Cisco Systems Lawful Intercept Capabilities Craig Mulholland Consulting
Cisco Systems Lawful Intercept Capabilities Craig Mulholland Consulting Engineer February 8, 2006 The contents of this presentation do not constitute legal advice nor does Cisco guarantee the accuracy or completeness of such information. © 2005 Cisco Systems, Inc. All rights reserved. 1
Disclaimers • It is Cisco's intent to support its customers by developing products that will help them meet the requirements of the law. • Customers are STRONGLY advised to seek qualified legal counsel to advise them about the extent of their obligation under Lawful Intercept regulations and laws in each country in which they operate The contents of this presentation do not constitute legal advice nor does Cisco guarantee the accuracy or completeness of such information. © 2005 Cisco Systems, Inc. All rights reserved. 2
Agenda • Lawful Intercept Product Planning • Lawful Intercept Architecture • Lawful Intercept Standards © 2005 Cisco Systems, Inc. All rights reserved. 3
Lawful Intercept Product Planning © 2005 Cisco Systems, Inc. All rights reserved. 4
Lawful Intercept Product Planning • Today – 2/8/2006 – status quo – the NPRM and first report and order have not changed the lawful intercept requirements for enterprises, including institutes of higher education • Cannot predict the future • If requirements change, service provider architecture adaptable for other product lines © 2005 Cisco Systems, Inc. All rights reserved. 5
Lawful Intercept Product Planning • Service provider customer’s have been requiring LI capabilities for several years • Cisco introduced an architecture for LI in June 2003 • Informational RFC 3924 adopted October 2004 • Existing protocols should NOT be modified to support LI capabilities • Similar approach adaptable for Higher Education, if required © 2005 Cisco Systems, Inc. All rights reserved. 6
LI Architecture © 2005 Cisco Systems, Inc. All rights reserved. 7
LI Architecture Requirements • Carrier must be able to provide: Content of Communication-Identifying Information (Cm. II) • LI must be undetectable by the intercept subject • Knowledge of wire-tap limited to authorized personnel • Ability to correlate Communication Identifying Information with Content of Communication • Confidentiality, Integrity and Authentication of the Cm. II • Requirements vary between agencies, regions, and countries © 2005 Cisco Systems, Inc. All rights reserved. 8
LI Architecture – Examples of information reported • Communication-identifying information (CII) Dialed Digits (Voice Calls) Subject login (data) Network Addresses (data) • Content of Communications Audio Content of Voice Call Packets to/from subject © 2005 Cisco Systems, Inc. All rights reserved. 9
LI Architecture Requirements • Transparency/Confidentiality of Intercept: No indication of intercept to unauthorized parties. No interruption of ongoing communications Intercept not perceptible to target or outside parties LEAs must not be able to detect other LEA intercepts • Intercept should not affect service to subscribers • Encryption of Communication Identifying Information & Communication Content desirable © 2005 Cisco Systems, Inc. All rights reserved. 10
Generic View of the LI Architecture Service Provider Intercepting Control Element (ICE) LI Administration Function Request Mediation Device IRI Request Access Function (AF)/ Intercept Access Point (IAP) Content Intercepting Network Element (INE) Demarcation Point (SP, LEA responsibility) Law Enforcement (LEA) Communication Identifying Information. Agency Cm. II Communication Content (CC) Collection Function Information for the same intercept may be sent to multiple LEA’s Cisco Equipment 3 rd Party Equipment © 2005 Cisco Systems, Inc. All rights reserved. 11
