1

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

1

ETSI activities on

Retained Data handling

and

Lawful Interception standardisation

World Class Standards

Peter van der Arend

Chairman ETSI/TC LI

(Technical Committee on Lawful Interception)

2

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

2

Lawful Interception

Security LI & RD

environment

Retained Data

E

uropean

T

elecommunications

S

tandards

I

nstitute

T

echnical

C

ommittee

L

awful

I

nterception

Handover Interfaces for transport of

Lawful Interception and Retained Data

are standardised by

TISPAN

ATTM

TETRA

3

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

3

q A European standards organization,

created in 1988, active in all areas of telecommunications

" including radio communications, broadcasting and

Information Technology

q Supporting EU and EFTA regulation and initiatives
q Favours international collaboration
q A not-for-profit organization
q Members: Administrations, Administration Bodies and NSOs

Network Operators, Service Providers, Manufacturers, Users

q Creates different deliverables to meet market needs
q All publications freely available! Downloadable from ETSI Website

Intro on ETSI

http://pda.etsi.org/pda/queryform.asp

http://portal.etsi.org

4

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

4

ETSI Members per country

Albania

1

Great Britain

123

Poland

5

Andorra

1

Greece

8

Portugal

2

Australia

3

Hungary

6

Qatar

1

Austria

11

Iceland

1

Romania

4

Belgium

22

India

7

Russia

8

Bosnia Herzegovina

2

Iran

1

Serbia

1

Bulgaria

3

Ireland

12

Singapore

1

Brazil

2

Israel

8

Slovakia

3

Canada

9

Italy

28

Slovenia

3

China

8

Japan

7

South Africa

3

Croatia

4

Jordan

1

Spain

15

Cyprus

2

Korea

1

Sweden

24

Czech Republic

4

Latvia

2

Switzerland

20

Denmark

20

Lesotho

1

Taiwan

11

Egypt

1

Lichtenstein

1

Turkey

5

Estonia

2

Lithuania

1

Ukraine

1

Finland

15

Luxembourg

5

United Arab Emirates

2

France

71

Malaysia

1

United States

65

FYROM (Macedonia)

1

Malta

2

Uzbekistan

1

Georgia

1

Netherlands

29

Yemen

1

Germany

90

Norway

8

62 countries

707

(March 2008)

5

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

5

Interregional collaboration on selected

standardization subjects between partners

G

lobal

S

tandards

C

ollaboration

(Canada)

(USA)

Communication Alliance

(Australia)

(Japan)

(Korea)

(Japan)

(USA)

(China)

(International)

6

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

6

3

rd

Generation Partnership Project

specifying a W-CDMA system based on
an evolution of the GSM core network, a

member of )*e IT-.s IMT-2000 family

http://www.3gpp.org

Organizational Partners:

ETSI (Europe) CCSA (China) ARIB (Japan)
ATIS (USA) TTA (Korea) TTC (Japan)

Partnership Project

7

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

7

Main body in ETSI for

Lawful Interception Standards development

and

Retained Data handover Standardisation is

ETSI/TC LI

Technical Committee on Lawful Interception

8

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

8

Intro on ETSI/TC LI .

q Created as stand-alone TC in October 2002
q Meetings

" Three plenary meetings a year are organised

(35-84 participants)

"

De2ica)e2 Ra77or)eur.s mee)ings can be organise2 on a s7ecific issue

q The meetings can be attended by ETSI members

" Non-ETSI members can participate by invitation of the chairman
" Next meeting: ETSI/TC LI#21, 29 June ! 1 July 2009

q Dedicated TC LI e-mail server and document server

" Open to all (registered) ETSI members

q Producing reports and specifications

" On Lawful Interception and Retained Data
" Mainly on the Handover Interface

q Promoting globally ETSI Lawful Interception and Data Retention

standards amongst operators and national bodies

9

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

9

Delivarables of ETSI/TC LI

q ETSI/Technical Committee Security (TC SEC)

