1、 ETSI TR 102 528 V1.1.1 (2006-10)Technical Report Lawful Interception (LI);Interception domain Architecture for IP networksETSI ETSI TR 102 528 V1.1.1 (2006-10) 2 Reference DTR/LI-00025 Keywords Lawful Interception, architecture, IP, data, security, telephony, multimedia ETSI 650 Route des Lucioles
2、F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www
3、.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printin
4、g on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/por
5、tal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the
6、foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being register
7、ed by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 102 528 V1.1.1 (2006-10) 3 Contents Intellectual Property Rights5 Foreword.5 Introduction 5 1 Scope 6 2 References 6 3 Definitions
8、 and abbreviations.7 3.1 Definitions7 3.2 Abbreviations .10 4 Reference model.11 4.1 Description of functional elements.13 4.1.1 Intercept Related Information Internal Interception Function (IRI-IIF) .13 4.1.2 CC Trigger Function (CCTF) .13 4.1.3 CC Internal Interception Function (CC-IIF) .13 4.1.4
9、Lawful Interception Mediation Function (MF).14 4.1.5 Lawful Intercept Administration Function (AF).14 4.2 Operational considerations .14 5 Internal Network Interfaces (I N I).15 5.1 INI1 15 5.2 INI2 16 5.3 INI3 16 5.4 CC Trigger Interface (CCTI)18 5.5 CC Control Interface (CCCI) .19 5.5.1 Dedicated
10、interface for the control of CC-IIF.19 5.5.2 In-band control of CC-IIF.20 6 Security.21 7 Applying the reference model 22 7.1 CCTF collocated with MF23 7.1.1 Configuration23 7.1.2 Scope 23 7.1.3 Characteristics.24 7.2 CCTF collocated with IRI-IIF 24 7.2.1 Configuration24 7.2.2 Scope 24 7.2.3 Charact
11、eristics.25 7.3 CCTF collocated with IRI-IIF and CC-IIF.25 7.3.1 Configuration25 7.3.2 Scope 25 7.3.3 Characteristics.25 Annex A: Service scenarios26 A.1 IP Multimedia services.26 A.2 Data services 28 Annex B: Deployment scenarios30 B.1 IRI-IIF integrated in Call Agent, CC-IIF integrated in aggregat
12、ion router, CCTF collocated with MF 30 B.1.1 Configuration .30 B.1.2 Scope30 B.2 IRI-IIF integrated in Call Agent, CC-IIF integrated in Media Gateway, CCTF collocated with MF31 ETSI ETSI TR 102 528 V1.1.1 (2006-10) 4 B.2.1 Configuration .31 B.2.2 Scope31 B.3 IRI-IIF and CCTF integrated in Call Agent
13、, CC-IIF integrated in Media Gateway 32 B.3.1 Configuration .32 B.3.2 Scope32 B.4 Stand-alone IRI-IIF, CC-IIF integrated in aggregation router or aggregation router, CCTF collocated with MF.33 B.4.1 Configuration .33 B.4.2 Scope33 B.4.3 Characteristics 33 B.5 IRI-IIF integrated in Call Agent, stand-
14、alone CC-IIF, CCTF collocated with MF34 B.5.1 Configuration .34 B.5.2 Scope34 B.6 IRI-IIF, CCTF and CC-IIF integrated in a device35 B.6.1 Configuration .35 B.6.2 Scope35 B.6.3 Characteristics 35 Annex C: Examples of CCCI.36 C.1 Dedicated CCCI using SNMPv3 MIBs36 C.2 In-band CCCI using H.248.36 Annex
15、 D: Change Request history 37 History 38 ETSI ETSI TR 102 528 V1.1.1 (2006-10) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI mem
16、bers and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.e
17、tsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, e
18、ssential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Lawful Interception (LI). Introduction The objective of the present document is to describe a high level architecture in IP networks for use by both telecommunications service provider
19、s and network operators, including Internet Service Providers that will deliver the interception information required by Law Enforcement Authorities under various European treaties and national regulations. The distributed nature of IP networks, and the increasing number of access technologies requi
20、re Internal Intercept functions in a large number of devices. The present document provides a general reference architecture that has a minimum set of common Internal Network functions and Interfaces. It is intended to be general enough to be used in a variety of situations, including but not limite
21、d to lawful interception of IP Multimedia services, layer 2 data services and layer 3 data services, delivered over any access technology. ETSI ETSI TR 102 528 V1.1.1 (2006-10) 6 1 Scope The present document describes a high level reference architecture for supporting lawful interception in network
22、operator and communication service providers“ domain for IP networks. The document contains: A reference model in the network operator and communication service provider domain. A High level description of Internal Network Functions and Interfaces. Application of the reference model to voice and mul
23、timedia over IP services, data layer 3 and layer 2 services. It does not intend to replace any existing document which specifies network operator and communication service providers architecture and internal network interfaces. The present document does not override or supersede any specifications o
24、r requirements for the lawful interception within GSM/UMTS PS domain, which is defined in TS 133 106 9 and TS 33 107 8. 2 References For the purposes of this Technical Report (TR) the following references apply: 1 ETSI TS 101 331: “Lawful Interception (LI); Requirements of Law Enforcement Agencies“.
