Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept in VoIP Networks Manohar Mahavadi Vice President, Software Engineering Centillium Communications.

Published byPeter Floyd Modified over 8 years ago

Similar presentations

Presentation on theme: "January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept in VoIP Networks Manohar Mahavadi Vice President, Software Engineering Centillium Communications."— Presentation transcript:

1

2 January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept in VoIP Networks Manohar Mahavadi Vice President, Software Engineering Centillium Communications Inc. Fremont, California

3 January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – Introduction Omnibus Crime Prevention and Safe Streets Act of 1968 –Title III legalizes law enforcement wiretaps in criminal investigations Foreign Intelligence Surveillance Act of 1978 (FISA) –Wiretapping in advance of a crime being perpetrated The Electronic Communications Privacy Act of 1986 (ECPA) –Sets standards for access to cell phones, e-mail and other electronic communications and transactional records (subscriber identifying information, logs, toll records) Communications Assistance for Law Enforcement Act of 1994 (CALEA) –Preserve law enforcement wiretapping capabilities by requiring telephone companies to design their systems to ensure a basic level of government access H.R.3162 (The PATRIOT Act of 2001) –Post 9/11 –Expands the scope of Title III wiretaps and FISA to include computer fraud, abuse, etc.

4 January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – CALEA (U.S.) What is CALEA? –Defines the obligations of telecom carriers to assist law enforcement agencies (LEAs) in electronic surveillance pursuant to lawful authorization –Requires carriers to design and modify their systems to ensure that electronic surveillance can be performed –Communications infrastructure should be made wiretap-ready – call forwarding, caller ID, conferencing, etc. Progress –The last decade has seen a lot of evolution of regulations backed by the FBI, FCC, DOJ, DEA –Broadened to cover many new technology solutions such as push-to-talk, SMS messaging, chat sessions, etc. www.askcalea.net for a list of standards www.fcc.gov/calea

5 January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception PSTN world wiretapping –Dedicated connection – point-to-point –Dedicated resources for the call duration –Voice routed using mechanical switches or line connectivity tables –Wiretapping in local loop or at the local exchange Packet world wiretapping –Shared transmission medium: Packets contain addresses not tied to a location –Routing is dynamic and can take multiple paths –Many applications traverse the same transmission path –Decentralized VOP (SBCs, gateways, proxies, routers, switches, etc.) makes it difficult for wiretapping –Requires cooperation from infrastructure device vendors

6 January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – Terminology LAES: Lawfully authorized electronic surveillance LEA: Law enforcement agency –A government entity authorized to conduct LAES (FBI, police, DEA, etc.) CC: Call content (payload of multi-media packets) CCC: Call content channel CII: Call-identifying information or call data (CD) –Signaling or dialing information that identifies origin, direction, destination or termination generated or received by a subscriber CDC: Call data channel

7 January 23-26, 2007 Ft. Lauderdale, Florida Lawful Interception – Terminology IAP: Intercept access point –A point within a telecommunications system or VOP network where some of the communications or CII of an intercept subject’s equipment, facilities or services are accessed Intercept subject: Subscriber whose communications, CII or both have been authorized by a court to be intercepted, monitored and delivered to an LEA Associate: The called party in the conversation TSP: Telecommunications service provider

8 January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Model Lawful Authorization Service Provider Administration Law Enforcement Administration Delivery Function Access Function Collection Function TSP LEA CII CC VoP Signaling

9 January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Model Access function (AF) –One or more IAPs Delivery function (DF) –CCCs and CDCs Collection function (CF) –Collecting and analyzing intercepted communications Service provider administration function (SPAF) –Controlling the TSP access and delivery functions Law enforcement administration function (LEAF) –Controlling the LEA collection function Mediation function (MF) –Presentation of data (CC or CII) to DF (VoIP→TDM or VoIP → VoIP)