" Working Group Lawful Interception (SEC-WGLI) (1997)
"

on LI:

TR 102 053 v1.1.1 ES 201 158 v1.2.1

q ETSI/Technical Committee Lawful Interception (TC LI)

" Established as stand-alone TC in October 2002
"

on Lawful Interception:

"

TR 101 943 v2.2.1 TR 102 503 v1.4.1 TR 102 519 v1.1.1

"

TR 102 528 v1.1.1

"

TS 101 331 v1.2.1

TS 101 671

v3.4.1 ES 201 671 v3.1.1

"

TS 102 232-1

v2.4.1 TS 102 232-2 v2.3.1 TS 102 232-3 v2.2.1

"

TS 102 232-4 v2.1.1 TS 102 232-5 v2.3.1 TS 102 232-6 v2.3.1

"

TS 102 232-7 v2.1.1

"

on Data Retention:

TS 102 656 v1.2.1

TS 102 657

v1.2.1

"

Security Report on LI and DR:

TR 102 661 v1.1.1

10

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

10

Terms of Reference ETSI/TC LI

q To capture the

requirements

of ;La= >nforcemen) Agencies@ Aon 

Lawful Interception and Data Retention) and translating those into
requirements to be applied to Technical Specifications

q To develop and publish

handover interfaces

, and rules for the

carriage of technology specific interception across these
interfaces

q To develop a

set of standards

that allow ETSI standards to

support industry compliance to the requirements of national and
international law

11

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

11

q Law Enforcement Agencies / Governments organisations /

Research organisations

" NL, UK, DE, AS, S, GR, ES, FR, RU, FIN, IT, NO, CY, HU, UA
" AU, CA, USA, KR

q Communication Service Providers

" Vodafone, KPN (NL), BT (UK), DT (DE), TeliaSonera (S), Telstra (AU)

Inmarsat, UPC, Telenor, RIM, Telecom Italia, T-Mobile, Swisscom
Wind, TDC (DK)

q Manufacturers (switch / mediation / LEA equipment)

" Nokia Siemens Networks, Siemens, Ericsson, Cisco, Alcatel-Lucent

Pine Digital Security, Aqsacom, ETI, VeriSign, Nortel, GTEN, AREA
Verint, Detica, Thales, NICE Systems, Utimaco Safeware, Iskratel
ATIS Systems, SS8, Spectronic, Group 2000, ZTE, HP, IPS, Suntech

Manufacturers may be active in more areas

Participation in ETSI/TC LI

12

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

12

;TB LI@- companies also active in ISS World

&

13

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

13

Activities in ETSI/TC LI

on

Retained Data Handover Interface

14

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

14

Why study on Retained Data in EU

15th of March 2006: the European Parliament

and the Council of the European Union adopted

Directive 2006/24/EC on Data Retention

Data generated or processed in connection with the provision of

publicly available electronic communications services

or of

public communications networks

need to be retained

15

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

15

Applicability Directive

q The

content

of the communication is not part of the directive

q Data to be Retained

" Successful

and

unsuccessful

communication attempts

" Wireline

network telephony /

Wireless

network telephony

" Internet

access

/ Internet

e-mail

/ Internet

telephony

q Categories of data to be retained

" data to trace and identify the

source

of a communication

" data to identify the

destination

of a communication

" data to identify the

date, time and duration

of a communication

" data to identify the

type

of communication

" data to identify users' communication

equipment

or what purports to

be their equipment

" data to identify the

location

of mobile communication equipment

q Proportional requirements shall be defined by each Member State

in its

national law

16

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

16

Handover

Retrieval

Cost

Analysis

Political

Legal

Business

Relations

process

Storage

Communication

Service

Provider

Authorised

Organisation

ETSI/TC LI

The Data

Retention Puzzle

Request

17

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

17

Why standardisation of RD handling

q Easier to define own storage and delivery mechanism

" No need to define/invent complete own delivery / receiving system
" National options are possible

q

;B*ea7er@ 7ro2uc)s

" Manufacturers need to develop one basic product
" National options are additional

q Data Retention result is meeting international and national

requirements

q RD Standards in ETSI are actively developed in good

harmonization and are approved by all involved parties

q Common way for all involved parties
q Continuous increase in types of Retained Data

