ETSI TR 101 567-2016 Lawful Interception (LI) Cloud Virtual Services for Lawful Interception (LI) and Retained Data (RD) (V1 1 1)《合法侦听(LI) 合法侦听(LI)的云虚拟服务和保留数据(RD)(V1 1 1)》.pdf

1、 ETSI TR 101 567 V1.1.1 (2016-01) Lawful Interception (LI); Cloud/Virtual Services for Lawful Interception (LI) and Retained Data (RD) TECHNICAL REPORT ETSI ETSI TR 101 567 V1.1.1 (2016-01) 2 Reference DTR/LI-00084 Keywords cloud, lawful interception, virtual services, security, retained data ETSI 6

2、50 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/ww

3、w.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived diffe

4、rence in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or cha

5、nge of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx

6、Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI.

7、 The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks

8、of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 101 567 V1.1.1 (2016-01) 3 Contents Intellectual Property Rights 6g3Foreword . 6g3Modal verbs terminology 6g31 Sco

9、pe 7g32 References 7g32.1 Normative references . 7g32.2 Informative references 7g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 12g34 Cloud Services Overview . 16g34.1 Introduction 16g34.2 Perspectives on Cloud services 16g34.2.1 Introduction. 16g34.2.2 General characte

10、ristics of Cloud services . 17g34.2.3 Service models for Cloud services 17g34.2.4 Deployment models for Cloud services 17g34.3 Cloud reference architectures and infrastructures 18g34.4 Resource management 21g34.5 Enabling Mobile Cloud 22g35 Network Virtual Services Overview 24g35.1 Introduction 24g3

11、5.2 NFV relationship to Cloud Services . 25g35.3 NFV standardization. 25g36 Lawful Interception 26g36.1 Introduction 26g36.2 LEA 26g36.2.1 Identify and communicate with the responsible service providers . 26g36.2.2 Facilitate access and delivery across different jurisdictions . 26g36.2.3 Existing te

12、lecommunications services implemented using Cloud/virtual capabilities 26g36.3 CSP / C(L)SP Provider Obligations . 27g36.3.1 Overview 27g36.3.2 Use of trusted third parties (TTP) . 27g36.4 LI implementation scenarios 28g36.5 Implementation Challenges 28g36.5.1 Introduction. 28g36.5.2 Encryption Chal

13、lenge . 29g36.5.3 Multiple copies of intercepted traffic 29g36.5.4 Integration of Partial Communication Segments 29g36.5.5 Nomadicity . 29g36.5.6 Location 29g36.5.7 Target Identification . 30g36.5.8 Correlation 31g36.5.9 Network Virtualization . 31g36.6 Mobile Networks 31g36.6.1 Introduction. 31g36.

14、6.2 Non-MNO transited Cloud Applications/Services 31g36.6.3 Cloud Applications/Services integral to MNO . 31g36.6.4 Cloud Applications/Services Transit MNO via Proxies . 32g36.6.5 Cloud Applications/Services Transit MNO via Policies . 34g36.7 Mobile Networks 34g36.7.1 General 34g36.7.2 Mobile Cloud

15、34g36.7.3 General 34g3ETSI ETSI TR 101 567 V1.1.1 (2016-01) 4 6.7.4 Proxy . 35g36.7.5 ANDSF . 35g37 Traditional LI models and methods applied to the Cloud environment . 36g37.1 Introduction 36g37.2 Traditional LI models . 36g37.3 Adaptation to the Cloud environment 36g37.4 Handover Interfaces for ne

16、w Cloud services 37g37.5 Handover interfaces for virtualized network elements . 37g37.6 Hybrid Services 37g37.6.1 Introduction. 37g37.6.2 Volte . 37g37.6.3 Peer to Peer Services. 37g37.7 Cloud Lawful Interception Function (CLIF) 38g38 Security of LI in a Cloud or Network Virtualized environment . 38

17、g38.1 Lawful Interception security. 38g38.2 Cloud services security . 39g38.3 Security Considerations in a Virtualized Network Environment . 39g39 LI - Cloud gaps and challenges 39g39.1 Generic Cloud LI interface specification gap . 39g39.2 Specific Cloud LI specification gaps 40g39.2.1 General 40g3

18、9.2.2 Scenario 2: Cloud Services that transit the network facilities via Proxy 40g39.2.3 Scenario 3: Cloud Services that transit the network facilities via Policies . 40g39.2.4 Target Identity expressions for Cloud LI 41g39.2.5 Application Identity expressions for Cloud LI 41g39.2.6 Virtual Observab

19、le (VO) expressions for Cloud LI 41g39.2.7 CLIF Specifications 41g310 LI - Network Virtualization gaps and challenges . 42g311 Conclusions and Recommendations . 42g3Annex A: Several Use cases . 43g3A.1 Telepresence use case 1: TSP offers Telepresence and all participants are subscribers of the TSP 4

20、3g3A.2 Telepresence use case 2: Telepresence is offered by a Third Party provider. Participants are subscribers of the same or different TSP(s) . 44g3A.3 Virtual Machine Image (VMI) Basic Use Case . 46g3A.4 In Memory File System or Database 47g3A.5 Distributed Application Communicating through IPC .

