Lawful interception monitoring using distributed architecture for ngn 2


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Lawful interception monitoring using distributed architecture for ngn 2

  1. 1. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN INTERNATIONAL JOURNAL OF ELECTRONICS AND 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEMECOMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)ISSN 0976 – 6464(Print)ISSN 0976 – 6472(Online)Volume 4, Issue 2, March – April, 2013, pp. 129-136 IJECET© IAEME: Impact Factor (2013): 5.8896 (Calculated by GISI) © LAWFUL INTERCEPTION MONITORING USING DISTRIBUTED ARCHITECTURE FOR NGN Munir B. Sayyad1, S.L. Nalbalwar2, 1, 2 Department of E & TC, Dr. Babasaheb Ambedkar Technological University, Lonere, Raighad, India ABSTRACT With major developments in the telecommunication industry recently we have seen a migration towards an all IP network. This leads to the emergence of what is popularly known as the Next Generation Networks (NGN). The migration from the present legacy network to a converged all IP network would require a new approach towards security and lawful interception (LI). LI is the legally sanctioned official access to private communications, such as telephone calls or e-mail messages. LI for NGN has been a great concern to the Law Enforcement Agency (LEA). In this paper we propose a distributed architecture for LI in NGN. The proposed architecture suits today’s multi service provider network. We also discuss implementation of LI in heterogeneous network using an example of call flow for a SIP to H323 call. Keywords: Lawful Interception, NGN, Distributed Architecture, SIP, H323 I. INTRODUCTION It has been a long time since the days when telecommunications was dependent on fixed PSTN networks, the only kind of communication payload transported was a 64kbps voice, where interception was possible at any point between the ends, and a simple solution was sufficient to monitor a circuit-switched networks. Today where ever you go the network follows in other words we have a ubiquitous packet switched network. The packet switched network is far more complex and deliver a wide range of services other than just voice. Data services multimedia services and other value added services form a greater part of the pay load. Monitoring these vast ranges of media has been a mammoth task for service providers. The multi vendor network scenario creates a highly complex network topology. 129
  2. 2. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME With increased exploitation of advanced communication techniques for unlawful, malignant and malicious has proved a serious concern for LI of the communication. The challenges faced by service provider to comply by the different LI standards are numerous. Some of them are listed below • Wide variety of IP network link types • Large growing bandwidth and traffic load to monitor • Many application protocols used by different media types. • Multi vendor complex network topology. These were just few from the long list of challenges. The evolution in telecommunication to fixed-mobile convergence will be through the NGN path. NGN would be p multiservice, multiprotocol, multi-access, IP-based networks. Which is secure, reliable and trusted. The NGN framework is set by the International Telecommunication Union–Telecommunication Standardization Sector (ITU-T), especially the NGN Focus Group and European Telecommunications Standards Institute (ETSI) With NGN being a fully converged telecom network it would require a special architecture for deployment of LI system. Unlike the conventional telephone system the all IP network uses an end to end call flow model Moreover the NGN network takes mobility to new levels. The user profile in NGN would be mobile. This would allow the user to use his IP phone number through an host which is connected to internet. These days IP’s are allocated dynamically by the service providers which add to the complexity for LI. The architecture we propose in this paper is a distributed architecture. Distributed architecture has an advantage of reducing the load of processing from a single system, increase system reliability, efficiency and scalability. All this advantages while being able to centrally control administer and monitor from a central identity. Section II of the paper describes the requirement of NGN and its structure. Section III presents the proposed distributed architecture and its diagram. With an example of LI in SIP-H323 call flow we discuss the implementation of the proposed architecture in section IV. Section V summarizes the advantages and limitations of the proposed architecture and concludes the paper. II. NEXT GENERATION NETWORK As per the definition provided by ITU-T[1] “ A next generation network (NGN) is a packet based network able to provide services including Telecommunication Services and able to make use of multiple broadband, Quality of Service enabled transport technologies and in which service related functions are independent from underlying transport related technologies. It offers unrestricted access by users to different service providers. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users.” In other words NGN implies to a convergence of all the networks built to provide different services into a network with a single core built over IP . It implies to an all IP network. 130
