january 23-26, 2007 ft. lauderdale, florida lawful intercept in voip networks manohar mahavadi vice...

January 23-26, 2007• Ft. Lauderdale, Florida

Lawful Intercept in VoIP Networks

Manohar MahavadiVice President, Software Engineering

Centillium Communications Inc.Fremont, California


Lawful Interception – Introduction

• Omnibus Crime Prevention and Safe Streets Act of 1968– Title III legalizes law enforcement wiretaps in criminal investigations

• Foreign Intelligence Surveillance Act of 1978 (FISA)– Wiretapping in advance of a crime being perpetrated

• The Electronic Communications Privacy Act of 1986 (ECPA)– Sets standards for access to cell phones, e-mail and other electronic

communications and transactional records (subscriber identifying information, logs, toll records)

• Communications Assistance for Law Enforcement Act of 1994 (CALEA)– Preserve law enforcement wiretapping capabilities by requiring

telephone companies to design their systems to ensure a basic level of government access

• H.R.3162 (The PATRIOT Act of 2001)– Post 9/11– Expands the scope of Title III wiretaps and FISA to include computer

fraud, abuse, etc.


Lawful Interception – CALEA (U.S.)

• What is CALEA?– Defines the obligations of telecom carriers to assist law

enforcement agencies (LEAs) in electronic surveillance pursuantto lawful authorization

– Requires carriers to design and modify their systems to ensure that electronic surveillance can be performed

– Communications infrastructure should be made wiretap-ready – call forwarding, caller ID, conferencing, etc.

• Progress– The last decade has seen a lot of evolution of regulations backed

by the FBI, FCC, DOJ, DEA– Broadened to cover many new technology solutions such as

push-to-talk, SMS messaging, chat sessions, etc.

• www.askcalea.net for a list of standards• www.fcc.gov/calea


Lawful Interception

• PSTN world wiretapping– Dedicated connection – point-to-point– Dedicated resources for the call duration– Voice routed using mechanical switches or line

connectivity tables– Wiretapping in local loop or at the local exchange

• Packet world wiretapping– Shared transmission medium: Packets contain addresses

not tied to a location – Routing is dynamic and can take multiple paths– Many applications traverse the same transmission path– Decentralized VOP (SBCs, gateways, proxies, routers,

switches, etc.) makes it difficult for wiretapping– Requires cooperation from infrastructure device vendors


Lawful Interception – Terminology

• LAES: Lawfully authorized electronic surveillance• LEA: Law enforcement agency

– A government entity authorized to conduct LAES(FBI, police, DEA, etc.)

• CC: Call content (payload of multi-media packets)• CCC: Call content channel• CII: Call-identifying information or call data (CD)

– Signaling or dialing information that identifies origin, direction, destination or termination generated or received by a subscriber

• CDC: Call data channel


Lawful Interception – Terminology

• IAP: Intercept access point– A point within a telecommunications system or VOP network

where some of the communications or CII of an intercept subject’s equipment, facilities or services are accessed

• Intercept subject: Subscriber whose communications, CII or both have been authorized by a court to be intercepted, monitored and delivered to an LEA

• Associate: The called party in the conversation

• TSP: Telecommunications service provider


LI – Surveillance Model

LawfulAuthorization

Service ProviderAdministration

Law EnforcementAdministration

DeliveryFunction

AccessFunction

CollectionFunction

TSP

LEACII CC

VoPSignaling


LI – Surveillance Model

• Access function (AF)– One or more IAPs

• Delivery function (DF)– CCCs and CDCs

• Collection function (CF)– Collecting and analyzing intercepted communications

• Service provider administration function (SPAF)– Controlling the TSP access and delivery functions

• Law enforcement administration function (LEAF)– Controlling the LEA collection function

• Mediation function (MF)– Presentation of data (CC or CII) to DF

(VoIP→TDM or VoIP → VoIP)


LI – Functional Architecture

CII AF

CC AF

CC MF

CII MF

CC DF

CII DF

Terminal

LEA-CF

LEA-CF

Subject’sDomain

Network’sDomain

LEA’sDomain

VoP Signaling

VoPIAP

IAP

VoP VoP, TDM

VoP/Network Signaling

VoP


LI – Functional Architecture

7

1

CC/CII 7

1

CC/CIIDFApp

CFApp

DeliveryMethod

DeliveryMethod

OSI Stack OSI Stack

A-PDU A-PDU

Delivery Function Collection Function

CCC and CDC should be separate channelsCCC and CDC can share same medium


LI – Intercept Access Points

• Physical locations on the network from where the CC or CII is delivered to delivery function