21、 47g3A.6 Mobile Portal or Dashboard using both Operator Provided and Enterprise Applications . 48g3A.7 Enterprise Cloud based or Dashboard using both Operator Provided and Enterprise Applications 50g3A.8 Use of VDI supporting Offline Operations 51g3A.9 Delayed Communication by Transferring a Cloud b

22、ased Virtual Machine Image (VMI) . 52g3A.10 Consumer based Files Sharing . 54g3A.11 Consumer based File Sharing 1 56g3A.12 Consumer based File Sharing 2 59g3A.13 Consumer based File Sharing 3 63g3A.14 Consumer based File Sharing 4 67g3A.15 Consumer based File Sharing 5 70g3A.16 Consumer based File S

23、haring 6 75g3ETSI ETSI TR 101 567 V1.1.1 (2016-01) 5 A.17 Consumer based File Sharing 7 80g3A.18 Consumer based File Sharing 8 84g3A.19 Access Network Discovery and Selection Function (ANDSF) Use Case 90g3Annex B: Cloud Virtualization Fora 93g3History 103g3ETSI ETSI TR 101 567 V1.1.1 (2016-01) 6 Int

24、ellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members and can be found in ETSI SR 000 314: “Intellectual Property Rig

25、hts (IPRs); Essential or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has

26、 been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are or may be or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technic

27、al Committee Lawful Interception (LI). The present document does not in any matter establish or imply legal obligations to meet specified LI capability obligations for Cloud/virtual service providers. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“

28、, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TR 101 567 V1.1.

29、1 (2016-01) 7 1 Scope The present document provides an overview of Cloud/virtual services and studies. This includes Lawful Interception (LI) and Retained Data (RD) aspects of these services in the converged Cloud/virtual service environment, the challenges and obstacles of complying with those obli

30、gations, what implementations can be achieved under existing ETSI LI standards and what new work may be required to achieve needed Lawful Interception capabilities. Cloud Services, in whichever forms they take (Infrastructure, Software, Platform or combinations of these), are often trans-border in n

31、ature and the information required to maintain LI and RD capability or sufficient coverage for LI/RD support may vary in different countries or within platforms of different security assurance levels. The present document aims to ensure capabilities can be maintained while allowing business to utili

32、ze the advantages and innovations of Cloud Services and was undertaken cooperatively with relevant Cloud security technical bodies. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For sp

33、ecific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Referen

34、ce. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references References are either

35、 specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks in

36、cluded in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. . i.1 ETSI TS 101 331: “Lawf

37、ul Interception (LI); Requirements of Law Enforcement Agencies“. i.2 ETSI TS 101 671: “Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic“. NOTE: Periodically ETSI TS 101 671 is published as ETSI ES 201 671. A reference to the latest version of the

38、 TS as above reflects the latest stable content from ETSI/TC LI. i.3 ETSI TS 102 232-1: “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery“. i.4 ETSI TS 102 232-2: “Lawful Interception (LI); Handover Interf

39、ace and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for messaging services“. i.5 ETSI TS 102 232-3: “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 3: Service-specific details for internet access services“. E

40、TSI ETSI TR 101 567 V1.1.1 (2016-01) 8 i.6 ETSI TS 102 232-4: “ETSI TS 101 232-4: “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services“. i.7 ETSI TS 102 232-5: “ETSI TS 101 232-5: “Lawful Interception

41、(LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia services“. i.8 ETSI TR 103 690: “Lawful Interception (LI); eWarrant Interface“. i.9 Special Publication 800-145: “The NIST Definition of Cloud Computing“, Sept 2011. i.10 N

42、IST SP 800-144: “Guidelines on Security and Privacy in Public Cloud Computing“. i.11 ETSI TS 133 106: “3G security; Lawful interception requirements“. i.12 ETSI TS 133 107: “3G security; Lawful interception architecture and functions“. i.13 ETSI GS NFV 002: “Network Functions Virtualisation (NFV); A

43、rchitectural Framework“. i.14 ETSI GS NFV 003: “Network Functions Virtualisation (NFV); Terminology for Main Concepts in NFV“. i.15 ETSI TR 121 905: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Vocabulary for 3GPP Specifications (3GP

44、P TR 21.905)“. i.16 ETSI NFV ISG: “Network Functions Virtualisation“ - Update White Paper, October 2013. NOTE: This white paper is available at: http:/portal.etsi.org/NFV/NFV_White_Paper2.pdf. i.17 ETSI GS NFV 001: “Network Functions Virtualisation (NFV); Use Cases“. i.18 Recommendation ITU-T X.1546

45、: “Malware attribute enumeration and characterization“. i.19 ETSI TS 133 108: “Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Handover interface for Lawful Interception (LI) (3GPP TS 33.108)“. i.20 ITU-T Focus Group on Cloud Computing Technical Report, Part 2: Functional requir

46、ements and reference architecture (02/2012). i.21 ITU-T Technical Report Part 3: “Cloud/virtual network infrastructure model (ITU-T Cloud TR3)“. i.22 NIST Cloud Computing Reference Architecture: Recommendations of the National Institute of Standards and Technology (Special Publication 500-292). 3 De

47、finitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions given in ETSI TR 121 905 i.15 and the following apply: appliance: self-contained IT system that can be plugged into an existing IT infrastructure to carry out a single purpose ap

48、plication virtualization: virtual implementation of the application programming interface (API) that a running application expects to use authentication: verifying the identity of a user, process or device, often as a prerequisite to allowing access to resources in an information system broad networ

49、k access: capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g. mobile phones, tablets, laptops and workstations) ETSI ETSI TR 101 567 V1.1.1 (2016-01) 9 Cloud communication centre: service that enables advanced features for the customer-enterprise interaction using the communication and management capabilities provided by a Cloud based telecommunication infrastructure (managed by the Cloud service provider) Cloud computing: mode