  3. 3. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME The NGN is built over a horizontally integrated layered model unlike the old vertical layer network model. It is modelled to provide point to point, point to multipoint, multipoint to multipoint connection. It can be broadly described by two horizontal layers NGN service and NGN transport layer. Figure 1: NGN layered structure[2] NGN would interconnect with the existing networks and keep existing investment safely through devices such as the gateway. At the same time, it would also support the IP intelligence network terminals, including simulated telephone, electrograph, ISDN terminal, mobile phone, GPRS terminal, SIP terminal, H248 terminal, MGCP terminal, Ethernet telephone through the PC, video phone, the cable modem and so on. NGN would be a holistic converged network that would support all the services of yesterday and add number of new services. NGN ecosystem [2] can be stated briefly as • Next Generation Services – Converged (quad-play-voice, data, video, mobile) • Next Generation Access – High speed (Broadband) IP based connectivity (ADSL, VDSL, Wi-Max, Cable TV, FTTH, PLC) • Next Generation Transport – Carrier Ethernet, IP-MPLS • Next Generation Architecture – Service oriented (SOA), layered (transport, control, application) • Next Generation Mobile – 3G+ (B3G) • Next Generation Internet – IPv6 • Next Generation Interconnect – Capacity and Quality based • Next Generation Licensing – Unified • Next Generation Regulation – Converged, light handed It can be seen very clearly from the NGN ecosystem that it would require a new security mechanisms and architectures for lawful interception. In the next section we propose a distributed architecture. 131
  4. 4. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME III. DISTRIBUTED ARCHITECTURE FOR LI There have always been two types of basic architecture, centralized and distributed both of them having there unique advantages. Distributed architecture is preferred when a system is to be deployed for a heterogeneous network with huge data and signalling load. A distributed architecture distributes the labour of computation from a single device while providing a administrative control from the central entity. The proposed architecture is hierarchical architecture. We have a central LI entity (CLIE) that would connect to the LEA and perform administrative functions. Intermediate level entities (ILIE) would connect to different ISP’s. Intermediate level would also have a collection and storage function.All the ILIE functions would have a direct link connection with the CLIE. ILIE are supported by the base LI entities (BLIE). BLIE are employed at each of the gateways of existing network of the service provider the BLIE would monitor the payload as per the request from its superior entity. Figure 2: Distributed architecture diagram The distributed architecture would also distribute the responsibilities and functions to different entities. The functions of each entity in this architecture would be • Central LI entity: 1. It connects to the LEA. It is the only point for human interface. 2. It has a central data storage server 3. It resolves the target based on location and ISP 4. It issues warrants to ILIEs for interception. 5. Filters the information that has to be provided to LEA 6. Monitoring of the subordinate entities. • Intermediate LI entity: 1. It resolves the target into the type of network used. 2. Issues warrants for LI to BLIE 3. Has a storage intermediate storage function 4. Provides a direct secure link to the CLIE 132
  5. 5. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME • Base LI entity: 1. Monitors the target. 2. Copies the RTP packets 3. Decrypts the encrypted packets 4. Provides deep packet investigation 5. Provides a secure link to ILIE Each entity would be connected to other through a secure link and monitored by its superior entity. The structure would completely remove the scope of breech by human interface as it is completely secure with no involvement of any human being at all levels. The system is administered by strict system policies and firewalls. The intercept related information (IRI) is kept at two places one at the ILIE and CLIE. Location information is also stored with the other IRI. As per the requirements multiple public identities on different network can be intercepted together using this system. In the next section the working of this system is explained using a internetwork call flow. IV. WHAT HAPPENS DURING LI OF SIP TO H323 CALL In this section we would discuss step by step processes taking place when SIP user agent (UA) – target for LI calls a H323 endpoint. Figure 3: SIP to H323 call Setup During an internetwork call the call passes through a internetworking function (IWF) also referred as call management system (CMS) in general. In any type of internetworking call IWF is the most important element for successful call setup. IWF translates the requests in the form that is acceptable by the other end point. During a call from SIP UA to H323 end point INVITE of SIP is translated to SETUP, 180 RINGING to ALERTING, 200 OK to ACK, SDP to H345 for negotiation of parameters. 133
