Trends in Lawful Interception and Its Applications in National Security

Transcription

1 Vol.1 No. 2, (2012) Received Aug.2012; Accepted Nov.2012 Trends in Lawful Interception and Its Applications in National Security Abstract Namita Saxena and Mansi Singh Electronics and Communication Engineering Ajay Kumar Garg Engineering College, Ghaziabad, India A fast changing environment opens new doors to terrorism and crime. Nowadays network and content providers are very much required to corporate with LEAs in order to provide LI similarly as it is required from massive telecommunication operators. Availability of communication data is very important for law enforcement but unfortunately the significance just emerged after the crime take place. Now we have to take a step ahead to stop the terrorism and other suspicious activities before they actually taken place. The security threat burgeoning in new direction.li is become priority and major forces of LIA. In the present paper we are trying to reduce terrorism and other suspicious activity with the help of application of LI.In order to find out the suspicious activity it is necessary to make the system learn the usual habits of telecommunication user. Increase of any suspicious activity generally the behaviour of caller changes. A lot of filters can be developed that can go for DPI and identify those packets for LIA where the behaviour pattern changes. The filter can be design depending on the characteristic of criminals and by this process we would in position to narrowdown the antisocial elements trying to use network of national activity. Introduction In some countries, for the national security and for investigation of criminal evidence, the lawful interception is required.3gpp provides specifications on lawful interception in [1],[2] and [3].This paper discusses the overview of LI and its application for private communication. Lawful Interception is a very delicate issue. Authorities capture the communications of certain users in order to tackle criminal activity. Ability to perform LI may be a precondition for a licence to operate telecommunications network. Lawful intercept (LI) is a process for obtaining communications network data related to an individual (a target), as authorized by a judicial or administrative order. To facilitate the lawful intercept process, certain legislation and regulations require service providers (SPs) and Internet service providers (ISPs) to explicitly support authorized electronic Surveillance on their networks to facilitate the interception of telecommunications by law enforcement agencies (LEAs), regulatory or administrative agencies, 95

2 and intelligence services, in accordance with local law. The LEAs are regulatory, administrative, or intelligence agencies. These agencies are required to monitor an individual s or organization s voice, video, are text communications as authorized by judicial authorities. Data which is monitored are primarily collected as evidence or for investigative analysis. The monitored individual s or organization s calls are tapped at the SP network and data is sent directly to LEAs. The data collection and its consumption are all done in accordance with local laws. Data would be collected and examined in real time and the collected data would be preserved for future use. The process of collection of tapped data is Lawful Intercept. LEMF LEA INTERCEPT REQUEST IRI CC Administrati on Delivery Function TECHNICAL INTERCEPTION HANDOVER C 3GPP Network IRI CC User INTERCEPT REQUEST 3GPP Network Overview of Li Model LI may target two types of data: the actual contents of communications (CC) which may include voice, video or text message contents, and Intercept Related Information (IRI, Call Data (CD) in the United States). IRI consists of information about the targeted communication itself: signalling information, source and destination (telephone numbers, IP or MAC addresses, etc), frequency, duration, time and date of communications. On mobile networks, it may also be possible to trace the geographical origin of the call. Network operators have always been collecting some IRI for billing and network management purposes and so it is relatively easy for law enforcement agencies to gain access to this information. Three main functions are defined for LI applications: Capturing For LI applications, capturing of packets includes the task of extracting information from the communications network. Capturing should not affect the SP network that carrying traffic. This function includes identifying the sources that will be able to provide the requested information. For instance, this could involve isolating routers or gateways in the network that are carrying the information and extracting this information from these devices. Filtering LI requires that unauthorized information cannot be extracted from the network. Thus, information captured has to be filtered to include only authorized information. Delivery Filtered information has to be delivered to the Law Enforcement Monitoring Facility (LEMF). The LEMF may not reside in the same premise as the Service Provider. In this case, 96

