richard gurdak international development blue ridge networks service providers and lawful intercept

Richard GurdakInternational DevelopmentBlue Ridge Networks

Service Providers and Lawful Intercept

©2008 Blue Ridge Networks. All rights reserved.

2

Business Demands for Computing• Authorized access to any data, anywhere, anytime.• Networks utilizing more business friendly technologies

such as 3G, 4G, WiMaX , Virtual Ethernet Networks and network components which can compute at increasingly faster speeds will exceed the past benefits of computer technology.

• These technologies produce flexibilities and efficiencies which organizations, both network providers and customers, use to provide more solutions with minimal growth in Network Capital.


Do More with Less• Over the past 20 years the performance of the

PC has increased over 600 Fold (from 6 MHz to 4.0 GHz) while energy consumed by the system is largely unchanged.

• Since the transistor was introduced 40 years ago the size has been reduced by 104, power consumption by 105 and costs reduced by over 109

3


4

PC Hard Disc Capacity

1.00E-06

1.00E-05

1.00E-04

1.00E-03

1.00E-02

1.00E-01

1.00E+001985 1995 2005 2015

Wat

ts p

er M

IPS


Exponential Growth

5


6

Wireless Data Device Price Performance

• Like getting 3 million miles per gallon.

1

10

100

1000

10000

100000

1990 1995 2000 2005

Bits

/sec

/$


7

Storage Media Price Performance

• Store the Library of Congress collections for $1,000.

1.00E+04

1.00E+05

1.00E+06

1.00E+07

1.00E+08

1.00E+09

1.00E+10

1.00E+11

1980 1985 1990 1995 2000 2005

Bits

per

$


8

The Universal Business NetworkInternet Backbone Bandwidth

1.00E+04

1.00E+05

1.00E+06

1.00E+07

1.00E+08

1.00E+09

1.00E+10

1.00E+11

1985 1990 1995 2000 2005

Bits

Per

Sec

ond


9

Any to Any

• Now 10,000,000,000 times more valuable!!!

Internet Hosts

1.00E+03

1.00E+04

1.00E+05

1.00E+06

1.00E+07

1.00E+08

1.00E+09

1985 1990 1995 2000

Hos

ts


10

Network Security and Lawful Intercept• Responsibility to meet LI Requirements

– Local Communications Provider working with the Law Enforcement Agencies (LEAs)

– Complexity increased by technology (Mobile, VoIP, Encryption)– Almost all countries have LI requirements and have adopted

global LI requirements and standards developed by the European Telecommunications Standards Institute (ETSI) organization. In the USA, the requirements are governed by the Communications Assistance for Law Enforcement Act (CALEA).

• Overlay/Service/Network Manufacturers– No LI Requirements, but practical considerations

http://en.wikipedia.org/wiki/ETSI

http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act


11

Risks associated with LI• LI systems may be subverted for illicit

purposes. (Greece 2004)

• Access Point created for gaining private information.

• Malicious or inadvertent loss of data


12

Trust as a foundation• Customers (ISPs, Telcos and end users) use

Network Products because they trust the product will deliver good service at a competitive price

• Network Security products add Trust to the expectations.– Obligation of the Network device/service

manufacturer is to create the best, most secure, product. Meeting LEA requirements is the responsibility of the Licensed Operator in-country.


Blue Ridge• By design, our products do not provide any means of divulging

a traffic encryption key. Not to Blue Ridge, not to end-users, and therefore not to any government. It is not possible with Blue Ridge VPN products to insert a traffic encryption key either. All traffic keys are dynamically generated using a secure Diffie-Hellman key agreement protocol that creates a unique key for each session. No one has been able to propose a robust way of providing a "key escrow" mechanism that does not introduce significant security vulnerabilities for all parties.

• There are no "back door" features in our products.

14


VPN and LI and Blue Ridge• It is Blue Ridge’s position that Lawful Intercept of

traffic over our products or services would be performed at some point in the network where cleartext traffic is naturally available. Our products, and other VPN/Security products, can be configured to provide a cleartext intercept point but we have never been asked to do so.

• Even in this event, only the LEA, working via the Local Licensed Provider would be able to perform the intercept. Not Blue Ridge, nor the customer.

15


16

Security Products and Services• Secure Virtual Ethernet Service

– Cost effective private communications over public networks– Supports voice, video and data applications– Works with any carrier broadband services– Available as a fully managed service or supported product

suite• EdgeGuard™ End-Point Risk Mitigation

– Enforcement of enterprise security policy for fixed and mobile Windows computers

– Auditing of policy compliance– Discovery of security related risk factors– Available as a fully managed service or supported product

suite


17

Secure Virtual Ethernet Service• Any-to-any, full mesh, enterprise connectivity• 100% end-to-end security• Unicast and Multicast• Any wired or wireless networks;

– DSL, Cable Modem, E1, etc.– Cell wireless, satellite, WiMax

• Any Data applications and Protocols• Any VoIP applications• Any IP Video applications• Anywhere on the globe


18

SVES Deployment

Regional Office

Branch OfficeRemote workstation

EnterpriseHQ

SVES creates a complete end to end private and secure network on the global Internet.

Internet

Enterprise

Secure Mobile OfficeSecure Mobile Office


19

Why Blue Ridge for Security• A company dedicated to security products and

services for over 10 years.• All products are independently certified for

security features.– Common Criteria– NIST FIPS 140-2 level 2

• No reported vulnerabilities in 14 years of use by demanding customers.

• Currently providing managed security services in 39 countries.


20

Thank You

richard gurdak international development blue ridge networks service providers and lawful intercept

Documents