" Use of the telecommunication
" Number of different services used
" Number of different access networks used

18

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

18

Functional Model

Administrative

Function

Data store

Management

Function

Data

Collection

Function

Authorised

Organisation

Issuing

Authority

Receiving

Authority

Communication Service Provider

Handover Interface HI-B

Handover Interface HI-A

Network

elements

HI-A: various kinds of administrative, request and response information from/to the

Issuing Authority and the responsible organization at the CSP for RD matters.

HI-B: retained data information from the CSP to the Receiving Authority
HI-A and HI-B may be crossing borders between countries:

subject to corresponding national law and/or international agreements.

administrative

transmission RD

material

19

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

19

Retained Data Specifications in ETSI/TC LI

q

ETSI TS 102 656

(v1.2.1)

Requirements of LEAs for handling Retained Data

" guidance and requirements for the delivery and associated issues of

retained data of telecommunications and subscribers

" set of requirements relating to handover interfaces for retained traffic

and subscriber data

" requirements to support the implementation of Directive 2006/24/EC
" freedom for national regulations, procedures and processes

q

ETSI TS 102 657

(v1.2.1)

Handover interface for the request and delivery of Retained Data

" handover requirements and handover specification for the data that

is identified in EU Directive 2006/24/EC on Retained Data and in
national legislations as defined in TS 102 656

" considers both the requesting of retained data and the delivery of the

results

" defines an electronic interface

20

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

20

Retained Data Handover Signalling principle

Response: Results of RD request (HI-B)

RESPONS(ACK): Acknowledge response message (HI-A)

REQUEST(ACK): Acknowledge request message (HI-A)

REQUEST: Request for Retained Data (HI-A)

AO

CSP

Successful

delivery

q Data exchange techniques

"

;2irec) TBC@ =i)* D>R enco2ing 2erive2 from )*e ASGHI

"

;JTTC@ =i)* KML enco2ing

! on top of the standard TCP/IP stack
! choice of technique is a national option

21

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

21

Modular approach RDHI specification

Framework for Retained Data Handover Interface

Telephony

services

Asynchronous

message

services

Synchronous

Multi-media

services

Network

Access

services

PSTN/ISDN

GSM/UMTS-cs

SMS

E-mail

webmail

chat

Internet

GPRS

UMTS-ps

22

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

22

RetainedDataRecord

telephonyRecord

messageRecord

networkAccess

telephonySubscriber

telephonyServiceUsage

telephonyDevice

telephonyNetworkElement

naSubscriber

naServiceUsage

naDevic
e

naNetworkElement

msgSubscriber

msgServiceUsage

Schematic representation of top level ASN.1

telephonyBillingDetails

23

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

23

telephonySubscriber

subscriberID
GENERIC SUBSCRIBER INFO
telephonySubscriberInfo
subscribedTelephonyServices

