Function Delivery Function Collection Function Law Enforcement Domain Phone switches SBC Provisioning Internal Network Interface #1 Provisioning Handover Interface #1 INI-1 HI-1 LEA Raw Network Data Xcipio VoIP Call Agent INI-2 Communication Data / Signaling Internal Network Interface #2 HI-2 Data / Signaling Handover Interface #2 Routers, data switches Standards Based Delivery (J-STD, ETSI, PacketCable) HI-3 INI-3 Media Content Handover Interface #3 Media Content Internal Network Interface #3 Passive probe

16 Applying Standards Service Provider Domain Access Function Delivery Function Collection Function Law Enforcement Domain Only exception is PacketCable that also defines INI-2 and INI-3 Provisioning Internal Network Interface #1 Provisioning Handover Interface #1 INI-1 HI-1 LEA Xcipio INI-2 Communication Data / Signaling Internal Network Interface #2 HI-2 Data / Signaling Handover Interface #2 At this point we have seen where Xcipio fits in the architecture. And we’ve seen what the standard connections are between the network elements (Access Functions) are Xcipio (CLICK) And we’ve seen what the standard connections from Xcipio to Law Enforcement are (CLICK) Now lets look at Xcipio itself and look at the hardware, software and licenses that it is comprised of (CLICK) HI-3 INI-3 Media Content Handover Interface #3 Media Content Internal Network Interface #3 Standards only apply to HI-2 and HI-3

17 Methods for Lawful Intercept
Active Approach Work with the network equipment manufacturers to develop lawful intercept capability in the network elements. Utilize existing network elements for lawful intercept Sometimes serious impact to network performance No need for additional hardware Passive Approach Use passive probes or sniffers as Access Function to monitor the network and filter target’s traffic Requires expensive additional hardware No impact to the network performance Hybrid – utilizes both

18 VoIP Active Intercept (Cisco SII)
Service Provider Domain Law Enforcement Agency LI Administration Function Admin HI-1 Provisioning of Warrant SoftSwitch Cisco BTS Law Enforcement Monitoring Facility Admin (INI-1) XCIPIO HI-2 INI-2 DELIVERY FUNCTION HI-3 Call Control Call Control SNMPv3 Request INI-1 Voice Packets INI-3 Xcipio LEMF DR-2400 Target Subscriber CMTS CMTS RTP Stream Customer Premise IAD Customer Premise IAD (SIP, H.323, or MGCP based Gateway)

19 VoIP – Intercept at Trunk/Media Gateway (for Forwarded Calls)
Service Provider Domain LI Administration Function SoftSwitch Cisco BTS PSTN Customer Premise IAD (SIP, H.323, or MGCP based Gateway) Target Subscriber Law Enforcement Monitoring Facility Media Gateway CMTS XCIPIO SSDF Law Enforcement Agency Provisioning of Warrant Admin HI-1 Call Forward to PSTN HI-2 INI-2 INI-1 XCIPIO HI-2 INI-2 HI-3 Call Control SNMPv3 INI-1 Voice Packets INI-3 Xcipio LEMF DR-2400 Call to Target Forwarded Call

20 Active Approach to IP Data Intercept
Service Provider Domain Law Enforcement Agency LI Administration Function Provisioning of Warrant HI-1 Law Enforcement Monitoring Facility AAA Server INI-1 Admin XCIPIO INI – 2 IRI HI-2 HI-3 Authenticate Radius SNMPv3 Request Intercepted Data – INI-3 Internet Router Target Subscriber Data Stream/IP Access

21 Passive Approach to IP Data Intercept
Service Provider Domain Law Enforcement Agency LI Administration Function Provisioning of Warrant HI-1 Law Enforcement Monitoring Facility AAA Server INI-1 Admin XCIPIO INI -1 Provisioning INI – 2 IRI HI-2 Provisioning Report Intercepted Data INI-3 HI-3 Authenticate Radius SNMPv3 Request Intercepted Data – INI-3 Internet Router Target Subscriber Data Stream/IP Access

22 A bit about Xcipio

23 The Components of Xcipio
Service Provider Domain Access Function Delivery Function Collection Function Law Enforcement Domain Provisioning Internal Network Interface #1 Provisioning Handover Interface #1 INI-1 HI-1 LEA Xcipio INI-2 Communication Data / Signaling Internal Network Interface #2 HI-2 Data / Signaling Handover Interface #2 At this point we have seen where Xcipio fits in the architecture. And we’ve seen what the standard connections are between the network elements (Access Functions) are Xcipio (CLICK) And we’ve seen what the standard connections from Xcipio to Law Enforcement are (CLICK) Now lets look at Xcipio itself and look at the hardware, software and licenses that it is comprised of (CLICK) HI-3 INI-3 Media Content Handover Interface #3 Media Content Internal Network Interface #3

