More Related Content
Similar to Lawful interception monitoring using distributed architecture for ngn 2
Similar to Lawful interception monitoring using distributed architecture for ngn 2 (20)
More from IAEME Publication
More from IAEME Publication (20)
Lawful interception monitoring using distributed architecture for ngn 2
- 1. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
INTERNATIONAL JOURNAL OF ELECTRONICS AND
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)
ISSN 0976 – 6464(Print)
ISSN 0976 – 6472(Online)
Volume 4, Issue 2, March – April, 2013, pp. 129-136
IJECET
© IAEME: www.iaeme.com/ijecet.asp
Journal Impact Factor (2013): 5.8896 (Calculated by GISI) ©IAEME
www.jifactor.com
LAWFUL INTERCEPTION MONITORING USING DISTRIBUTED
ARCHITECTURE FOR NGN
Munir B. Sayyad1, S.L. Nalbalwar2,
1, 2
Department of E & TC, Dr. Babasaheb Ambedkar Technological University, Lonere, Raighad,
India
ABSTRACT
With major developments in the telecommunication industry recently we have seen a
migration towards an all IP network. This leads to the emergence of what is popularly known
as the Next Generation Networks (NGN). The migration from the present legacy network to a
converged all IP network would require a new approach towards security and lawful
interception (LI). LI is the legally sanctioned official access to private communications, such
as telephone calls or e-mail messages. LI for NGN has been a great concern to the Law
Enforcement Agency (LEA). In this paper we propose a distributed architecture for LI in
NGN. The proposed architecture suits today’s multi service provider network. We also
discuss implementation of LI in heterogeneous network using an example of call flow for a
SIP to H323 call.
Keywords: Lawful Interception, NGN, Distributed Architecture, SIP, H323
I. INTRODUCTION
It has been a long time since the days when telecommunications was dependent on
fixed PSTN networks, the only kind of communication payload transported was a 64kbps
voice, where interception was possible at any point between the ends, and a simple solution
was sufficient to monitor a circuit-switched networks.
Today where ever you go the network follows in other words we have a ubiquitous
packet switched network. The packet switched network is far more complex and deliver a
wide range of services other than just voice. Data services multimedia services and other
value added services form a greater part of the pay load. Monitoring these vast ranges of
media has been a mammoth task for service providers. The multi vendor network scenario
creates a highly complex network topology.
129
- 2. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
With increased exploitation of advanced communication techniques for unlawful,
malignant and malicious has proved a serious concern for LI of the communication. The
challenges faced by service provider to comply by the different LI standards are numerous.
Some of them are listed below
• Wide variety of IP network link types
• Large growing bandwidth and traffic load to monitor
• Many application protocols used by different media types.
• Multi vendor complex network topology.
These were just few from the long list of challenges.
The evolution in telecommunication to fixed-mobile convergence will be through the
NGN path. NGN would be p multiservice, multiprotocol, multi-access, IP-based networks.
Which is secure, reliable and trusted. The NGN framework is set by the International
Telecommunication Union–Telecommunication Standardization Sector (ITU-T), especially
the NGN Focus Group and European Telecommunications Standards Institute (ETSI)
With NGN being a fully converged telecom network it would require a special
architecture for deployment of LI system. Unlike the conventional telephone system the all IP
network uses an end to end call flow model Moreover the NGN network takes mobility to
new levels. The user profile in NGN would be mobile. This would allow the user to use his IP
phone number through an host which is connected to internet. These days IP’s are allocated
dynamically by the service providers which add to the complexity for LI. The architecture we
propose in this paper is a distributed architecture. Distributed architecture has an advantage of
reducing the load of processing from a single system, increase system reliability, efficiency
and scalability. All this advantages while being able to centrally control administer and
monitor from a central identity.
Section II of the paper describes the requirement of NGN and its structure. Section III
presents the proposed distributed architecture and its diagram. With an example of LI in
SIP-H323 call flow we discuss the implementation of the proposed architecture in section IV.
Section V summarizes the advantages and limitations of the proposed architecture and
concludes the paper.
II. NEXT GENERATION NETWORK
As per the definition provided by ITU-T[1] “ A next generation network (NGN) is a
packet based network able to provide services including Telecommunication Services and
able to make use of multiple broadband, Quality of Service enabled transport technologies
and in which service related functions are independent from underlying transport related
technologies. It offers unrestricted access by users to different service providers. It supports
generalized mobility which will allow consistent and ubiquitous provision of services to
users.”
In other words NGN implies to a convergence of all the networks built to provide
different services into a network with a single core built over IP . It implies to an all IP
network.
