Presentation is loading. Please wait.

Presentation is loading. Please wait.

EduCause LI Overview February 2007

Published byCamille Buttrey Modified over 8 years ago

Similar presentations

Presentation on theme: "EduCause LI Overview February 2007"— Presentation transcript:

1 EduCause LI Overview February 2007
Craig Mulholland

2 Disclaimers It is Cisco's intent to support its customers by developing products that will help them meet the requirements of the law Customers are strongly advised to seek qualified legal counsel to advise them about the extent of their obligation under Lawful Intercept regulations and laws in each country in which they operate The Contents of this Presentation Do Not Constitute Legal Advice nor Does Cisco Guarantee the Accuracy or Completeness of Such Information

3 Agenda Regulatory Changes
T1.IAS - Lawful Intercept for Internet Access and Services (IAS) (US only) Implementation Options Service Independent Intercept (SII) Architecture

4 Regulatory Changes

5 Regulatory Changes United States (US) – Compliance Deadline:
24 September 2005 – FCC issued First Order – CALEA applies to interconnected VoIP and facilities-based Broadband Internet Access 3 May 2006 – FCC issued Second Order – defers definitions to standards, affirms deadline 5 May 2006 – Appeals court oral arguments on First Order 9 June 2006 – Appeals court affirmed FCC decision to apply CALEA to interconnected VoIP and facilities-based broadband Compliance Deadline: 14 May 2007

6 Regulatory Changes

7 LI Architecture Requirements
Service Provider must be able to provide: Communication-Identifying Information (CmII) Dialed Digits (Voice Calls) Subject login (data) Network Addresses (& ports??) (data) Content of Communication (CC) Audio Content of Voice Call Packets to/from subject Must be able to correlate Communication Identifying Information with Content of Communication

8 T1.IAS Lawful Intercept for Internet Access and Services

9 T1.IAS Lawful Intercept for Internet Access and Services (IAS)
Issue S086 - Ballot Closed 11/14/2006 13 “YES” Votes - 8 with comments 3 “NO” Votes 3 abstentions Interim Meeting Austin, November to resolve Ballot comments Law Enforcement “NO” votes unresolved - “buffering issue” Default Ballot recommended at close of meeting Default Ballot closed in January 1 “Yes” vote changed to “No” 1 “No” vote changed to “Yes” Comment resolution scheduled for February meeting

10 T1.IAS T1.IAS divides the subject’s session into two states
The “Access Session” state - logon, logoff, and failure or rejection events during the logon process The “Packet Session” state - subject has been granted access to the Internet and is ready to transfer data Not all networks can report all events, eg. “always on” scenarios may not be able to report some access events

11 What is Communication Identifying Information (CmII) for Internet Access??
Access Session Events – Access Attempt, Access Accepted, Access Failed, Access Session End, Access Rejected, Access Signaling Message Report Packet Session Events - Packet Data Session Start, Packet Data Session Failed, Packet Data Session End, Packet Data Session Already Established, Packet Data Header Report, Packet Data Summary Report Packet Data Header Report, and Packet Data Summary Report are used to report Packet Header information for Internet sites visited by the subject

12 T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI IRI Access Attempt: Case ID, IAP, Time, Subscriber ID Access Request Target Subscriber Aggregation Router Data Stream

13 T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI IRI Access Accepted: Case ID, IAP, Time, Subscriber ID, Access Session ID Target Subscriber Access Accept Aggregation Router Data Stream

14 T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI Intercept Request Intercepted Data Packet Data Session Start: Case ID, IAP, Time, Subscriber ID, Packet Session ID, IP Address Target Subscriber Aggregation Router Data Stream

15 T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI Packet Data Header Report: Case ID, IAP, Time, Packet Session ID, IP Packet Headers Intercept Request Intercepted Data Target Subscriber OR Packet Data Summary Report: Case ID, IAP, Time, Packet Session ID, IP Packet Header Summary reports Aggregation Router Data Stream

16 T1.IAS - Communication Identifying Information (CmII)
AAA Server (Cisco Access Registrar, Other) Collection Function LEA Mediation Device IRI CC Intercept Request Intercepted Data Content Delivery, if authorized Target Subscriber Aggregation Router Data Stream

17 T1.IAS - Issues $$ Buffering/Short term Storage – Law enforcement has requested buffering and file management, not included in standard - Alternate standard for buffering in progress IP Packet Headers – port numbers required as a result of ballot comment resolution

18 Implementation Options

19 Passive Equipment Involves placement of new equipment in strategic locations in the network to access ‘signaling’ and ‘content’ information of interest. Pros: Does not require changes to existing network element hardware and/or software Cons: Additional equipment required. Amount of equipment required can be reduced by physically moving equipment, as required. Additional O&M costs Not capable of intercepting information that remains local to the edge network element Cost: Passive equipment: $35K +++ ea. Mediation Device: $75K + (based on number of subscribers)

20 Intercept Capable Network Elements
Adds interception capability to existing network elements Pros: Reduced cost by leveraging existing infrastructure Reduced O&M costs Cons: Functionality may not be supported on all platforms in the network. If it is supported, hardware upgrades (memory, processor, etc.) may be required Interception introduces an impact to network element performance Cost: Network element S/W licenses: $0 - $15K+ ea Mediation Device: $75K + (based on number of subscribers)

21 Hybrid Combination of passive equipment and intercept support
Provides flexibility of passive equipment solution with cost advantages of intercept support on network elements Augments network element intercept capability Offloads network element for large bandwidth intercepts Pros: Most comprehensive and cost effective solution Most flexible solution for CALEA compliance in multi-vendor network Cons: Somewhat higher O&M and equipment costs Cost: Network element S/W licenses: $0 - $15K+ ea Passive equipment: $35K +++ ea. Mediation Device: $75K + (based on number of subscribers)