24 The Components of Xcipio
Provisioning Element: Database, supports User Interface, maintains all warrant information, creates shared memory image of intercept information User Interface Remote or local access to Xcipio Intercept Engine: Receives call data, call events, network signaling, INI-2 and HI-2 LIS: Signaling stacks (SIP,SS7), TCP/IP stacks, error logs, alarms, SNMP, Managed object structure etc. INI-1 Provisioning Element Database, User Interface HI-1 PE-2200 Software module INI-2 Intercept Engine Call data, call events, signaling HI-2 Content Processor processing, routing, replicating, identification, encapsulation, encryption and delivery of content (packet and/or TDM voice) to law enforcement in real-time. IE-2100 Software module LIS – Lawful Intercept Server Core Software Application - real-time processing - LIS Software release Primary Server Physical Layer Sun servers, Ethernet connectivity, IP packets, switch matrix cards IP Packet processing (CLICK) The primary element of the Xcipio solution, at the physical layer, is a Sun server called the Primary Server. There are other hardware elements and we will get to them shortly. The Primary Server is the main command and control platform for the whole solution. (Click) On this platform runs the core software application LIS (Lawful Intercept Server). LIS performs core functionality like maintaining TCP/IP stacks, errors, alarms, SNMP interfaces, logging, signaling stacks etc. This layer is built on the original SS7 real-time, carrier class switching and signaling application. We have leveraged our own product, that has been deployed in xxx countries by xxx vendors in over xxx networks, in order to build our LI application. The heritage of this real-time robust application development environment has made Xcipio the carrier class product it is today. (click) LIS has 3 components, this first of these is the IE-2100 (the Intercept Engine). The Intercept Engine is tasked with processing signaling events, call data events. And if you remember back to the different interfaces that exist in a LI solution (INI-1, HI-2 etc.), the IE-2100 is responsible for maintaining INI-2 and HI-2 (Click) The second component of LIS is the Provisioning Element (click) The Provisioning Element maintains the database, supports the User interface and is the entry point for all intercept information. It also copies intercept information into shared memory (more on that later). And just like the Intercept Engine, the Provisioning Element is also responsible for INI and HI interfaces: INI-1 and HI-1 (click) The third component of LIS is the CP-2300 (Content Processor) (click) The Content Processor is responsible for getting the content of the communication session (VoIP, Wireless data, ISP, Voice etc.) from the network to the LEA. It is responsible for the last set of interfaces: INI-3 and HI-3 (click) The CP-2300 also introduces some additional hardware to the Physical layer. The first of these is another Sun server that does Packet processing. (click) This Sun server functions as a CP-2300 and handles all IP traffic (VoIP, RTP, HTTP, HTML etc.). The second possible CP-2300 hardware element is TDM switch matrix (click) This product allows TDM voice (wireless or wireline) to be delivered to Law Enforcement. This product comes in different configurations and scales from 1x1 to 8x8. The last type of CP-2300 is the ASX-2500 probe. (click) While normally used as an Access Function it can also be used to deliver content directly to the LEA. In addition to the Primary The physical layer of Xcipio is made up of one or more Sun servers, Ethernet connectivity, depending on the network and the configuration. Passive probe TDM Switch Matrix CP-2300 Software module Content Processor Filters, encapsulates content (IP, VoIP, TDM, HTTP etc.) INI-3 HI-3

25 Summary SS8 has over 12 years of experience providing Lawful Intercept solutions internationally both directly and through partners. Current customers include government agencies and carriers that range from very large nationwide carriers to small rural carriers. We partner with many different network equipment vendors to deliver comprehensive LI solutions. In the US there is a deadline (May 14, 2007) that is approaching quickly and carriers need to address their obligations. Small carriers seem to be lagging in terms of meeting the deadline so to address that need, SS8 is designing cost effective programs to specifically for small carriers and enterprises. These programs address short term capital expenditures as well as long term operating costs.

26 Thank You Scott W. Coleman Dir. Of Marketing - LI SS8 Networks

Download ppt "Lawful Intercept Briefing"

Similar presentations

January 23-26, 2007 Ft. Lauderdale, Florida VoIP Conversation Recording Methods and Applications Andrew Blakely.

January 23-26, 2007 Ft. Lauderdale, Florida VoIP Conversation Recording Methods and Applications Andrew Blakely.
VoIP PRESENTATION BY HÜSEYİN SAVRAN 220702044. OUTLINE PSTN an brief history of telephone.

VoIP PRESENTATION BY HÜSEYİN SAVRAN OUTLINE PSTN an brief history of telephone.
Company Overview Beox Communications is a global communications service provider founded in 2004. Based in USA with branches in UK and Turkey. Beox Communications.

Company Overview Beox Communications is a global communications service provider founded in Based in USA with branches in UK and Turkey. Beox Communications.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Figure 7-1 Softswitch Components Signaling Gateway Feature Server Softswitch Universal Media Gateway SGCP SIP MGCP MGCP (Media Gateway Control Protocol)

Figure 7-1 Softswitch Components Signaling Gateway Feature Server Softswitch Universal Media Gateway SGCP SIP MGCP MGCP (Media Gateway Control Protocol)
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
David Reed Chief Strategy Officer, CableLabs June 8, 2004

David Reed Chief Strategy Officer, CableLabs June 8, 2004
Traffic Analyst Complete Network Visibility. © 2013 Impact Technologies Inc., All Rights ReservedSlide 2 Capacity Calibration Definitive Requirements.

Traffic Analyst Complete Network Visibility. © 2013 Impact Technologies Inc., All Rights ReservedSlide 2 Capacity Calibration Definitive Requirements.
An Introduction to the Max PVN. 2 Net2Phone Overview.

An Introduction to the Max PVN. 2 Net2Phone Overview.
1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.

1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.
EduCause LI Overview February 2007

EduCause LI Overview February 2007
Telephony Troubleshooting in the Home

Telephony Troubleshooting in the Home
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010.

Lawful Interception & Packet Forensics Analysis System Casper Kan Chang Decision Group June 2010.
Total LI Compliance using Turn-key Applications and Solutions Rami Mittelman V.P. Product Marketing.

Total LI Compliance using Turn-key Applications and Solutions Rami Mittelman V.P. Product Marketing.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.

SIP Trunking and the SMB Jason Walker Cbeyond. Cbeyond Solution Productivity Enhancing Applications for Entrepreneurial Business –Voice & Broadband –Mobile.
SS8 Lawful Intercept Briefing

SS8 Lawful Intercept Briefing

Similar presentations

Ads by Google