130
- 3. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
The NGN is built over a horizontally integrated layered model unlike the old vertical
layer network model. It is modelled to provide point to point, point to multipoint, multipoint
to multipoint connection. It can be broadly described by two horizontal layers NGN service
and NGN transport layer.
Figure 1: NGN layered structure[2]
NGN would interconnect with the existing networks and keep existing investment
safely through devices such as the gateway. At the same time, it would also support the IP
intelligence network terminals, including simulated telephone, electrograph, ISDN terminal,
mobile phone, GPRS terminal, SIP terminal, H248 terminal, MGCP terminal, Ethernet
telephone through the PC, video phone, the cable modem and so on.
NGN would be a holistic converged network that would support all the services of
yesterday and add number of new services. NGN ecosystem [2] can be stated briefly as
• Next Generation Services – Converged (quad-play-voice, data, video, mobile)
• Next Generation Access – High speed (Broadband) IP based connectivity (ADSL,
VDSL, Wi-Max, Cable TV, FTTH, PLC)
• Next Generation Transport – Carrier Ethernet, IP-MPLS
• Next Generation Architecture – Service oriented (SOA), layered (transport, control,
application)
• Next Generation Mobile – 3G+ (B3G)
• Next Generation Internet – IPv6
• Next Generation Interconnect – Capacity and Quality based
• Next Generation Licensing – Unified
• Next Generation Regulation – Converged, light handed
It can be seen very clearly from the NGN ecosystem that it would require a new security
mechanisms and architectures for lawful interception. In the next section we propose a
distributed architecture.
131
- 4. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
III. DISTRIBUTED ARCHITECTURE FOR LI
There have always been two types of basic architecture, centralized and distributed
both of them having there unique advantages. Distributed architecture is preferred when a
system is to be deployed for a heterogeneous network with huge data and signalling load. A
distributed architecture distributes the labour of computation from a single device while
providing a administrative control from the central entity.
The proposed architecture is hierarchical architecture. We have a central LI entity (CLIE)
that would connect to the LEA and perform administrative functions. Intermediate level
entities (ILIE) would connect to different ISP’s. Intermediate level would also have a
collection and storage function.All the ILIE functions would have a direct link connection
with the CLIE. ILIE are supported by the base LI entities (BLIE). BLIE are employed at
each of the gateways of existing network of the service provider the BLIE would monitor the
payload as per the request from its superior entity.
Figure 2: Distributed architecture diagram
The distributed architecture would also distribute the responsibilities and functions to
different entities. The functions of each entity in this architecture would be
• Central LI entity:
1. It connects to the LEA. It is the only point for human interface.
2. It has a central data storage server
3. It resolves the target based on location and ISP
4. It issues warrants to ILIEs for interception.
5. Filters the information that has to be provided to LEA
6. Monitoring of the subordinate entities.
• Intermediate LI entity:
1. It resolves the target into the type of network used.
2. Issues warrants for LI to BLIE
3. Has a storage intermediate storage function
4. Provides a direct secure link to the CLIE
132
- 5. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
• Base LI entity:
1. Monitors the target.
2. Copies the RTP packets
3. Decrypts the encrypted packets
4. Provides deep packet investigation
5. Provides a secure link to ILIE
Each entity would be connected to other through a secure link and monitored by its
superior entity. The structure would completely remove the scope of breech by human
interface as it is completely secure with no involvement of any human being at all levels.
The system is administered by strict system policies and firewalls. The intercept related
information (IRI) is kept at two places one at the ILIE and CLIE. Location information is also
stored with the other IRI. As per the requirements multiple public identities on different
network can be intercepted together using this system. In the next section the working of this
system is explained using a internetwork call flow.
IV. WHAT HAPPENS DURING LI OF SIP TO H323 CALL
In this section we would discuss step by step processes taking place when SIP user
agent (UA) – target for LI calls a H323 endpoint.
Figure 3: SIP to H323 call Setup
During an internetwork call the call passes through a internetworking function (IWF)
also referred as call management system (CMS) in general. In any type of internetworking
call IWF is the most important element for successful call setup. IWF translates the requests
in the form that is acceptable by the other end point. During a call from SIP UA to H323 end
point INVITE of SIP is translated to SETUP, 180 RINGING to ALERTING, 200 OK to
ACK, SDP to H345 for negotiation of parameters.
133
- 6. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
Figure 4: Call flow for LI during SIP to H323 call
Step1: LEA gets the court orders for LI of the SIP target and provides it to the CLIE. There
must be proper legislation for what kind of IRI is to be provided. Who is authorized to
issue warrants for LI etc. to prevent the misuse of the system and ensure privacy of
the citizens.