25、 2 ETSI ES 201 158: “Telecommunications Security; Lawful Interception (LI); Requirements for network functions“. 3 ETSI ETR 332: “Security Techniques Advisory Group (STAG); Security requirements capture“. 4 ETSI TS 101 671: “Lawful Interception (LI); Handover interface for the Lawful Interception of
26、 telecommunications traffic“. NOTE: Periodically TS 101 671 is published as ES 201 671. A reference to the latest version of the TS as above reflects the latest stable content from ETSI/TC LI. 5 ETSI TS 133 108: “Universal Mobile Telecommunications System (UMTS); 3G security; Handover interface for
27、Lawful Interception (LI) (3GPP TS 33.108)“. 6 ETSI TS 102 232-01: “Lawful Interception (LI); Handover specification for IP delivery“. 7 ETSI TS 102 232-03: “Lawful Interception (LI); Service-specific details for internet access services“. 8 ETSI TS 133 107: “Universal Mobile Telecommunications Syste
28、m (UMTS); 3G security; Lawful interception architecture and functions (3GPP TS 33.107)“. 9 ETSI TS 133 106: “Universal Mobile Telecommunications System (UMTS); Lawful interception requirements (3GPP TS 33.106)“. 10 ETSI TS 142 033: “Digital cellular telecommunications system (Phase 2+); Lawful Inter
29、ception; Stage 1 (3GPP TS 42.033 version 5.0.0 Release 5)“. 11 ETSI TS 143 033: “Digital cellular telecommunications system (Phase 2+); Lawful Interception; Stage 2 (3GPP TS 43.033 version 5.0.0 Release 5)“. 12 ETSI TS 102 227: “Telecommunications and Internet Protocol Harmonization Over Networks (T
30、IPHON) Release 4; Functional Entities, Information Flow and Reference Point Definitions; Lawful Interception“. 13 IETF RFC 3924: “Cisco Architecture for Lawful Intercept in IP Networks“. 14 PKT-SP-ESP1.5-I01-050128: “PacketCable Electronic Surveillance Specification“. ETSI ETSI TR 102 528 V1.1.1 (20
31、06-10) 7 15 IETF RFC 3414: “User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)“. 16 IETF RFC 3415: “View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)“. 17 Warnicke, E.: “A Suggested Scheme for DNS Resolution of Netw
32、orks and Gateways“. NOTE: Work in Progress. 18 IETF RFC 3261: “SIP: Session Initiation Protocol“. 19 IETF RFC 3435: “Media Gateway Control Protocol (MGCP) Version 1.0“. 20 ITU-T Recommendation H.248.1: “Gateway Control Protocol: Version 3“. 21 ITU-T Recommendation H.323: “Packet-based Multimedia Com
33、munications Systems“. 22 ITU-T Recommendation H.245: “Control Protocol for Multimedia Communications“. 23 IETF RFC 2327: “SDP: Session Description Protocol“. 24 IETF RFC 4588: Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R. Hakenber: “RTP Retransmission Payload Format“. NOTE: Work in Progress. 25
34、 IETF RFC 3550: “RTP: A Transport Protocol for Real Time Applications“. 26 IETF RFC 2474: “Definition of the Differentiated Services (DS Field) in the IPv4 and IPv6 Headers“. 27 IETF RFC 2475: “An Architecture for Differentiated Services“. 28 ETSI TS 102 815: “Lawful Interception (LI); Service-speci
35、fic details for Layer 2 Lawful Interception“. 29 ETSI TS 101 909-20-2: “Digital Broadband Cable Access to the Public Telecommunications Network; IP Multimedia Time Critical Services; Part 20: Lawful Interception; Sub-part 2: Streamed multimedia services“. 30 PKT-SP-ES-INF-I01-060406: “PacketCable El
36、ectronic Surveillance Intra-Network Specification“. 31 IETF RFC 3603: “Private Session Initiation Protocol (SIP) Proxy-to-Proxy Extensions for Supporting the PacketCable Distributed Call Signaling Architecture “. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present documen
37、t, the terms and definitions given in TS 101 331 1, ES 201 158 2 and the following apply: Access Provider (AP): provides a user of some network with access from the users terminal to that network NOTE 1: This definition applies specifically to the present document. In a particular case, the access p