SubscribedTelephonyServices

serviceID
providerID

timeSpan

registeredNumbers

serviceType

registeredICCID

installationAddress

iMSI

connectionDate

carrierPreselect
lineStatus

telephonyBillingDetails

subscriberID

serviceID
billingAddress
billingIdentifier

BillingRecords

billingRecords

time
place
amount
currency

method

TelephonyRecord: Subscriber and ServiceUsage

24

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

24

TelephonyRecord: ServiceUsage, Device and

NetworkElement

telephonyServiceUsage

PartyInformation

communicationTime

eventInformation

endReason

partyInformation

communicationType

bearerService

smsInformation

partyRole

partyNumber

subscriberID

deviceID

locations

EventInformation

time

type

party

location

communicationTime

iCCID

iMSI

natureOfAddress

forwardingTransferredNumber

terminatingTransferredNumber

ringingDuration

telephonyDevice

telephonyDeviceID

deviceIDType

telephonyNetworkElement

telephonyNetworkID

cellInformation

25

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

25

Generic Subscriber Information details

GenericSubscriberInfo

organizationInfo

name

contactDetails

nationalRegistration

individualInfo

name

contactAddress

dateOfBirth

gender

identificationNumber

authenticationInfo

26

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

26

Security Report

q

ETSI TR 102 661

Security framework in Lawful Interception and Retained Data
environment

" defining a security framework for securing Lawful Interception and

Retained Data environment of the CSP and the Handover of the
information

" Advice on Security measurements
" Advice on Physical security

CSP= Communication Service Provider

27

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

27

L*a).s neM)N

q ETSI/TC LI is keeping a close working relation with the

>B/>M7er)s Prou7 ;T*e Cla)form on >lec)ronic Da)a Re)en)ion for 

)*e Inves)iga)ionR De)ec)ion an2 Crosecu)ion of Serious Brime@

q ETSI/TC LI will maintain the Retained Data standards

" Add synchronous multi-media services
" Add new internet services as technology progress
" Add new parameters in line with national requirements

q ETSI/TC LI can organise an interoperability test, if required

" ETSI Plugtest for checking the specifications

q ETSI/TC LI is encouraging widespread use of the RD standards!

" The use of the Handover standard is already promoted in

international conferences and workshops

28

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

28

Details on ETSI

Lawful Interception Standardisation

29

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

29

Why Lawful Interception implementation in EU

17th January 1995: EU Council of Ministers

adopted resolution COM 96/C329/01 on Lawful Interception

The providers of public telecommunications networks and services

are legally required to make available to the authorities the

information necessary to enable them to investigate

telecommunications

30

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

30

Why standardisation of LI handling

q Easier to define own LI mechanism

" Guidance is given for network architecture
" No need to define/invent complete own LI system
" National options are possible

q

;B*ea7er@ LI 7ro2uc)s

" Manufacturers need to develop one basic product
" National options are additional

q Intercepted result is meeting international requirements by

Law Enforcement Agencies

q LI Standards in ETSI/TC LI are actively developed in good

harmonization and are approved by all involved parties

31

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

31

LEA requirements (step 1)

q

ETSI TS 101 331

Requirements of Law Enforcement Agencies

" Provides guidance in the area of co-operation by network

operators/service providers with the lawful interception of
telecommunications

" Provides a set of requirements relating to handover interfaces for the

interception

32

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

32

Types of Lawful Intercepted data

(TS 101 331)

q Intercept Related Information (

IRI

)

" Collection of information or data associated with telecommunication

services involving the target identity:

! communication associated information

or data

(including unsuccessful communication attempts)

! service associated information

or data

(e.g. service profile management by subscriber)

! location information

q Content of Communication (

CC

)

" Information exchanged between two or more users of a

telecommunications service

33

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

33

General network arrangements

(TS 101 331)

n e tw o rk

re s u lt o f
in te rc e p tio n
(IR I + C C )

H

a n d o ve r

I

n te rfa c e

lo c a tio n
in fo rm a tio n

C

o n te n t o f

C

o m m u n ic a tio n

c o m m u n ic a tio n
a s s o c ia te d
in fo rm a tio n

s e rvic e
a s s o c ia te d
in fo rm a tio n

in tercep tio n
in terface (in tern al)

L

a w

E

n fo rc e m e n t

M

o n ito rin g

F

a c ility

!