  6. 6. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME Figure 4: Call flow for LI during SIP to H323 call Step1: LEA gets the court orders for LI of the SIP target and provides it to the CLIE. There must be proper legislation for what kind of IRI is to be provided. Who is authorized to issue warrants for LI etc. to prevent the misuse of the system and ensure privacy of the citizens. Step2: Depending upon the target information received and the IRI requested CLIE resolves the target address to find the service provider and its location. It issues warrant to ILIE to monitor the target. Step3: ILIE further resolves the target address into its network types and issues a warrant to BLIE. BLIE keeps on monitoring the target – here a SIP UA. 134
  7. 7. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME Step4: SIP UA attempts to make a call it sends an INVITE message to the IWF . Step5: IWF sends the information of the address that the target is attempting to call to the BLIE Step6: BLIE forwards the information to ILIE. Step7: ILIE forwards the information to CLIE. Step8: CLIE resolves the address that the target is attempting to communicate with and issues warrants to the ILIE in the regeion of called part. In our case an H323 End Point. Step9: ILIE issues warrants to the BLLI. Step10: BLIE sends ACK to ILIE. Step11: ILIE sends ACK to CLIE. Step12: IWF sends SETUP request to H323 EP. Step13: H323 EP sends ACK to IWF. Step14: IWF sends 200 OK to the SIP UA. Step15: SIP UA sends SDP request for negotiation of resources. Step16: IWF sends H245 to H323 EP. Step17: Accepts the requirements and sends a media. Step18: The BLIE copies the media packets and forwards them to ILIE Step19: ILIE forwards the RTP packets to CLIE. Step20: H323 EP sends RTP packets to SIP UA. Step21: SIP UA attempts sends RTP packets. Step22: The packets are copied by BLIE and forwarded to ILIE Step23: ILIE stores forwards the RTP Packets to CLIE Step24: SIP UA sends the RTP packets to H323 EP. Step25: CLIE sends the IRI requested using a secure link. The call termination is not shown in the figure but takes place in the same manner as the call setup. In the proposed process the RTP packets are copied at both the end terminals. This would prevent any tempering of data and ensures authentic and accurate data delivery for LI. It even makes decryption process fast and accurate. The collection function at BLIE also filters the data packets for deep packet investigation. It can be noticed that all functions or entities can communicate only to their superior or subordinate entity. The policies for communication between the entities can be set as per the legal requirements through CLIE. V. CONCLUSION This paper proposes distributed architecture for LI in NGN. The proposed architectures have many unparallel advantages like it has no human interface except at the CLIE so there is chances of breech due to human factors are minimized to zero. The architecture is best suited for a heterogeneous inter network call. It is also general model which caters the service for LEA having targets in multiple Service Providers. In the process proposed for a call we have suggested coping storing of RTP packets at two places making it system data protected at two separate places. Each entity connects with other over direct secure lines which are not part of the network. This also provides high speed secure connectivity between the entities reducing the delay. This model can be scaled up to support more data without any basic change in architecture. Finally the hierarchical architecture simplifies the system management and collection. 135
  8. 8. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME Like any other model this architecture also has some limitations and drawbacks. The biggest drawback is it increases the time required for call setup. Devices at different network gateways with have to be installed in the network. This would be a capital burden on the service providers. The model can work efficiently only with strict government legislation and cooperation between the service providers. If these things have been taken care off then the model would provide a accurate and authentic LI in future networks. REFERENCES [1] ITU-T Recommendation General overviewof NGN Y.2001 (12/2004) [2] Satya N GuptaEmergence of next generation networks (NGN) – Regulatory and Security Challenges, BT global services [3] F Baker, B Foster, C Sharp RFC- 3924 Cisco Architecture for Lawful Interception in IP networks, Cisco Systems, October 2004 [4] AndroMilanoviC, SiniSaSrbljid, Ivo RainjeviC, Darryl Sladden, Daniel Skrobo, and Ivan MatoSeviC.Distributed Architecture for lawful interception in VoIP networks, Ljubljana solvania,Eurocon 2003 [5] The Cisco Service Independent Intercept Architecture Version 3.0, Cisco System Inc, 2007 [6] Tatiana Kovacikova, PavolSegec, NGN Standards Activities in ETSI,Slovakia [7] ZohrehAyatollahi - SaeedeSarukhani - FatemehFayazi - Zahra AskaryRoknabady - AfsaneMadaniInteroperablity problems in Next Generation Network Protocols, Iran Telecommunication Research Center [8] H. SchulzrinneColumbia University, C. Agboh, RFC4123 - Session Initiation Protocol (SIP)-H.323 Interworking,July 2005 136