dg lawful intercept solution suite
TRANSCRIPT
Product Marketing
Decision Group Inc.
DG Lawful Intercept
Solution Suite
(for ETSI version)
Agenda
❖ Lawful Intercept Operation
❖ DG LI Solution Suite
▪ iMediator
▪ EDDM
▪ iMonitor
▪ iMedia Gateway
▪ HTTPS Interceptor
❖ Training Programs and Services
❖Conclusion
2
Lawful Interception
❖Lawful Interception is the authorized operation of law enforcement authority taking on the telecom networks in the definite period for the purpose of crime investigation by the warrant order from court based on law
❖There are 2 domains for LI deployment and operation based on ETSI standard:
▪ Telecom service provider domain: target traffic intercept service with data access and delivery
▪ Law enforcement authority domain: data collection and law enforcement management facility (LEMF)
3
LI Framework
4
ETSI Compliance
➢ ETSI ES 201 153 for Network Framework Definition,
➢ ETSI ES 201 671 for Handover Definition,
➢ ETSI TR 101 973 for Generic LI Network Requirement,
➢ ETSI TS 101 331 for Requirement of LEA,
➢ ETSI TS 101 671 for Handover Definition,
➢ ETSI TS 102 232-1 for Handover of IP Delivery,
➢ ETSI TS 102 232-2 for Handover of eMail Services,
➢ ETSI TS 102 232-3 for Handover of Internet Access,
➢ ETSI TS 102 232-4 for Handover of Layer 2 Services,
➢ ETSI TS 102 232-5 for Handover of IP Multimedia Services.
➢ 3GPP TS 33.107 for Handover Definition of Mobile Network
➢ 3GPP TS 33.108 for Handover of IP Delivery on Mobile Network
5
DG LI Solutions
❖ iMediator – for lawful interception operation as mediation platform
❖ iMonitor – for warrant administration process to TSP network center and monitoring system in LEA Monitoring Center
❖ EDDM – for lawful interception operation as content reconstruction
❖ iMedia Gateway – for lawful interception operation on circuit switch
❖HTTPS-Interceptor – 2 types of HTTPS Interception Solution for LAN (forward proxy) and Telecom networks –ED2S (transparency proxy)
❖DG LI Lab Similation Set – For LEA LI System PoC and Planning
6
Objective of LI LAB
❖Operation model of lawful interception operation recognition for police officers
❖Training model of lawful interception operation practice for police officers
❖Reference model of real LI planning and deployment for both police officer and telecom service operators
❖It can be set up for Fixed Digital Network or Analog Voice Network
7
Simulated LI Lab
8
❖ Monitor first sends the target ID to the warrant management module of iMonitor system.
❖ iMonitor system will send the target request (HI1) to iMediator.
❖ iMediator sends requested ID (X1) to Radius system for monitoring target.
❖ Tester first tries to access Internet through RAS.
❖ RAS will send access request to Radius system for authentication.
❖ Radius approves access request, sends it back to RAS, and notifies iMediator for such request (X2).
❖ RAS sends to DHCP for IP assigning and notifies Radius with newly assigned IP. Radius will send IP to iMediator (X2). In the meantime, iMediator sends IP to both core switch and HTTPS Cache system for content traffic interception of target ID.
❖ Tester accesses Internet through core switch, DNS and Router of the network system.
❖ HTTPS Cache system sends HTTPS traffic of target ID to iMediator (X3).
❖ Core Switch sends non-HTTPS traffic of target ID to iMediator (X3).
❖ iMediator will send all target provision (HI2) and content data (HI3) back to iMonitor after correlating both intercepted X2 and X3 data.
❖ All HI3 data will be sent to Protocol Analyzer for content reconstruction process.
❖ The reconstructed data will be linked with all provision (HI2) data in iMonitor.
❖ Investigator can check out intercepted internet access record through iMonitor system.
