Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of CALEA Conformance Proposed Standard PTSC-LAES-2006-084R6 Manish Karir, Merit – Research and Development.

Published byChristian Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of CALEA Conformance Proposed Standard PTSC-LAES-2006-084R6 Manish Karir, Merit – Research and Development."— Presentation transcript:

1 Overview of CALEA Conformance Proposed Standard PTSC-LAES-2006-084R6 Manish Karir, Merit – Research and Development

2 Outline 1.Architectural Assumptions –Internet Access Service Provider Model –Electronic Surveillance Model –Vocabulary Building 2.CALEA Functions –Functional Breakdown of Components –Architecture, Interfaces and Intercept Access Points 3.CALEA conformance –Timing Requirements –CmII/CmC Packet Formats and Encapsulation –General IASP Requirements 4.Re-Cap and Conclusions

3 Internet Access Services Model Source: PTSC-LAES-2006-084R6

4 Internet Access and Services Model Three Aspects to Gaining Access 1. Reg-F - Registration Function: »The act of a user getting access to the network (e.g. login/authentication of any sort) 2. Res-F - Reservation Function: »The user requesting resources from the network (e.g. requesting an IP address, temporary addresses are not included) 3. PT-F - Packet Transfer Function: »Transfer of Layer-3 packets to/from the Internet

5 Electronic Surveillance Model Components and Responsibilities 1.Service Provider Administration Responsible for the Access and Delivery Functions 2.Access Function (AF) Consists of one or more Intercept Access Points (IAPs) 3.Delivery Function (DF) Transfer of data from the Access Function to the Collection Function 4.Law Enforcement Administration Controls the LEA collection function 5.Collection Function (CF) Location where the communication intercepts are stored Law Enforcement Responsibility Internet Access Service Provider Responsibility

6 Electronic Surveillance Model Source: PTSC-LAES-2006-084R6

7 More Definitions /Acronyms LI - Lawful Intercept CmII - Communication Identifying Information (e.g. packet headers…but more…) CmC - Communication Content (e.g. the packets) IAP - Intercept Access Point Combinations: –AACmII - Access Associated CmII –CACmII - Content Associated CmII –CmC-IAPs - The point in the network where communication content is intercepted –CmII-IAPs - The point in the network where communication headers are intercepted –Note: CmC-IAPs might be different from CmII- IAPs

8 The 3 Key Concepts 1.CmC - Communication Content –Captured at CmC-IAPs, full packets –Packets are passed to Delivery Function(DF) –The DF transfers these to the LEA Collection Function (CF) 2.AACmII - Access Associated CmII –Essentially login/logout and authorization activity –DHCP IP address assigned –Information provided to CF via the DF cont.

9 The 3 Key Concepts cont. 3. CACmII - Content Associated CmII - 2 methods –Intercept packet stream to/from subject and extract IP header information, port information is optional,(but might be authorized) finally deliver all header information to DF or deliver summary records –Sample subjects flows such that no flow can exist without being sampled and deliver summary records to LEA

10 Functional Breakdown CmC/CmII Access Function (AF): –Responsible for identifying/isolating CmC/CmII for the subject and presenting it to the MF/DF CmC/CmII Mediation Function (MF): –Responsible for the presentation of captured information into the appropriate format for delivery to LEA CmC/CmII Deliver Function (DF): –Responsible transmitting data from IASP to the collection function of the LEA

11 Functional Lawful Intercept Architecture Source: PTSC-LAES-2006-084R6

12 Packet Delivery Interface DF-CF Interface Source: PTSC-LAES-2006-084R6

13 Intercept Access Points

14 Delivery Timing Requirements 1.Event Timestamps: Each intercepted message should contain an accurate timestamp –CmII: timestamp should be accurate to within 200ms –CmC: timestamps need to be provided with each packet 2.Event Timing: Intercepted messages should be sent to LEA within specified time window –CmII should be sent by the DF to the CF within 8 seconds 95% of the time –CmC: ???

15 Timing Requirements Source: PTSC-LAES-2006-084R6 T1 is dependent in IASP T2 is jointly determined by IASP and LEA by choice of agreed upon protocols and facilities

16 CmII Access Messages Access Messages: Notify LEA of access related functions performed by the subject including : Access Attempt (login) - subject begins the network authentication process Access Accepted - sent when subject has successfully authenticated with network AAA Access Failed - user provides invalid username/ password or MAC address cont.