Step2: Depending upon the target information received and the IRI requested CLIE resolves
the target address to find the service provider and its location. It issues warrant to
ILIE to monitor the target.
Step3: ILIE further resolves the target address into its network types and issues a warrant to
BLIE. BLIE keeps on monitoring the target – here a SIP UA.
134
- 7. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
Step4: SIP UA attempts to make a call it sends an INVITE message to the IWF .
Step5: IWF sends the information of the address that the target is attempting to call to the
BLIE
Step6: BLIE forwards the information to ILIE.
Step7: ILIE forwards the information to CLIE.
Step8: CLIE resolves the address that the target is attempting to communicate with and
issues warrants to the ILIE in the regeion of called part. In our case an H323 End
Point.
Step9: ILIE issues warrants to the BLLI.
Step10: BLIE sends ACK to ILIE.
Step11: ILIE sends ACK to CLIE.
Step12: IWF sends SETUP request to H323 EP.
Step13: H323 EP sends ACK to IWF.
Step14: IWF sends 200 OK to the SIP UA.
Step15: SIP UA sends SDP request for negotiation of resources.
Step16: IWF sends H245 to H323 EP.
Step17: Accepts the requirements and sends a media.
Step18: The BLIE copies the media packets and forwards them to ILIE
Step19: ILIE forwards the RTP packets to CLIE.
Step20: H323 EP sends RTP packets to SIP UA.
Step21: SIP UA attempts sends RTP packets.
Step22: The packets are copied by BLIE and forwarded to ILIE
Step23: ILIE stores forwards the RTP Packets to CLIE
Step24: SIP UA sends the RTP packets to H323 EP.
Step25: CLIE sends the IRI requested using a secure link.
The call termination is not shown in the figure but takes place in the same manner as the
call setup.
In the proposed process the RTP packets are copied at both the end terminals. This would
prevent any tempering of data and ensures authentic and accurate data delivery for LI. It even
makes decryption process fast and accurate. The collection function at BLIE also filters the
data packets for deep packet investigation. It can be noticed that all functions or entities can
communicate only to their superior or subordinate entity. The policies for communication
between the entities can be set as per the legal requirements through CLIE.
V. CONCLUSION
This paper proposes distributed architecture for LI in NGN. The proposed architectures
have many unparallel advantages like it has no human interface except at the CLIE so there is
chances of breech due to human factors are minimized to zero. The architecture is best suited
for a heterogeneous inter network call. It is also general model which caters the service for
LEA having targets in multiple Service Providers. In the process proposed for a call we have
suggested coping storing of RTP packets at two places making it system data protected at two
separate places. Each entity connects with other over direct secure lines which are not part of
the network. This also provides high speed secure connectivity between the entities reducing
the delay. This model can be scaled up to support more data without any basic change in
architecture. Finally the hierarchical architecture simplifies the system management and
collection.
135
- 8. International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
Like any other model this architecture also has some limitations and drawbacks. The
biggest drawback is it increases the time required for call setup. Devices at different network
gateways with have to be installed in the network. This would be a capital burden on the
service providers. The model can work efficiently only with strict government legislation and
cooperation between the service providers. If these things have been taken care off then the
model would provide a accurate and authentic LI in future networks.
REFERENCES
[1] ITU-T Recommendation General overviewof NGN Y.2001 (12/2004)
[2] Satya N GuptaEmergence of next generation networks (NGN) – Regulatory and Security
Challenges, BT global services
[3] F Baker, B Foster, C Sharp RFC- 3924 Cisco Architecture for Lawful Interception in IP
networks, Cisco Systems, October 2004
[4] AndroMilanoviC, SiniSaSrbljid, Ivo RainjeviC, Darryl Sladden, Daniel Skrobo, and Ivan
MatoSeviC.Distributed Architecture for lawful interception in VoIP networks, Ljubljana
solvania,Eurocon 2003
[5] The Cisco Service Independent Intercept Architecture Version 3.0, Cisco System Inc,
2007
[6] Tatiana Kovacikova, PavolSegec, NGN Standards Activities in ETSI,Slovakia
[7] ZohrehAyatollahi - SaeedeSarukhani - FatemehFayazi - Zahra AskaryRoknabady -
AfsaneMadaniInteroperablity problems in Next Generation Network Protocols, Iran
Telecommunication Research Center
[8] H. SchulzrinneColumbia University, C. Agboh, RFC4123 - Session Initiation Protocol
(SIP)-H.323 Interworking,July 2005
136