– Can be in multiple locations– CII and CC IAPs can be co-located

• Call identifying information IAP– CII directly associated with the call

• Management of an existing call between intercept subject and associate(s) (establishing, managing and releasing)

– CII indirectly associated with the call• ServingSystem message: Register or deregister

addressing info

• Call content IAP


- Access Router

- Border Router

VOIP PhoneAlice

VOIP PhoneBob

Bob’s VOIP SPAlice’s VOIP SP

VOIP Conversation

Transport ISP A

Transport ISP B

Transport ISP C

Transport ISP D

R1 R2

Call Setup• VoIP SPs first enable setup• VoIP calls directly take place• Preferred wiretaps – R1 and R2• R1/R2 should be configured to tap• Single SP makes life easier


Courtesy: Ref[1]



• Media gateways

• Session border controllers

• Access routers

• Signaling proxies

• CII and CC are typically delivered over secure channels to LEA


LI on TDM_PKT_CHANNEL

LI - TDM

Enc/Dec

Enc/Dec

DSP NP NP Packetizer

UnPacketizer B

IP Phone

TDM_PKT _CHANNEL

A

LegacyPhone EC

TAP TRAFFIC COMING TO PKT

LI - PKT NP Packetizer

TAP TRAFFIC COMING FROM PKT

NP Packetizer


LI on PKT_PKT_CHNL

Encoder

Decoder DSP

NP Packetizer

UnPacketizer

A IP Phone

Encoder

Decoder DSP

NP Packetizer

UnPacketizer

B IP Phone

Encoder

DSP

NP Packetizer

LI-A

Encoder

DSP

NP Packetizer

LI-B


LI – TDM_PKT_CONF_CHNL

LI Model with Conferencing

Courtesy: [4]


LI – Surveillance Events

• Information events– Call-control related events

• Answer: Call accepted

• Origination: Subject initiated a VoP session

• Release: Session released along with resources

• Termination attempt: Session termination requested

– Signaling events• Dialed digit extraction: Digits dialed after a call is connected

• Direct signal reporting: Signaling from and to intercept subject

• Network signal: Tone or message indicating CII(busy, ringing, etc.)

• Subject signal: Call waiting, forwarding, etc.


LI – Surveillance Events

• Information events– Feature use events

• Change• Connection• Connection break• Redirection

– Registration events• Address registration

• Content events– CCChange: Media characteristics established or modified– CCClose: CC delivery is disabled– CCOpen: CC delivery is enabled– CCUnavailable: Network loses access for the call

under interception


LI Challenges

• Security vs. CALEA requirements– Security ensures privacy, packet integrity, authenticity

and non-repudiation– CALEA requires intercepted packets are not secured– SRTP and secured SIP with end-to-end security

poses challenge– Peer-to-peer VoIP communication with security enabled

prevents interception– Secured traffic needs to be decrypted and re-encrypted

for interception• Security Association termination and re-initiation

– Key distribution or sharing with LEA


LI Challenges

• Channel capacity affected if channel duplication is required

• Design should consider requirements for extra performance

• Should support all call models like Forking, Handoff, etc.

• Should support all codecs in use• Requires additional interface support


References

[1] Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP, Steve Bellovin, et al, June 13, 2006

[2] Electronics Surveillance Needs for Carrier-Grade Voice Over Packet (CGVoP) Service, FBI Document for CALEA

[3] Lawfully Authorized Electronic Surveillance (LAES) for voice over Packet Technologies in Wireline Telecommunications Networks ANSI T1.678.xxxx

[4] 05/2000, TIA/EIA/J-STD-025 Lawfully Authorized Electronic Surveillance, revision A: updated

[5] 09/200, TIA/EIA/J-STD-025 Lawfully Authorized Electronic Surveillance, updated

[6] www.askcalea.net[7] www.fcc.gov/calea

january 23-26, 2007 ft. lauderdale, florida lawful intercept in voip networks manohar mahavadi vice...

Documents