34

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

34

General on security of LI feature

q Parties in the communications

" Neither the target nor the other parties involved in the

communications should be able to detect that interception is
(de)activated or that interception is taking place

q Other users

" Other users of any telecommunications service should not be able,

by any means, to detect that any interception facility has been
(de)activated or that interception is taking place

q Protection of Target information

" Protection of Rooms, Systems, Connections

q Local staff

" Only authorised personnel may have knowledge that interception has

been activated on a target

" Unauthorised persons shall not be able to detect that any

interception is active on certain subscribers

35

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

35

LI requirements Network (step 2)

q

ETSI ES 201 158

Requirements for Network Functions

" Provision of lawful interception, with particular reference to the

Handover Interface

" To make available results of interception, related to specific identities
" Functional role model and involved parties
" Description of Handover Interfaces
" Guidance on Performance and quality
" Guidance on Security aspects
" Guidance on Billing and Charging

36

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

36

LI Handover Interface (step 3)

q

ETSI TS 101 671 (ETSI ES 201 671)

Handover Interface for the Lawful Interception of
Telecommunications Traffic

" Generic flow of information and procedures and information

elements, applicable to any future telecommunication network or
service

" Circuit switched and packet data
" Covered technologies:

PSTN, ISDN, GSM, UMTS (CS), GPRS, TETRA
wireline NGN (including PSTN/ISDN emulation)
wireline IMS PSTN simulation

q

ETSI TR 102 053

Notes on ISDN LI functionalities

" Implementation advice of TS 101 671 for operators

37

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

37

Handover Interface ports

(TS 101 671)

q HI1: for Administrative Information

" Request for lawful interception:

target identity, LIID, start/duration, IRI or IRI+CC,
IRI delivery address, CC delivery address, ...

" Management information

q

HI2

: for delivery of

I

ntercept

R

elated

I

nformation

" All data related to establish the telecommunication service and to

control its progress

" Correlation information

q

HI3

: for delivery of

C

ontent of

C

ommunication

" Transparent en-clair copy of the communication
" Correlation information

38

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

38

Handover Interface Concept

(TS 101 671)

39

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

39

Details on HI2 Interface (IRI)

(TS 101 671)

q IRI data is defined according ASN.1 description

" ITU-T Recommendation X.680 (Abstract Syntax Notation One)

q IRI Communication Associated Information

" IRI-Begin

! At first event of the communication attempt

" IRI-Continue

! Any time during the communication (attempt)

" IRI-End

! At the end of the communication (attempt)

q IRI Service Associated Information

" IRI-Report

! For any non-communication related events

40

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

40

Parameters in IRI records

(TS 101 671)

q LI related identities

" LIID, target, network operator, network element, call ID, ...

q Timestamp
q Intercepted call direction (to / from target)
q Intercepted call state (in progress, connected)
q Address: Calling party / Called party / Forwarded-to-party / ..

"

>HISTR T>IR IMSIR IM>IR MSISDGR SIC -RIR …

q Ringing tone duration / conversation duration
q Type of intercept:

" PSTN, ISDN, GSM (CS), TETRA, GPRS (PD), UMTS (CS)

q Supplementary service information
q Location information
q National parameters
q IRI record type (Begin, Continue, End, Report)
q ....

41

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

41

IIF

IIF

INI

HI2
(

IRI

)

HI3
(

CC

)

Management

System

HI

(TS 101 671)

Law

Enforcement

Monitoring

Facility

HI

: Handover Interface

HI1: Administration
HI2: Intercept Related Information
HI3: Content of Communication

HI1

Authorisation

Authority /

Law

Enforcement

Agency

IRI

: Intercept Related Information

CC

: Content of Communication

INI

: Internal Network Interface

IIF

: Internal Intercepting Function

AI

: Administrative Interface

Switching functions

Administration

Function 1

AI

Mediation

Function 2

Mediation

Function 3

I/O

Mediator

INI1

INI3

INI2

Warrant

Data

Call Content

ISDN

ISDN

Interception network
ISDN/PSTN Services
step-by-step

42

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

42

#

Architecture Reports from TC LI

q

ETSI TR 101 943

Concepts of Interception in a Generic Network Architecture

" High-level informative overview and principles regarding

implementation of LI for telecommunications

q

ETSI TR 102 528

Interception domain Architecture for IP networks

" High level reference architecture for supporting lawful interception

for IP networks

" High level description of Internal Network Functions and Interfaces
" Application of the reference model to voice and multimedia over IP

services, data layer 3 and layer 2 services

" Reference model in the network operator and communication service

provider (CSP) domain

#

43

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

43

L I Administration Function

(A F)

