1、 ETSI TR 101 943 V2.2.1 (2006-11)Technical Report Lawful Interception (LI);Concepts of Interception in a Generic Network ArchitectureETSI ETSI TR 101 943 V2.2.1 (2006-11) 2 Reference RTR/LI-00040 Keywords architecture, data, IP, Lawful Interception, security, telephony ETSI 650 Route des Lucioles F-
2、06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.e
3、tsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing
4、on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/porta
5、l.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the fo
6、regoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered
7、 by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 101 943 V2.2.1 (2006-11) 3 Contents Intellectual Property Rights4 Foreword.4 Introduction 4 1 Scope 5 2 References 5 3 Definitions a
8、nd abbreviations.6 3.1 Definitions6 3.2 Abbreviations .9 4 Overview of LI requirements and standards 10 4.1 General .10 4.1.1 National adaptations .10 4.1.2 Influence from new forms of telecommunication.10 4.1.3 Guiding principles 11 4.2 Internationally based requirements.14 4.3 Characteristics of n
9、ational requirements 14 4.3.1 General14 4.3.2 Migration from legacy technology14 4.3.3 National parameters 15 4.3.4 Security.15 4.3.5 Protocols .15 4.4 Requirement implementation process 15 4.5 Overview of LI standards .16 5 Interception of communication services.18 5.1 General .18 5.1.1 LI requirem
10、ents related to services .18 5.1.2 Migration to separate service platforms18 5.1.3 Layered model related to LI functions19 5.2 Access services.19 5.3 Communication application services21 5.4 Intelligent network services22 6 Interfaces 23 6.1 General .23 6.2 Internal interfaces.23 6.3 Handover interf
11、aces24 6.4 Interface protocols25 6.5 Mapping IRI from PS Contents25 7 Security.26 7.1 General .26 7.2 Threat model 27 7.3 System security 28 7.3.1 Encryption of stored data28 7.3.2 Logical access control.28 7.3.3 Physical access control .28 7.4 Interface and link security 29 7.4.1 Protection of tran
12、smitted data .29 7.4.2 Management of keys.29 7.4.3 Use of leased lines 29 Annex A: Change Request History.30 History 31 ETSI ETSI TR 101 943 V2.2.1 (2006-11) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
13、 pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI S
14、ecretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314
15、 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Lawful Interception (LI). Introduction The present document is an overview description of various aspects
16、 of lawful interception requirements, relations to communication services, interface technology and security. The present document is intended to serve as a guide that covers some practical issues regarding implementation of LI systems. ETSI ETSI TR 101 943 V2.2.1 (2006-11) 5 1 Scope The present doc
17、ument provides a high-level informative overview and principles regarding implementation of LI for telecommunications. Details about these principles is covered in other documents that address specific technologies and network types. The following areas are covered here: A general discussion about t
18、he role and position of Lawful Interception related to public communication services. Origin of LI requirements - overview of characteristics of national legislation and regulations as well as international cooperation on LI. A high-level description of LI related to an abstract model of communicati
19、ons systems (service/control/connectivity layers). Discussion of interception at access service level versus application service. Discussion of interception of IN services. Overview of issues regarding interception of IP traffic. Description of internal interfaces and internal network units involved
20、 in LI processing. Description of handover interfaces and interface protocols with some practical hints regarding implementation choices. Discussion about security issues, related to the standard threat model described in ETR 332 4. 2 References For the purposes of this Technical Report (TR) the fol
21、lowing references apply: NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 1 ETSI TS 101 331: “Lawful Interception (LI); Requirements of Law Enforcement Agencies“. 2 ETSI ES 201 158: “Telecommunications Security;
22、Lawful Interception (LI); Requirements for network functions“. 3 Void. 4 ETSI ETR 332: “Security Techniques Advisory Group (STAG); Security requirements capture“. 5 ETSI TS 101 671: “Lawful Interception (LI); Handover interface for the Lawful Interception of telecommunications traffic“. NOTE: Period
23、ically TS 101 671 is published as ES 201 671. A reference to the latest version of the TS as above reflects the latest stable content from ETSI/TC LI. 6 ETSI TS 133 108: “Universal Mobile Telecommunications System (UMTS); 3G security; Handover interface for Lawful Interception (LI) (3GPP TS 33.108 R
24、elease 6)“. 7 ETSI TS 102 232: “Lawful Interception (LI); Handover specification for IP delivery“ (will be re-issued with the designation TS 102 232-1). 8 ETSI TS 102 234: “Lawful Interception (LI); Service-specific details for internet access services“ (will be re-issued with the designation TS 102
25、 232-3). 9 IETF RFC 3924: “Cisco Architecture for Lawful Intercept in IP Networks“. ETSI ETSI TR 101 943 V2.2.1 (2006-11) 6 10 ETSI EG 201 781: “Intelligent Network (IN); Lawful interception“. 11 EU Council ETS 185: “Convention on Cybercrime“, 23.XI.2001. 12 ETSI TS 133 107: “Universal Mobile Teleco
26、mmunications System (UMTS); 3G security; Lawful interception architecture and functions (3GPP TS 33.107)“. 13 ETSI TS 133 106: “Universal Mobile Telecommunications System (UMTS); Lawful interception requirements (3GPP TS 33.106)“. 14 ETSI TS 102 227: “Telecommunications and Internet Protocol Harmoni
27、zation Over Networks (TIPHON) Release 4; Functional Entities, Information Flow and Reference Point Definitions; Lawful Interception“. 15 ETSI TS 102 815: “Service-specific details for Layer 2 Lawful Interception“ (will be re-issued with the designation TS 102 232-4). 16 ETSI TR 102 528: “Lawful Inte
28、rception (LI) Architecture for IP Networks within a Communication Service Providers domain“. 17 ETSI TS 101 909-20: “Digital Broadband Cable Access to the Public Telecommunications Network; IP Multimedia Time Critical Services; Part 20: Lawful Interception“. 18 ETSI TR 102 053: “Telecommunications s
