decision group inc.. decision group monitoring center solution on internet access for lea or...
DESCRIPTION
A legally sanctioned official access to private communications of specific targets through – telephone calls – messages – … A security process: through which a communication service provider collects and provides law enforcement with intercepted communications of private individuals or organizations. What is Lawful InterceptionTRANSCRIPT
DECISION Group Inc.
Decision Groupwww.edecision4u.com
Monitoring Center Solution on
Internet Access for
LEA or Intelligence
• A legally sanctioned official access to private communications of specific targets through– telephone calls– e-mail messages– …
• A security process: through which a communication service provider collects and provides law enforcement with intercepted communications of private individuals or organizations.
What is Lawful Interception
What Challenges to Current LIBased on old telecom network of voice analog technology
without support of new IP technology All batch job task without quick response to immediate
events LI result report acquired one or two days later because of
batch processing tasksOnly on voice and email without on the scope of many
other popular online services Cyber crime rings rely on 60% on voice and email and 40% on other social media, instant message, and interactive tools…
Current Out-of-Date LI Technology cannot Mitigate the Risk of Attacks from Crime Rings
For both Telecom and Network Environment
Compliant with ETSI or CALEA Standards
Getting IP packet data stream from Telecom and Internet
Service Providers
Decoding as many protocols as possible
Data retention capability for long term tracking and
reporting
Easy to deploy and manage with high security control
New Criteria for LI
Scenario and Actors for LI
target
Correspondent
Handover interface
Interception interface
Regulators
Service Providers
Mediation Vendors
Collection Vendors
Interception Vendors
Monitor
ETSI Lawful Interception Model
LEMF
NetworkInternalFunctions
Intercept related information (IRI)
Content ofCommunication (CC)
Administration function
IRI Mediation function
Content Mediationfunction
IIF
INI
HI1
HI2
HI3
IIF: Internal interception FunctionINI: Internal Network Interface
HI1: Administraive InformationHI2: Intercept Related InformationHI3: Content of Communication
NWO/AP/SvPDomain
Interception Vendors
Mediation Vendors
Collection Vendors
LI Plane @ LEALI Plane @ ISP
Court
Investigator
Crime Investigation Cycle with LI
Interception & Filtering
Delivery
Target Provision
Warrant Management
Decoding &
ReconstructionDeep Content Deep Content
InspectionInspection
Presentation
GSNGSN
Core RouterCore Router
BRASBRAS
AAA
IP Data -Control Plane-User Plane
Wired IAS Passive Interception
Wired IAS Active Interception
Wireless 3G Passive Interception
iMonitor (I)Warrant Management - Target type
• ISP account(RADIUS), • CPE MAC address(RADIUS), • MSISDN(Phone Number)
- Warrant/Target life cycle management • Quest for the target context• Set start-time and end-time for the warrant /target • Suspend receiving data for time-out warrant/target
LEMF interface- ETSI TS 102 232-1/2/3- DG proprietary interface
Warrant Managemen
t
PresentationDecoding
&Reconstruction
Deep Content Inspection
iMonitor (2)Decoding and Reconstruction
- Receive data through handover interface - Protocol decoding and reconstruction
• Instant Message: MSN messenger, Yahoo messenger, Facebook IM…• Mail: POP3, SMTP, web mail• VoIP: SIP, H.323, RTP, Codec(G.711/G.729)• Social Network: Facebook, Plurk, Twitter, Youtube… • Other common protocols: HTTP, Telnet, FTP, ….
- Protocol decoding and recognition : Skype, What’s app, LINE…
Warrant Managemen
t
PresentationDecoding
&Reconstruction
Deep Content Inspection
iMonitor Sample: IM -Yahoo, MSN, ICQ, IRC, QQ, GTalk etc…
Content of Facebook, friend list and attached files
iMonitor Sample: Facebook
Whois function provides you the actual URL Link IP
Address
HTTP Web Page content can be reconstructed
iMonitor Sample: HTTP (Web Link, Content and Reconstruction)
iMonitor Sample: HTTP Upload/Download
iMonitor (3)
Deep Content Inspection- Advanced and fast keyword search on reconstructed content- Identity link and communication link discovery
System Capacity - 400Mbps - Max number of provision targets: 20000- Max number of inspector: 20
Server Hardware(recommended) - HP DL380
Warrant Managemen
t
PresentationDecoding
&Reconstruction
Deep Content Inspection
Alert configured from different service
categories and different parameters such as key word, account, IP etc.
Alert can be sent to Administrator by Email or SMS if SMS Gateway
is available.
Throughput alert function also available!
iMonitor Sample: Alert and Notification – Alert with Content
Complete Search – Full Text Search, Conditional Search, Similar Search and Association Search
Conditional Search
Full Text Search
Association /Link Search
iMonitor Sample: Search – Full Text, Condition, Association