9
iMediator
❖ Support Cluster Configuration Deployment for HA requirement
❖ The network interface (X) of iMediator to ISP network devices supports the below LI module interfaces–
▪ Alcatel Lucent
▪ Juniper
▪ Ericsson
▪ Cisco
▪ …etc
❖ Works for data intercept based on warrant order and data delivery to LEA
❖ Provides Web Service calls for customer warrant management
❖ Decision Group provides customized service for new LI module interface in order to meet customer requirement
❖ Work with Fixed and Mobile Networks(LTE and 3G)
10
iMonitor-EDDM
❖ All data will be input and processed based on Case ID from iMonitor system
❖ FTP server and client services launched
❖ Data will be decoded, correlated and reconstructed based on protocol type
❖ Work as Warrant System for Frontend LEA LI data processing
❖ Lawful Enforcement Management Utility• Data Scoping
• Full Text Search
• Primary Link Analysis
❖ Functions Provided System Parameter
Configuration and Tuning
Case Management
User Authentication
Backup and Archive Utilities
Statistics of Lawful Interception Operation
Upgrade and Update Task
11
iMonitor
❖ Major function of iMonitor is to send the authorized information to iMediator for fulfillment of lawful interception operation
❖ Upon receiving IRI and CC data from iMediator, it will take action to correlate both data based on case ID
❖ iMonitor will send correlated data to EDDM for content reconstruction and data lookup
❖DG iMonitor system is a prototype platform for client to customize based on state act or regulation and internal LEA procedure
❖Decision Group also provides customized service to develop it for customer requirement
12
iMedia Gateway
For Regular Lawful Interception
❖ As X3 or HI3 interface for reception of VoIP stream or SS7/ISUP via T1/E1 line
❖ Convert VoIP stream into voice file (wav format)
❖ Correlate SIP data with HI2 data by iMonitor
For Live Call Lawful Interception
❖ Directly deliver to LEA Center for live call monitoring under iMonitor
❖ Output can be delivered by SS7/ISUP stream via E1/T1 or SIP/RTP to LEA
❖ There are still 3-5 seconds voice delay due to processing
13
HTTPS Interception
❖HTTPS interception will be well performed by Decision Group ED2S Proxy System
❖ED2S Proxy system will work by transparency way with edge router or PDN for HTTPS interception
❖Features of System
▪ ED2S must rely on mediation device for target provision
▪ ED2S, as a HTTPS proxy, is able to handle certificate(s) of single online HTTPS services
▪ ED2S can intercept HTTPS-based mobile APP services
14
Deployment Scheme/Fixed Network
15
HTTPS Broker
*Process specified by sequence number
Intercepted Data
Returned HTTPS
Intercept Command
Warrant Order
Data Review
PDN-GW
ED2S
iMediator
Mobile Operator
GSN/SGW
R – intercept request
X1 X2
③
④
Target
HTTPS Traffic
⑥
⑦Decoded HTTPS
Metadata Traffic
R
R X3
⑤
⑧
⑨②
⑩
Target 2
Target 1
④
⑦
⑩
⑪
iMonitor
Data RetentionManagement System
LEA Monitoring Center
Investigator
①
⑫
EDDM
⑬
⑭Data Archiving
Internet
④
⑦
Data
Decoding &
Reconstruction
⑮
LI Network Scheme – Mobile Networks
*Process specified by sequence number
Intercepted Data
Returned HTTPS
Intercept Command
Warrant Order
Data Review
officer
17
LI Network Scheme – CS Networks
IGW
SBC
Mediation
Device
Telecom Operator
Telephony Center
iMonitor
Controller
iMedia Gateway
LEA Monitor Center
Data RetentionManagement System
Investigator
For Lawful Interception on VoIP,
SS7/ISUP Signaling in 3G, IMS and TDM
networks
Advantages of DG LI Suite
❖ Full Spectrum of Product Portfolio from Mediation Device to LEMF
❖ For LI on both Fixed and Mobile Networks
❖Compliance with ETSI and 3GPP Standards
❖Getting Target IRI and CC data from Telecom and Internet Service Providers
❖Decoding 140+ protocols as well as 40 mobile protocols
❖Handling HTTPS intercept and decoding
❖Data retention capability for long term tracking and reporting
❖ Easy to deploy and manage with high security
18
Flexible Interactive, Real-time Analysis, Adaptive Solution
Advantages of DG LI Suite
❖Legacy PSTN devices support
▪ Analogy telephony tapping
▪ DTMF detection
▪ T1/E1 support
▪ Digitalize analog signal to VoIP, PCM or MP3
▪ Caller’s ID identification with the one from PTSN
19
In order to keep up with fast-changing lawful interception technology on digital networks, we deliver the most updated content of LI framework, global standards, Decision Group LI solution suite and deployment methodology for LEA staffs, SI engineers, project managers and technical consultants.
Topic Includes
➢ Framework of Lawful Intercept
➢ ETSI and CALEA standard
➢ Deployment in different telecom networks
➢ Decision Group Lawful Intercept Solution Suite
➢ Data Analysis and Evidence Admissibility
➢ Case Study
Lawful Interception Training
Associated LI Training Programs
Network Packet Forensic Analysis TrainingThis 3 day course utilizes the knowledge of computer security concepts together with switched network topologies and gives students hands on practical exposure to critical knowledge base essential for network forensic investigation and analysis
Cyber Crime Investigation Training
In this 5 day course, several experienced speakers from National Taiwan Central Police University and Taiwan CIB will deliver the nature of cyber crime, investigation skills and the legal procedure on cyber criminal, digital data analysis, and participants can learn the lesson of real cases from experienced investigators and experts in panel discussion session.
21
What We Provide
❖Solid Consulting and Delivery Services: ▪ Clear objectives▪ Appropriate surveillance
systems▪ Vulnerability assessment▪ Deployment plan▪ Legal procedure▪ Data analysis/text
mining
❖Extensive Training Programs:▪ Train-the-trainer▪ Law enforcement
officials and prosecutors▪ Administrators
❖Future Development Plan: ▪ Technology update and
upgrade▪ Technical skill shift▪ Integration with backend
warrant and lawful interception data analysis system
Conclusion
❖ Lawful Interception is fast-changing operation for both Telco and LEA because of emerging all IP telecom networks deployed.
❖Decision Group has lot of Self-developing turnkey Solutions, Technologies, and Product Plan for requirement in current lawful interception demand.
❖Fully meeting customer requirement and expectation is the top priority for Decision Group talented team
❖Good references and globalized services in different countries
24