Lawful

Interception

Mediation

Function

(M F)

H I1

H I2

(

IRI

)

H I3

(

C C

)

INI2

INI3

H I

INI1a

CCCI

L E A Domain

CSP Domain

CCTI

Intercept Related

Information

Internal Interception

Function (IRI-IIF)

Content of

Communication

Internal Interception

Function (CC- IIF)

Content of

Communication

Trigger Function

(CCTF)

INI1b

INI1c

Law

Enforcement

Monitoring

Facility

Authorisation

authority /

Law

Enforcement

Agency

(TS 102 232-xx)

Reference model for LI in IP networks

(

TR 102 528)

44

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

44

Handover of LI via IP Networks (step 3)

q

ETSI TS 102 232 part 01 (formerly TS 102 232)

Delivery of IP based interception

" General aspects of handover for HI2 and HI3

(as defined by TS 101 671) where the underlying transport system is
based on the Internet Protocol stack.

" Modular approach used for specifying IP based handover interfaces
" Header(s) to be added to IRI and CC sent over the HI2 and HI3

interfaces

" Protocols for the transfer of IRI and CC across the handover

interfaces

" To be used in conjunction with other deliverables that define the

service-specific IRI data formats

" Protocol is defined according ASN.1 description

ITU-T Recommendation X.680 (Abstract Syntax Notation One)

45

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

45

q Generic header information to be added to HI2 and HI3 traffic

" LIID
" Authorization country code
" Communication Identifier
" Sequence number
" Timestamp
" Payload direction
" Payload type
" Interception Type
" IRI record type (Begin, Continue, End, Report)
" ...

Generic header information

(TS 102 232-1)

46

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

46

IP service-specific details (applications)

q

ETSI TS 102 232 part 02 (formerly TS 102 233)

Service-specific details for

E-Mail

Services

" Description for handover of E-mail messages; MTP, POP3, IMAP4

q

ETSI TS 102 232 part 03 (formerly TS 102 234)

Service-specific details for

Internet Access

Services

" Handover of Internet Access Information and TCP/IP info; DHCP, RADIUS

q

ETSI TS 102 232 part 04 (formerly TS 102 815)

Service-specific details for

Layer 2

Services

q

ETSI TS 102 232 part 05

Service-specific details for

IP Multimedia

Services

" Based on SIP and RTP, and services described by ITU-T H.323, H.248

q

ETSI TS 102 232 part 06

Service-specific details for

PSTN/ISDN

Services

q

ETSI TS 102 232 part 07

Service-specific details for

Mobile

Services

47

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

47

TS 102 232 IP HO Family

TS 102 232 part 01

Generic Headers

part 02

part 03

SSD

for

Internet

Access

Services

SSD

for

E-mail

Services

Handover manager

Delivery session

Transport layer

Network layer

Delivery network

part 04

SSD

for

Layer 2

Services

part 05

SSD

for

IP

Multimedia

S

ervices

SSD

for

PSTN/

ISDN

Services

part 06

SSD -> Service-Specific Details on top

Application

Presentation

Session

Transport

Network and

below

part 07

SSD

for

Mobile

Services

48

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

48

SIP

Server

Interception

Function

SBC

switch + (SPAN)

MGW

MGW

RG

2) All rtp is copied to the LI Switch and if needed to the IF

3) If needed rtp to be intercepted (local SBC traffic) is

copied from the SBC to the Interception Function

rtp

SIP

rtp

1)