17 CmII Access Messages cont. Access Session End (logout) - subject initiates disconnect Access Rejected - network rejects login attempt e.g. user is already logged in somewhere else and network does not allow multiple logins Signaling Message Report - (RADIUS, DIAMETER, etc.) may be used in place of the previous messages

18 CmII Packet Data Messages Packet Data Messages: Notify LEA of data related events performed by the subject Packet Data Session Start - sent when subject completes login and and IP address has been assigned Packet Data Session Failed - login is successful but no IP address, e.g. DHCP pool exhausted Packet Data Session End - session timeout

19 CmII Packet Data Messages Packet Data Messages: Notify LEA of data related events performed by the subject Packet Data Session Already Established - when surveillance starts after subject login Packet Data Header Report - packet header reports on a per-packet basis Packet Summary Report - periodic summary reports of packet header data

20 Example CmII Message Formats Access Accepted CmII Message Packet Header Data Report CmII Message

21 CmC Message Delivery Options SCTE Datagram Format ATIS IAS Datagram –Encapsulation Approach - one packet per encapsulated datagram –UDP/IP based encapsulation; TCP or other transport protocols are optional –IC-APDU - Protocol Data Unit Approach - multiple packets per Datagram We focus on the IAS Datagram approach as it is the simplest

22 IAS Datagram Encapsulation Approach One intercepted packet in each encapsulated UDP datagram Src IP is the address of DF Dst IP is address of CF Port numbers in UDP header may be agreed upon by LEA and IASP ContentID field is ASCII value that allows correlation between CmC and CmII **Timestamp is RFC3339 compliant: YYYY-MDDThh:mm:ss.sssZ **Intercepted Packet includes all headers

23 IAS Datagram - APDU Approach A simple extension of the encapsulation approach, to include multiple intercepted packets in a single encapsulated packet.

24 Subject Identification Two Aspects 1.Login Identification: –When network requires authentication prior to use –CmC and CmII is performed only after subject has been identified on the network –After login; subject can be identified via unique IP address or session identifier assigned to subject during login cont.

25 Subject Identification Two Aspects, cont. 2.Equipment Identification: –When network does not require authentication prior to use –Subject is identified via unique address or interface –Intercept in this scenario may be based on MAC address, IP address or physical/logical port

26 Six IASP Requirements 1.Privacy: IASP shall not monitor or permanently record subjects communications 2.Isolation: IASP shall ensure that only the subjects communication is intercepted 3.Transparency: IASP shall perform the intercept in a manner such that the subject cannot reasonably detect that intercept is being performed cont.

27 Six IASP Requirements cont. 4. Encryption/Compression: IASP shall deliver the intercept data unencrypted or provide the LEA with encryption method and keys. IASP shall provide data uncompressed or identify means to decompress 5. Security/Integrity: IASP shall ensure unaltered delivery of intercept data. Security is to be negotiated between IASP and LEA 6. Performance/Quality: IASP should be able to perform multiple intercepts at the same time

28 Re-cap and Conclusions This is a simplified overview of the standard - Not a substitute for a detailed reading and interpretation. This is a broad introduction to the draft standard. - Terminology used -Rough of the structure of the proposed standard cont.

29 Re-cap and Conclusions – Remember: 1.The standard itself is unclear in certain areas, for example: –The use of encryption by IASP to protect the CmC –Specifics such as what is the caseID and how is it different from content identifier, IAP system identity, subscriber ID etc. –Implementation details such as what are the sizes of the various fields in the packet headers, what are the timing requirements for CmC delivery 2.Important to remember that it is still a “draft” standard and subject to revision.

Download ppt "Overview of CALEA Conformance Proposed Standard PTSC-LAES-2006-084R6 Manish Karir, Merit – Research and Development."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
EduCause LI Overview February 2007

EduCause LI Overview February 2007
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Transmission Control Protocol (TCP) Basics

Transmission Control Protocol (TCP) Basics
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.

Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
William Stallings Data and Computer Communications 7 th Edition Chapter 2 Protocols and Architecture.

William Stallings Data and Computer Communications 7 th Edition Chapter 2 Protocols and Architecture.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.

COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
CS 356 Systems Security Spring 2015 Dr. Indrajit Ray

CS 356 Systems Security Spring Dr. Indrajit Ray

Similar presentations

Ads by Google