Cisco Lawful Intercept Architecture • IETF First draft June 2003 • IETF Second draft October 2003 • Informational RFC 3924 adopted October 2004 • Modular architecture – adapts to regional requirements via partner equipment (mediation device) • Key Features: – Common architecture (SII) for voice and data – Separation of intercept control from call control (voice) and session control (data) – Controlled by Mediation Device – Standardized interface for mediation device to provision intercepts via SNMPv 3 © 2005 Cisco Systems, Inc. All rights reserved. 12
IETF – RFC 3924 Law Intercept HI 1(a) Administration Function MD Provisioning Interface b Intercept Related Information (IRI) IAP c e IRI (e) Intercept Request (d) User Content Mediation Device (MD) d f Law Enforcement Agency (LEA) HI 2(g) HI 3(h) Intercepted Content ( f) Content Intercept Access Point (IAP) User Content Service Provider Functions Lawful Intercept Architecture Reference Model © 2005 Cisco Systems, Inc. All rights reserved. 13
Cisco Service Independent Intercept Configuration Commands Service Provider LI Administration Function Voice - Call Agent Data - Radius, AAA Intercepting Control Element (ICE) Request Mediation Device IRI Request RADIUS Event Messages SNMPv 3 Content Intercepting Network Element (INE) Cisco Equipment Intercept Related Info (IRI) Law Enforcement Agency (LEA) Communication Content (CC) Collection Function RTP or UDP transport for delivery Voice - Edge router, Trunk G/W Data – Access/Aggregation router 3 rd Party Equipment © 2005 Cisco Systems, Inc. All rights reserved. 14
Cisco Service Independent Intercept • Separates control for intercept from network authorization and control functions • Mediation Device sets up filter specification, destination, transport, controls intercept via SNMPv 3 • Intercept Access Point (router/switch) replicates content stream based on configuration by M/D • Intercept NOT visible through command line at the router/switch (IAP) • Modular architecture – Mediation device adapts to regional requirements (M/D partners familiar with local requirements/variations) © 2005 Cisco Systems, Inc. All rights reserved. 15
LI Architecture – Voice Intercept Service Provider LI Administration Function Gatekeeper, SIP Proxy, Call Agent ICE Customer Premise IAD or IP Phone Call Control Ad Admin mi (a/c) Request Config(a 1) IRI (d 2) IRI Request (c 2) (SIP, H. 323, or MGCP-based) IRI Mediation Device (3 rd Party) Request SNMPv 3 (c 1) SET Content (d 1) Voice Packets Target Subscriber IRI CC CC LEA Collection Function Call Control INE Aggregation Router n Aggregation Router Customer Premise IAD or IP Phone RTP Stream © 2005 Cisco Systems, Inc. All rights reserved. 16
LI Architecture – Data Intercept Service Provider LI Administration Function Intercepting Control Element 13 Target Subscriber 3 Config Request Ack 8 IRI Admin AAA Server (Cisco Access Registrar, other) Ad 2 Mediation Device IRI 5 11 Acct Sniffer/ Intercept 10 Request Start Probe Request Content 7 Access Accept Request Intercepted 9 14 Data 4 Intercepting Network Element Aggregation Router © 2005 Cisco Systems, Inc. All rights reserved. mi 1 n( HI 1 ) 6 12 IRI CC CC 15 LEA Collection Function Data Stream 17
Lawful Intercept Standards © 2005 Cisco Systems, Inc. All rights reserved. 18
Why Lawful Intercept Standards? • Developed cooperatively in standards organizations (eg. ETSI, ATIS, TIA) with participation from service providers, equipment vendors, and law enforcement • Compliance with Lawful Intercept Standards provides “Safe Harbor” under CALEA • “Safe Harbor” status until challenged • Appeals to FCC and courts © 2005 Cisco Systems, Inc. All rights reserved. 19