All SIP messages are copied over SPAN ports (or via
mirrors) via the LI Switch to the Interception Function

SBC

rtp

cmd

CC

LI

Switch

Management

System

Law

Enforcement

Monitoring

Facility

Administration

Function

Mediation

Function

SIP

IRI

3

1

1

2

2

LI possibility on a VoIP platform

Authorisation

Authority /

Law

Enforcement

Agency

Warrant

3

HI

TS 102 232-xx

49

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

49

ETSI TR 102 503

ASN.1 Object Identifiers in
Lawful Interception
Specifications

ASN.1 Object Tree for LI

identified-organization (4)

dod (6)

itu-t (0)

member

-body (2)

iso (1)

root

etsi (0)

securityDomain (2)

lawfulIntercept (2)

fraud (1)

ts101909 (1909)

en301040 (1040)

part20 (20)

three-GPP (4)

li-ps (5)

him (3)

hi3 (2)

hi2 (1)

hi1 (0)

subpart (2)

subpart (1)

specific version

internet (1)

private (4)

enterprise

(1)

cable-Television

Laboratorie

s-Inc (4491)

clapProject (6)

clapProjPacketCable (2)

pktcLawfulIntercept (5)

identified-organization (3)

pcesp (1)

US (840)

tia (113737)

laes (2)

tr45 (0)

j-std-025 (0)

ETSI domain

t1 (1)

T1-678 (0)

ETSI/TC TETRA

ETSI/TC AT

3GPP/SA3-LI

ETSI/TC LI

ETSI/TC LI

ATIS PTCS LEAS

50

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

50

LI specifications in 3GPP (UMTS)

q

ETSI TS 133 106 (3GPP TS 33.106)

Lawful interception requirements

" provides basic interception requirements
" partly based on ETSI TS 101 331

q

ETSI TS 133 107 (3GPP TS 33.107)

Lawful interception architecture and functions

q

ETSI TS 133 108 (3GPP TS 33.108)

Handover interface for Lawful Interception

51

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

51

NGN Lawful Interception

q

ETSI TS 187 005 (TC TISPAN)

NGN Lawful Interception; Lawful Interception functional entities,
information flow and reference points

" Specification is developed in cooperation between

TC TISPAN WG7, TC LI and 3GPP/SA3-LI

ETSI TS 101 671

LI-

CS

-handover

ETSI TS 102 232-xx

LI-

IP

-handover

3GPP TS 33.108

LI-

3G

-handover

3GPP TS 33.108

InterceptDomain

ETSI TS 187 005

NGN-R1-LI
NGN-R2-LI

ETSI TS 101 331

LI-requirements

LEMF

52

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

52

L*a).s neM)N

q Development of Dynamic Triggering and CCTF Standardisation

" At the moment operators need tailor made integration to keep the

complete service interceptable

" There is a need for rules how the Network is performing Basic LI for

IP related services

" Also rules for triggering between networks are needed
" International Dynamic Triggering might become an issue in the future

53

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

53

Relationships with other bodies

q 3GPP/SA3-LI

(LI for UMTS & GSM)

q ETSI/EP TETRA

(LI for Tetra system)

q ETSI/TC TISPAN

(LI for fixed NGN & fixed IMS)

q ETSI/TC ATTM

(LI for IPCableCom)

q ETSI/TC SES

(LI for satellite systems)

q ETSI/TC PLT

(LI for Powerline Communications)

q National and Regional Law Enforcement Agencies and STC/ILETS
q ATIS/PTCS LAES SC

(T1.678 v1 / J-STD-025-B)

54

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

54

More details on

ETSI/TC LI

can be found on:

http://portal.etsi.or

g/

li/Summary.asp

Chairman TC LI: Peter@lawfulinterception.com

Peter@DataRetention.eu

55

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

55

56

Track 3 ! 4 June 2009, Prague; ETSI/TC LI activities on Retained Data and Lawful Interception

56