22 Trusted Third Party (TTP)
TTP becomes agent of record for Service Provider Assumes all responsibilities and obligations Pros: Continued protection from criminal & civil liability Reduces operating costs and conserves capital Assumes risk and up-front investment (personnel, technology) Future-proof services Cons: CALEA activities are handled by third party TTP requires access (physical and admin) to your network Cost: Initial assessment/setup fee: $10K+ (depends on size of network) Monthly service fee: $1.5K+ (depends on size of network) Per intercept fee: Records production = $500?, Pen/Trap = $1000?, Full Content = $1500? (Reimbursable by LEA)

23 Service Independent Intercept (SII) Architecture

24 Key Cisco SII Architecture Features
Standard architecture (same for voice or data) Places control of LI on Mediation Device (instead of on call control equipment) Separates lawful intercept control from call control Common interface to Mediation Device and Call Control partners Modular architecture, easily adapted to regional requirements through mediation device

25 Generic View of the LI Architecture
Demarcation Point (SP, LEA Responsibility) Service Provider LI Administration Function Law Enforcement Agency (LEA) Intercept Related Info (IRI) Intercepting Control Element (ICE) Request Mediation Device Collection Function IRI Communication Content (CC) Request Content Information for the Same Intercept May Be Sent to Multiple LEAs Intercepting Network Element (INE) Request Access Function (AF)/ Intercept Access Point (IAP) Cisco Equipment 3rd Party Equipment

26 Cisco Service Independent Intercept
Configuration Commands Service Provider LI Administration Function Voice - Call Agent Data - Radius, AAA Law Enforcement Agency (LEA) Intercept Related Info (IRI) Intercepting Control Element (ICE) Request Mediation Device Collection Function IRI Communication Content (CC) Request Content RADIUS Event Messages RTP or UDP transport for delivery Intercepting Network Element (INE) SNMPv3 Cisco Equipment Voice - Edge router, Trunk G/W Data – Access/Aggregation router 3rd Party Equipment

27 IETF—RFC 3924 Lawful Intercept Architecture Reference Model HI1(a) b c
Law Intercept Administration Function HI1(a) Law Enforcement Agency (LEA) MD Provisioning Interface b c HI2(g) Intercept Related Information (IRI) IAP Mediation Device (MD) e HI3(h) HI3(h) IRI (e) d f Intercept Request (d) Intercepted Content (f) Content Intercept Access Point (IAP) User Content User Content Service Provider Functions Lawful Intercept Architecture Reference Model

28 Cisco Lawful Intercept Architecture
IETF first draft June 2003 IETF second draft October 2003 Informational RFC 3924 adopted October 2004 Modular architecture—adapts to regional requirements via partner equipment (mediation device) Key Features: Common architecture (SII) for voice and data Separation of intercept control from call control (voice) and session control (data) Controlled by mediation device Standardized interface for mediation device to provision intercepts via SNMPv3

29 LI Architecture—Voice Intercept
LI Administration Function Gatekeeper, SIP Proxy, Call Agent Admin 2 Admin (HI1) 1 Collection Function LEA Config 3 Mediation Device IRI 6 IRI 5 CC 11 Intercept Request 8 Intercepted Data 10 Call Control 4 7 Call Control Target Subscriber CPE Adapter or IP Phone CPE Adapter or IP Phone 9 Aggregation Router Aggregation Router RTP Stream

30 LI Architecture—Data Intercept
LI Administration Function AAA Server (Cisco Access Registrar, Other) Admin 2 Admin (HI1) 1 Collection Function LEA Config 3 Mediation Device IRI 6 11 IRI 5 10 CC 14 Config 3 Acct Start 9 Sniffer/ Probe Intercept Request 7 Intercepted Data 13 Access Request 4 Target Subscriber Access Accept 8 12 Aggregation Router Data Stream

31

Download ppt "EduCause LI Overview February 2007"

Similar presentations

Lawful Intercept Briefing

Lawful Intercept Briefing
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.

1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Voice over IP Fundamentals

Voice over IP Fundamentals
© 2004, NexTone Communications. All rights reserved. Introduction to H.323.

© 2004, NexTone Communications. All rights reserved. Introduction to H.323.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 2: Cisco VoIP Implementations.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 2: Cisco VoIP Implementations.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Using COTS Routers for Lawful Intercept Annual Member Meeting.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Voice Issues.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Voice Issues.
Overview of CALEA Conformance Proposed Standard PTSC-LAES-2006-084R6 Manish Karir, Merit – Research and Development.

Overview of CALEA Conformance Proposed Standard PTSC-LAES R6 Manish Karir, Merit – Research and Development.
Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.

Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
1 © 2002, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Lawful Intercept Case Study Harvard Law School November 12, 2003.

1 © 2002, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Lawful Intercept Case Study Harvard Law School November 12, 2003.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
CALEA: The Communications Assistance for Law Enforcement Act Doug Carlson, Executive Director, Communications and Computing Services, NYU Mark Luker, Vice.

CALEA: The Communications Assistance for Law Enforcement Act Doug Carlson, Executive Director, Communications and Computing Services, NYU Mark Luker, Vice.
VOIP ENGR 475 – Telecommunications Harding University November 16, 2006 Jonathan White.

VOIP ENGR 475 – Telecommunications Harding University November 16, 2006 Jonathan White.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Microsoft ® Application Virtualization 4.6 Infrastructure Planning and Design Published: September 2008 Updated: February 2010.

Similar presentations

Ads by Google