10 January 23-26, 2007 Ft. Lauderdale, Florida LI – Functional Architecture CII AF CC AF CC MF CII MF CC DF CII DF Terminal LEA-CF Subject’s Domain Network’s Domain LEA’s Domain VoP Signaling VoP IAP VoP VoP, TDM VoP/Network Signaling VoP

11 January 23-26, 2007 Ft. Lauderdale, Florida LI – Functional Architecture 7 1 CC/CII 7 1 DF App CF App Delivery Method Delivery Method OSI Stack A-PDU Delivery Function Collection Function CCC and CDC should be separate channels CCC and CDC can share same medium

12 January 23-26, 2007 Ft. Lauderdale, Florida LI – Intercept Access Points Physical locations on the network from where the CC or CII is delivered to delivery function –Can be in multiple locations –CII and CC IAPs can be co-located Call identifying information IAP –CII directly associated with the call Management of an existing call between intercept subject and associate(s) (establishing, managing and releasing) –CII indirectly associated with the call ServingSystem message: Register or deregister addressing info Call content IAP

13 January 23-26, 2007 Ft. Lauderdale, Florida - Access Router - Border Router VOIP Phone Alice VOIP Phone Bob Bob’s VOIP SP Alice’s VOIP SP VOIP Conversation Transport ISP A Transport ISP B Transport ISP C Transport ISP D R1 R2 Call Setup VoIP SPs first enable setup VoIP calls directly take place Preferred wiretaps – R1 and R2 R1/R2 should be configured to tap Single SP makes life easier LI – Intercept Access Points Courtesy: Ref[1]

14 January 23-26, 2007 Ft. Lauderdale, Florida LI – Intercept Access Points Media gateways Session border controllers Access routers Signaling proxies CII and CC are typically delivered over secure channels to LEA

15 January 23-26, 2007 Ft. Lauderdale, Florida LI on TDM_PKT_CHANNEL LI - TDM Enc/Dec DSP NP NP Packetizer UnPacketizer B IP Phone TDM_PKT _CHANNEL A Legacy Phone EC TAP TRAFFIC COMING TO PKT LI - PKT NP Packetizer TAP TRAFFIC COMING FROM PKT NP Packetizer

16 January 23-26, 2007 Ft. Lauderdale, Florida LI on PKT_PKT_CHNL Encoder Decoder DSP NP Packetizer UnPacketizer A IP Phone Encoder Decoder DSP NP Packetizer UnPacketizer B IP Phone Encoder DSP NP Packetizer LI-A Encoder DSP NP Packetizer LI-B

17 January 23-26, 2007 Ft. Lauderdale, Florida LI – TDM_PKT_CONF_CHNL LI Model with Conferencing Courtesy: [4]

18 January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Events Information events –Call-control related events Answer: Call accepted Origination: Subject initiated a VoP session Release: Session released along with resources Termination attempt: Session termination requested –Signaling events Dialed digit extraction: Digits dialed after a call is connected Direct signal reporting: Signaling from and to intercept subject Network signal: Tone or message indicating CII (busy, ringing, etc.) Subject signal: Call waiting, forwarding, etc.

19 January 23-26, 2007 Ft. Lauderdale, Florida LI – Surveillance Events Information events –Feature use events Change Connection Connection break Redirection –Registration events Address registration Content events –CCChange: Media characteristics established or modified –CCClose: CC delivery is disabled –CCOpen: CC delivery is enabled –CCUnavailable: Network loses access for the call under interception

20 January 23-26, 2007 Ft. Lauderdale, Florida LI Challenges Security vs. CALEA requirements –Security ensures privacy, packet integrity, authenticity and non-repudiation –CALEA requires intercepted packets are not secured –SRTP and secured SIP with end-to-end security poses challenge –Peer-to-peer VoIP communication with security enabled prevents interception –Secured traffic needs to be decrypted and re-encrypted for interception Security Association termination and re-initiation –Key distribution or sharing with LEA