29、ecurity; Lawful Interception (LI); Notes on ISDN lawfull interception functionality“. 19 ETSI TS 102 233: “Lawful Interception (LI); Service specific details for E-mail services“ (will be re-issued with the designation TS 102 232-2). 20 ETSI EN 301 040: “Terrestrial Trunked Radio (TETRA); Security;
30、Lawful Interception (LI) interface“. 21 ETSI TR 101 514: “Digital cellular telecommunications system (Phase 2+); Lawful interception requirements for GSM (GSM 01.33)“. 22 ETSI TS 101 507: “Digital cellular telecommunications system (Phase 2+); Lawful interception - Stage 1 (GSM 02.33)“. 23 ETSI TS 1
31、01 509: “Digital cellular telecommunications system (Phase 2+) (GSM); Lawful interception; Stage 2 (3GPP TS 03.33)“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TS 101 331 1, ES 201 158 2 and the following apply: Access
32、 Provider (AP): provides a user of some network with access from the users terminal to that network NOTE 1: This definition applies specifically for the present document. In a particular case, the access provider and network operator may be a common commercial entity. NOTE 2: The definitions from TS
33、 101 331 1 have been expanded to include reference to an access provider, where appropriate. authorizing authority: authority, such as court of law, that is entitled to authorize Lawful Interception (to) buffer: temporary storing of information in case the necessary telecommunication connection to t
34、ransport information to the LEMF is temporarily unavailable call: any connection (fixed or temporary) capable of transferring information between two or more users of a telecommunications system. In this context a user may be a person or a machine ETSI ETSI TR 101 943 V2.2.1 (2006-11) 7 Content of C
35、ommunication (CC): information exchanged between two or more users of a telecommunications service, excluding Intercept Related Information NOTE: This includes information which may, as part of some telecommunications service, be stored by one user for subsequent retrieval by another. Domain Name Sy
36、stem (DNS): set of network elements, which function as translators between logical names and network addresses on the Internet NOTE: This type of element is widely used for IP traffic today. It can be anticipated that similar functionality will be introduced also for telephony in the near future. Ha
37、ndover Interface (HI): physical and logical interface across which the interception measures are requested from an AP/NWO/SvP, and the results of interception are delivered from an AP/NWO/SvP to an LEMF identity: technical label which may represent the origin or destination of any telecommunications
38、 traffic, as a rule clearly identified by a physical telecommunications identity number (such as a telephone number) or the logical or virtual telecommunications identity number (such as a personal number) which the subscriber can assign to a physical access on a case-by-case basis Intercept Related
39、 Information (IRI): collection of information or data associated with telecommunication services involving the target identity, specifically call associated information or data (e.g. unsuccessful call attempts), service associated information or data (e.g. service profile management by subscriber) a
40、nd location information interception (or Lawful Interception): action (based on applicable laws and regulations), performed by an AP/NWO/SvP, of making available certain information and providing that information to an LEMF NOTE: In the present document the term interception is not used to describe
41、the action of observing communications by an LEA. interception interface: physical and logical locations within the access providers/network operators/service providers telecommunications facilities where access to the Content of Communication (CC) and Intercept Related Information is provided NOTE:
42、 The interception interface is not necessarily a single, fixed point. interception measure: technical measure that facilitates the interception of telecommunications traffic pursuant to the relevant national laws and regulations interception subject: person or persons, specified in a lawful authoriz
43、ation, whose telecommunications are to be intercepted internal intercepting function: point within a network or network element at which the Content of Communication is made available Internal Network Interface (INI): networks internal interface between the Internal Intercepting Function and a media
44、tion function Internet Service Provider (ISP): business entity that offers connectivity to the Internet, primarily for dial-in subscribers NOTE: The ISP will generally also provide e-mail facilities and other higher-level Internet services. Law Enforcement Agency (LEA): organization authorized, by a
45、 lawful authorization based on a national law, to request interception measures and to receive the results of telecommunications interceptions Law Enforcement Monitoring Facility (LEMF): law enforcement facility designated as the transmission destination for the results of interception relating to a
46、 particular interception subject lawful authorization: permission granted to a LEA under certain conditions to intercept specified telecommunications and requiring co-operation from a AP/NWO/SvP NOTE: Typically this refers to a warrant or order issued by a lawfully authorized body. ETSI ETSI TR 101
47、943 V2.2.1 (2006-11) 8 LEA network: network connections and special protocol functions that are required for delivery of intercept products from a mediation function or delivery function to the LEMF(s) NOTE: This network is specified by and normally belongs to the LEA domain. LI products: The same a
48、s result of interception. location information: information relating to the geographic, physical or logical location of an identity relating to an interception subject mail server: network element which serves as a “Point Of Presence“ (POP) for receiving and storing and forwarding e-mail on behalf o
49、f a registered mail user on that server NOTE: A variant of the mail server is the send mail server (SMTP), which dispatches mail from the user to the e-mail network. The POP usually requires login with a password on the application level, while the SMTP can be used after session or link validation only. Mediation Function (MF): mechanism which passes information between an access provider or network operator or service provider and a handover interface network element: component of the network structur