3 information is encrypted if it has to be transported over a public network. Security of processes The intercept function shall only be accessible by authorised personnel. Only authorised personnel can be aware that an intercept function has been activated on a target. No indication shall be given to any person except authorised personnel that the intercept function has been activated on a target. To be effective, interception must take place without the knowledge of any party to the communication. Authentication, encryption, log files and other mechanisms may be used to maintain security in the system. CSPs shall ensure that its equipment, facilities, or services that provide a subscriber with the ability to originate, terminate, or direct communications are capable of facilitating authorized communications interceptions and access to intercept related information unobtrusively and with a minimum of interference with any subscriber's telecommunications service and in a manner that protects: - The privacy and security of communications (both signalling and content of communication) not authorized to be intercepted; and - Information regarding the LEA s interception of communications. Audit procedures, performed by the CSP, should have access to accurate logs of administration commands and accesses to functions and interception information. Log files shall only be accessible by authorised personnel. Primary Requirement for Lawful Intercept Junos Operating System uses the flow-tap application to dynamically capture network flows for lawful intercept. Dynamic Flow Capture uses DTCP requests to capture packet flows based on dynamic filtering criteria. The primary requirement for lawful interception includes; It must provide an interface by which a mediation device can connect to the routing device and request a copy of packets sent to and from an intended target. It must maintain separation of different LEAs on the device. If multiple agencies are requesting LI action on the same device or for the same target, the agencies must not be aware of each other s presence, and they must not be able to see each other s LI configuration and status. The authorized personnel are only allowed for seeing the configuration for deciding which packet flow to capture and the intercept function on the router. The intended target of the LI interception must not be aware of the interception. A mediation device is required to test the interception application (flow-tap). The mediation device can be a Linux server with SSH capabilities. 97

4 Need of Lawful Interception How Bin Laden Evaded Lawful Interception; Laden was able to circumvent the Internet and yet send an almost uncountable number of s pointing out frustrations that Lawful Interception personnel can encounter when monitoring suspicious activities and people. Although his compound had no phone or Internet capabilities, Laden was able to stay in touch with his far-flung network of operatives without leaving digital fingerprints. He merely typed a message on his unconnected computer, saved it to a thumb drive and passed that to a courier who later plugged it into a memory drive at an Internet café, copied Laden s message into an and sent it. Any responses would be copied to the flash drive and transported back to Laden. Though arduous, the effectiveness of his strategy left officials amazed that he could sustain such a breadth of communication for so long. With the help of this example we can see that, in the past Lawful Interception was simpler and more straightforward because it was confined to traditional voice traffic. Even in the earlier days of the Internet, it was still possible to intercept a target s communication data fairly easily. Earlier terrorist can easily evade it but now the time has changed. Today, LI applications focus purely on intercepting content and have very low accuracy location context provided by cell tower location techniques like Cell- ID (CID) or Enhanced Cell-ID (ECID). This can render the applications ineffective because the target's actual location is relatively unknown; whereas, with accurate location data the LI mission can be accomplished with a much higher success rate. Using GPS for LI applications is not feasible because it does not work indoors and in dense urban areas, and the target user has the option to disable or jam GPS location tracking capabilities on their phone. Location technologies such as multi-lateration (UTDOA) require radio hardware on every cell tower making it extremely cost intensive with a large degree of complexity in terms of deployment and maintenance. Polaris WLS is the only high accuracy, software-only location technology that is low cost, scalable, and reliably provides high accuracy across all types of environments. Besides high accuracy (sub 50m) and scalability, one of the key unique features of WLS is its ability to perform mass (bulk) location of all subscribers, on a near real-time basis, enabling applications such as mass location interception along with postevent analytics. Polaris WLS in conjunction with its intelligent zone services software platform also powers border zone interception with a high degree of precision. Conclusion In this paper we have defined the overview of lawful interception. The three main functions of LI have been discussed. With the help of present paper 98

5 primary requirement of lawful interception can easily be understood. The LI processes are delineated by architectures, such as those specified by ETSI, 3GPP, the WiMAX Forum, and other standards bodies, that facilitate systematic implementations and provisioning of lawful interception systems. However, challenges to lawful interception remain, including the need to support a diversity of services, vendor technologies, wireless networking technologies, voice, and a multiplicity of high speed speed data services. References 1. 3GPP TS : 3rd Generation System Aspects; 3G Security; Lawful Interception Requirements. 2. 3GPP TS : 3rd Generation System Aspects; 3G Security; Lawful Interception Architecture and Functions. 3. 3GPP TS : 3rd Generation System Aspects; 3G Security; Handover Interface for Lawful Interception (LI). 99