Standards Organizations (Cisco Participation) • Telecommunications Industry Association (TIA) • Alliance for Telecommunications Industry Solutions (ATIS formerly Committee T 1) • Packet. Cable™ • European Telecommunications Standards Institute (ETSI) © 2005 Cisco Systems, Inc. All rights reserved. 20
TIA – J-STD-025 Telecommunication Service Provider Access Function a d c Delivery Function Administration Function e Law Enforcement b Administration Function The scope of J-STD-025 is limited to the e reference point. Collection Function Law Enforcement Agency (LEA) Network Reference Model © 2005 Cisco Systems, Inc. All rights reserved. 21
TIA – LI Standards of Interest • J-STD-025 B – J-STD-025 A, current standard for telephone network LI, published May 2000 – B ver adds cdma 2000® packet data, and references for Vo. P and 3 GPP, approved as trial standard Dec 2003, second default ballot as ANSI standard completed • TIA 1066 – LI for cdma 2000® - developed in TR 45. 6, currently in ballot comment resolution • TIA 1071 – LI for IP Multimedia Subsystem – developed in TR 45. 2 AHI, moved to TR 45. 6, needs to be aligned with TIA 1066 © 2005 Cisco Systems, Inc. All rights reserved. 22
ATIS – T 1. 678 © 2005 Cisco Systems, Inc. All rights reserved. 23
ATIS – LI Standards of Interest • T 1. 678 v 2 – LI for Vo. IP (SIP, H. 323) – V 2 completed January 2006, includes supplementary services (call hold, call transfer, multiparty calls) • T 1. IPNA – LI for Public IP Network Access (data) – V 1 in progress • New Issue NGN – TR for application of LI standards to ATIS NGN architecture • T 1. 724 - Handover Interface for Lawful Interception of Packet-Data Services, Circuit Switched Services, and Multimedia Services within the Universal Mobile Telecommunications System (UMTS) – adoption of TS 33. 108 © 2005 Cisco Systems, Inc. All rights reserved. 24
Packet. Cable™ - LI Reference Model Packet. Cable Electronic Surveillance Reference Model © 2005 Cisco Systems, Inc. All rights reserved. 25
Packet. Cable™- LI Standards of Interest - Vo. IP • Electronic Surveillance Protocol - PKT-SP-ESP-I 01 -991229 Published 29 Dec 1999 - PKT-SP-ESP-I 02 -030801 Published 1 Aug 2003 - PKT-SP-ESP-I 03 -040113 Published 13 Jan 2004 • PKT-SP-ESP- I 04 -040723 Published 23 July 2004 – Meets Law Enforcements requirements, including call forward, call transfer, and PC “Punch-List” items • Packet. Cable 2. 0 currently in development © 2005 Cisco Systems, Inc. All rights reserved. 26
ETSI – Lawful Intercept Reference Model IIF: Internal interception Function INI: Internal Network Interface HI 1: Administrative Information HI 2: Intercept Related Information HI 3: Content of Communication HI 1 Administration function Intercept related information (IRI) Network Internal Functions IRI Mediation function Content of Communication (CC) Content Mediation function HI 2 HI 3 IIF INI NWO/AP/Sv. P Domain © 2005 Cisco Systems, Inc. All rights reserved. LEMF 27
ETSI – Third Generation Mobile (3 GMS) • TS 133. 106 - Lawful interception requirements within a Third Generation Mobile Communication System (3 GMS) – v 6. 1. 0 Published January, 2005 • TS 133. 107 - Lawful interception architecture and functions –v 5. 6. 0 Published Sept, 2003 • TS 133. 108 - Handover Interface for Lawful Intercept – v 5. 5. 0 Published Sept, 2003 © 2005 Cisco Systems, Inc. All rights reserved. 28
ETSI – LI Standards of Interest - IP Data • ETSI TS 102. 232 v 1. 1. 1 – Lawful Interception: Handover Interface for IP Delivery – Published Feb, 2004, Updated Oct, 2004 (v 1. 2. 1) • ETSI TS 102. 233 v 1. 2. 1 – Lawful Interception: Service Specific Details for E-mail Services – Published May, 2004 • ETSI TS 102. 234 v 1. 1. 1 – Lawful Interception: Service Specific Details for Internet Access Services – Published Feb, 2004, updated Oct 2004, (v 1. 2. 1) © 2005 Cisco Systems, Inc. All rights reserved. 29
© 2005 Cisco Systems, Inc. All rights reserved. 30
- Slides: 30