21 January 23-26, 2007 Ft. Lauderdale, Florida LI Challenges Channel capacity affected if channel duplication is required Design should consider requirements for extra performance Should support all call models like Forking, Handoff, etc. Should support all codecs in use Requires additional interface support

22 January 23-26, 2007 Ft. Lauderdale, Florida References [1] Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP, Steve Bellovin, et al, June 13, 2006 [2] Electronics Surveillance Needs for Carrier-Grade Voice Over Packet (CGVoP) Service, FBI Document for CALEA [3] Lawfully Authorized Electronic Surveillance (LAES) for voice over Packet Technologies in Wireline Telecommunications Networks ANSI T1.678.xxxx [4] 05/2000, TIA/EIA/J-STD-025 Lawfully Authorized Electronic Surveillance, revision A: updated [5] 09/200, TIA/EIA/J-STD-025 Lawfully Authorized Electronic Surveillance, updated [6] www.askcalea.net [7] www.fcc.gov/calea

Download ppt "January 23-26, 2007 Ft. Lauderdale, Florida Lawful Intercept in VoIP Networks Manohar Mahavadi Vice President, Software Engineering Centillium Communications."

Similar presentations

1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Mr. Thilak de Silva. BSc. Eng., MSc, CEng, FIE(SL), FIET(UK), CITP(UK), MBCS(UK), MIEEE (USA) M.Sc. in IT - Year 1 Semester II - 2012.

Mr. Thilak de Silva. BSc. Eng., MSc, CEng, FIE(SL), FIET(UK), CITP(UK), MBCS(UK), MIEEE (USA) M.Sc. in IT - Year 1 Semester II
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.

1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.
EduCause LI Overview February 2007

EduCause LI Overview February 2007
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
1 © 2000, Cisco Systems, Inc. CALEA_NANOG_2000_0611.ppt Impact of CALEA on Network Operators What it is and what it ain’t Chip Sharp Cisco System, Inc.

1 © 2000, Cisco Systems, Inc. CALEA_NANOG_2000_0611.ppt Impact of CALEA on Network Operators What it is and what it ain’t Chip Sharp Cisco System, Inc.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.

Cisco Architecture for Lawful Intercept in IP Networks October 2004,rfc3924 Author(s): F. Baker,B. Foster,C. Sharp.
Why Converged Networks Make Sense: VoIP a First Step July 26, 2006.

Why Converged Networks Make Sense: VoIP a First Step July 26, 2006.
Module 3.4: Switching Circuit Switching Packet Switching K. Salah.

Module 3.4: Switching Circuit Switching Packet Switching K. Salah.
Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.

Building Applications Using SIP Scott Hoffpauir Vice President, Engineering Fall 1999 VON, Atlanta.
Data Communications Circuit Switching. Switching Networks Long distance transmission is typically done over a network of switched nodes Nodes not concerned.

Data Communications Circuit Switching. Switching Networks Long distance transmission is typically done over a network of switched nodes Nodes not concerned.
EE 4272Spring, 2003 EE4272: Computer Networks Instructor: Tricia Chigan Dept.: Elec. & Comp. Eng. Spring, 2003.

EE 4272Spring, 2003 EE4272: Computer Networks Instructor: Tricia Chigan Dept.: Elec. & Comp. Eng. Spring, 2003.
EE 4272Spring, 2003 Chapter 9: Circuit Switching Switching Networks Circuit-Switching Networks Circuit-Switching Concept  Space-Division Switching  Time-Division.

EE 4272Spring, 2003 Chapter 9: Circuit Switching Switching Networks Circuit-Switching Networks Circuit-Switching Concept  Space-Division Switching  Time-Division.
Chapter 12: Circuit Switching and Packet Switching

Chapter 12: Circuit Switching and Packet Switching
Telecommunication and Networks

Telecommunication and Networks

Similar presentations

Ads by Google