Transcript PowerPoint 簡報 - Network Forensics | Lawful Interception

DECISION Group Inc.
Mediation Device
for
Internet Access Provider
Decision Group
www.edecision4u.com
What is Lawful Interception
• A legally sanctioned official access to private
communications of specific targets through
– telephone calls
– e-mail messages
–…
• A security process: through which a communication
service provider collects and provides law
enforcement with intercepted communications of
private individuals or organizations.
What Challenges to Current LI
 Based on old telecom network of voice analog technology
without support of new IP technology
 All batch job task without quick response to immediate
events
 LI result report acquired one or two days later because of
batch processing tasks
 Only on voice and email without on the scope of many
other popular online services
 Cyber crime rings rely on 60% on voice
and email and 40% on other social media,
instant message, and interactive tools…
Current Out-of-Date LI Technology cannot
Mitigate the Risk of Attacks from Crime Rings
New Criteria for Lawful Interception
Standard Integrated Lawful Interception Solutions from Decision Group
 For both Telecom and Network Environment
 Compliant with ETSI or CALEA Standards
 Getting IP packet data stream from Telecom and Internet
Service Providers
 Decoding as many protocols as possible
 Data retention capability for long term tracking and
reporting
 Easy to deploy and manage with high security control
Scenario and Actors for LI
Interception
interface
Regulators
Correspondent
Service Providers
target
Interception
Vendors
Mediation Vendors
Handover interface
Collection Vendors
Monitor
ETSI Lawful Interception Model
IIF: Internal interception Function
INI: Internal Network Interface
HI1: Administraive Information
HI2: Intercept Related Information
HI3: Content of Communication
HI1
Administration
function
Network
Internal
Functions
Intercept related
information (IRI)
HI2
IRI Mediation
function
Content of
Communication (CC)
Content Mediation
function
Collection
Vendors
HI3
Interception
IIF
Vendors
INI
NWO/AP/SvP
Domain
Mediation Vendors
LEMF
Crime Investigation Cycle with LI
Court
Investigator
GSN
Core Router
IP Data
-Control Plane
-User Plane
Target
Provision
Warrant
Management
Delivery
Decoding
&
Reconstruction
Presentation
Interception
&
Filtering
BRAS
Deep Content
Inspection
AAA
LI Plane @ ISP
LI Plane @ LEA
Wired IAS Passive Interception
Wired IAS Active Interception
Wireless 3G Passive Interception
iMediatior
 System Spec
－Target Type
•
•
•
•
ISP account/RADIUS
CPE MAC address/RADIUS
IP address
MSISDN/GTP-C
－ Packet Pre-processing
• GTP-C, GTP-U, RADIUS….
Target
Provision
Interception
&
Filtering
－ Interception Adaptor
• Passive Sniffing: DG certified IP Probe
• Active Filtering : BRAS,GGSN,HA,MME,SGW,PGW
－ Data Delivery
• Proprietary Handover Interface: DG HI
• ETSI Handover interface: ETSI TS 102 232-1/3
－ Capacity per Server (HP DL380 G8)
• Max 300 active interception session
Delivery