38、rovider and network operator may be a common commercial entity. NOTE 2: The definitions from TS 101 331 1 have been expanded to include reference to an access provider, where appropriate. authorizing authority: authority, such as court of law, that is entitled to authorize Lawful Interception (LI) E
39、TSI ETSI TR 102 528 V1.1.1 (2006-10) 8 call: any connection (fixed or temporary) capable of transferring information between two or more users of a telecommunications system. NOTE: In this context a user may be a person or a machine CC (CC): information exchanged between two or more users of a telec
40、ommunications service, excluding Intercept Related Information (IRI). NOTE: This includes information which may, as part of some telecommunications service, be stored by one user for subsequent retrieval by another. Domain Name System (DNS): set of network elements, which function as translators bet
41、ween logical names and network addresses on the Internet NOTE: This type of element is widely used for IP traffic today. It can be anticipated that similar functionality will be introduced also for telephony in the near future. Handover Interface (HI): physical and logical interface across which the
42、 interception measures are requested from an AP/NWO/SvP, and the results of interception are delivered from an AP/NWO/SvP to an LEMF identity: technical label which may represent the origin or destination of any telecommunications traffic, as a rule clearly identified by a physical telecommunication
43、s identity number (such as a telephone number) or the logical or virtual telecommunications identity number (such as a personal number) which the subscriber can assign to a physical access on a case-by-case basis Intercept Related Information (IRI): collection of information or data associated with
44、telecommunication services involving the target identity, specifically call associated information or data (e.g. unsuccessful call attempts), and service associated information or data (e.g. service profile management by subscriber) and location information Interception (or Lawful Interception): act
45、ion (based on applicable laws and regulations), performed by an AP/NWO/SvP, of making available certain information and providing that information to an LEMF NOTE: In the present document the term interception is not used to describe the action of observing communications by an LEA (see below). inte
46、rception interface: physical and logical locations within the access providers/network operators/service providers telecommunications facilities where access to the CC and Intercept Related Information is provided NOTE: The interception interface is not necessarily a single, fixed point. interceptio
47、n subject: person or persons, specified in a lawful authorization, whose telecommunications are to be intercepted Internal Intercepting Function: point within a network or network element at which the CC is made available Internal Network Interface: networks internal interface between the Internal I
48、ntercepting Function and a mediation function Internet Service Provider (ISP): business entity that offers connectivity to the Internet, primarily for dial-in subscribers NOTE: The ISP will generally also provide e-mail facilities and other higher-level Internet services. Law Enforcement Agency (LEA
49、): organization authorized, by a lawful authorization based on a national law, to request interception measures and to receive the results of telecommunications interceptions Law Enforcement Monitoring Facility (LEMF): law enforcement facility designated as the transmission destination for the results of interception relating to a particular interception subject lawful authorization: permission granted to a LEA under certain conditions to intercept specified telecommunications and requiring co-