Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

Lifting the Lid on Lawful Intercept

Download to read offline

Lifting the Lid on Lawful Intercept

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Lifting the Lid on Lawful Intercept

  1. 1. Lifting the Lid on Lawful Intercept Shane Alcock University of Waikato New Zealand shane.alcock@waikato.ac.nz
  2. 2. © The University of Waikato • Te Whare Wānanga o Waikato Introductions ● Research Programmer at the University of Waikato ○ Specialist in packet capture and analysis ○ Most of my work ends up as open source ○ Recently, developing software to assist with lawful intercept ● Unlike other LI experts... ○ I don’t work in law enforcement ○ I don’t work for a commercial LI vendor ○ I can be much more transparent about the LI process
  3. 3. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) ● Legal and authorised interception of telecommunications ○ Mandated by governments ○ Aim is to investigate or prevent criminal activity ● Requested by Law Enforcement Agencies (LEAs) ○ Police, Intelligence Services, National security agencies ● Actioned by network operators
  4. 4. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) ● Targeted at a specific user ● Supported by a lawfully issued warrant ● Severe penalties for failure to comply ○ Be prepared ahead of time!
  5. 5. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) LEA Network Operator Warrant
  6. 6. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) Warrant Configuration LI System
  7. 7. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) Warrant LI System Configuration AAA SIP IP
  8. 8. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) Warrant LI System Configuration AAA SIP IP Meta-data (IRI) Communication Contents (CC)
  9. 9. © The University of Waikato • Te Whare Wānanga o Waikato Standards ● Two widely recognised standards for LI ○ CALEA / ATIS: used in USA ○ ETSI: used almost everywhere else ● Not as simple as just sending a pcap to the LEA! ○ Standards ensure the intercept can withstand scrutiny in court
  10. 10. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Intercepted traffic must be streamed to LEAs in real time ○ Encrypted TCP sessions over public Internet ○ Closed physical connections for very sensitive intercepts
  11. 11. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Two separate handovers ○ Separate encrypted TCP session for each handover ○ One handover for meta-data ○ One for intercepted communications / packets
  12. 12. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Custom record format to label and sequence recorded data ○ Unique LIID provided by the LEA ○ Each session or call must also have a unique CIN ○ Sequence numbers per CIN to identify lost data ● Format is defined by many pages of ASN.1
  13. 13. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● All communication by a target must be delivered to the LEA ○ No packet loss allowed ● Protect privacy of other network users ○ No interception of traffic for anyone other than the target
  14. 14. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Target cannot detect that the intercept is taking place ○ Communication must continue uninterrupted ○ No noticeable changes in routing or latency
  15. 15. © The University of Waikato • Te Whare Wānanga o Waikato OpenLI ● Open source software for ETSI-compliant LI ○ Designed and maintained by me (mostly) ○ Low cost alternative to buying solutions from an LI vendor ○ Runs of Linux + commodity server hardware ○ Target audience: smaller operators ○ Deployed in production by operators in NZ ○ Can convert some network vendor LI formats into ETSI https://openli.nz
  16. 16. © The University of Waikato • Te Whare Wānanga o Waikato IP Lawful Intercept with OpenLI Warrant REST API Requests AAA SIP Meta-data (IRI) Communication Contents (CC) OpenLI Provisioner OpenLI Collector OpenLI Mediator Intercept InstructionsAgency Details Intercepted Data
  17. 17. © The University of Waikato • Te Whare Wānanga o Waikato OpenLI ● Multiple collectors can be distributed throughout a network ○ One per BNG or customer aggregation point ● Collector uses AAA protocols to determine target IP ○ Only intercepts packets for that session ○ Tracks dynamic IP changes ● Mediator is the only external-facing component ○ Makes outbound connections to the LEAs
  18. 18. © The University of Waikato • Te Whare Wānanga o Waikato Alternatives ● Specialist LI vendors ○ Many companies offering LI solutions to choose from ○ Costs will be high and ongoing ○ Commercial-grade support ○ Provisioning and mediation included in the system ○ Good option for large carriers with money to spend
  19. 19. © The University of Waikato • Te Whare Wānanga o Waikato Alternatives ● LI licenses for networking hardware ○ Cisco, Juniper, Nokia, etc. ○ Can be used for the collection phase ○ Still require a third-party mediator, as output is not ETSI compliant Image credit: Jim Bryson
  20. 20. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Determine the LI standards that apply to your network ○ Enquire with the relevant LEAs ○ Is the ETSI standard required? ○ Choose a vendor that meets the required standard
  21. 21. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Security of your LI platform ○ LI is very sensitive infrastructure ○ Some vendors may not be allowed in your region ○ Also consider if you trust certain vendors ○ Internal security plan ○ Control access to the LI provisioning system ○ Audit logs of intercepts created and halted
  22. 22. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Budgeting ○ Who pays for the LI equipment and software? ○ Who pays for support and maintenance? ○ Account for time to learn, integrate and validate LI system
  23. 23. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Testing and validation ○ How do you confirm that the LI system is working? ○ Internally -- is there a validation mechanism available ○ Coordination with LEAs to test production system ○ Plan for regular monitoring to detect disruption
  24. 24. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Upkeep and support ○ LI systems will require continuous maintenance ○ Adapting to new technologies, e.g. 5G ○ Updating to conform to changes in standards ○ Again, who pays and what is the budget?
  25. 25. © The University of Waikato • Te Whare Wānanga o Waikato Interested in OpenLI? ● Learn more: ○ https://openli.nz ○ https://github.com/wanduow/openli ○ Email: openli-support@waikato.ac.nz ● I would love to learn more about the LI situation here ○ Public information is scarce ○ Allow me to ensure OpenLI is compliant with LEA requirements ○ Conversations would be off the record
  26. 26. © The University of Waikato • Te Whare Wānanga o Waikato Thank you! ● Questions?

Lifting the Lid on Lawful Intercept

Views

Total views

149

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

5

Shares

0

Comments

0

Likes

0

×