1、 ETSI TS 102 232-4 V3.2.2 (2014-07) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services floppy3TECHNICAL SPECIFICATION ETSI ETSI TS 102 232-4 V3.2.2 (2014-07)2Reference RTS/LI-00117-4 Keywords IP, Lawf
2、ul Interception, layer 2, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present
3、document can be downloaded from: http:/www.etsi.org The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any exi
4、sting or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be su
5、bject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/E
6、TSI_support.asp Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written author
7、ization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2014. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE
8、are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 232-4 V3.2.2 (2014-07)3Contents Intellectual Property Rights 4g3Foreword . 4g3Modal verbs term
9、inology 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 6g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 7g34 General . 8g34.1 Access network 8g34.1.1 Scenario 1 . 8g34.1.2 Scenario 2 . 9g34.1.3 Scenario 3 . 10g34.1
10、.4 Scenario 4 . 10g34.2 Lawful Interception (LI) requirements . 11g34.2.1 Target identity . 11g34.2.2 Result of interception 11g34.2.3 Intercept related information messages. 12g34.2.4 Time constraints 12g35 System model . 12g35.1 Reference configuration . 12g35.2 Reference states 13g35.2.1 Logon 13
11、g35.2.2 Data transport 13g35.2.3 Logoff . 14g35.2.4 Unexpected connection loss 14g36 Intercept Related Information 15g36.1 IRI events . 15g36.2 HI2 attributes 16g37 Content of Communication (CC) . 16g38 ASN.1 for IRI and CC 17g38.1 ASN.1 specification 17g3Annex A (normative): Reference network topol
12、ogies . 21g3A.1 xDSL access . 21g3A.1.1 Events and information 21g3A.2 Cable modem access 28g3A.3 WLAN access . 28g3Annex B (informative): Stage 1 - RADIUS characteristics . 29g3B.1 Network topology . 29g3B.1.1 RADIUS proxy . 29g3Annex C (informative): Change Request History 31g3History 33g3ETSI ETS
13、I TS 102 232-4 V3.2.2 (2014-07)4Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR
14、 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no invest
15、igation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specifi
16、cation (TS) has been produced by ETSI Technical Committee Lawful Interception (LI). The present document is part 4 of a multi-part deliverable. Full details of the entire series can be found in part 1 2. The ASN.1 module is also available as an electronic attachment to the original document from the
17、 ETSI site (see for more details clause 8.1). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “may not“, “need“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal
18、 forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction The present document focuses on layer 2 interception of IP-encoded information. It is to be used in conjunction with TS 102 232-1 2, in which the han
19、dling of the intercepted information is described. ETSI ETSI TS 102 232-4 V3.2.2 (2014-07)51 Scope The present document specifies Lawful Interception for an Access Provider that has access to layer 2 session information and that is not required to have layer 3 information. In this case, the focus of
20、 Lawful Interception (LI) for IP Network Access is on the portion of the network, commonly referred to as “layer 2 interception“, that facilitates subscriber access to the Public IP network. The present document describes the LI at the interception domain of the access network. The specification con
21、tains: a stage 1 description of the Lawful Interception service; a stage 2 description of the information flows between the functional entities (including the information elements involved) and triggering events; and a stage 3 description of the protocol and procedures to be used in mapping from sta
22、ge 2 information flows and elements to Intercept Related Information (IRI) and Content of Communication (CC). The present document is consistent with the definition of the Handover Interface, as described in TS 102 232-1 2. NOTE 1: Layer 3 interception is described in TS 102 232-3 12. NOTE 2: Layer
23、2 interception is not applicable to the PS domain of the GSM/UMTS networks (TS 123 060 15). 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specif
24、ic references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid
25、at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. 1 Void. 2 ETSI TS 102 232-1: “Lawful Interception (LI); Handover Interface and Service-Specific Details (S
26、SD) for IP delivery; Part 1: Handover specification for IP delivery“. 3 IETF RFC 1122: “Requirements for Internet Hosts - Communication Layers“. 4 IETF RFC 1570: “PPP LCP Extensions“. 5 IETF RFC 3046: “DHCP Relay Agent Information Option“. 6 Recommendation ITU-T X.680: “Information technology - Abst
27、ract Syntax Notation One (ASN.1): Specification of basic notation“. 7 Recommendation ITU-T E.164: “The international public telecommunication numbering plan“. 8 IETF RFC 2341: “Cisco Layer Two Forwarding (Protocol) L2F“. 9 IETF RFC 2637: “Point-to-Point Tunneling Protocol (PPTP)“. ETSI ETSI TS 102 2
28、32-4 V3.2.2 (2014-07)610 IETF RFC 2661: “Layer Two Tunneling Protocol (L2TP)“. 11 IETF RFC 1661: “The Point-to-Point Protocol (PPP)“. 12 ETSI TS 102 232-3: “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 3: Service-specific details for internet
29、access services“. 13 ETSI TS 102 232-2: “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for messaging services“. 14 ETSI TS 101 331: “Lawful Interception (LI); Requirements of Law Enforcement Agencies“. 15 ETSI TS 123
30、 060: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); General Packet Radio Service (GPRS); Service description; Stage 2 (3GPP TS 23.060 Release 6)“. 16 IETF RFC 2684: “Multiprotocol Encapsulation over ATM Adaptation Layer 5“. 17 Void. 18 IET
31、F RFC 2427: “Multiprotocol Interconnect over Frame Relay“. 2.2 Informative references The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TR 102 503: “Lawful Interception (LI); AS
32、N.1 Object Identifiers in Lawful Interception and Retained data handling Specifications“. i.2 ETSI TS 101 909-20-1: “Digital Broadband Cable Access to the Public Telecommunications Network; IP Multimedia Time Critical Services; Part 20: Lawful Interception; Sub-part 1: CMS based Voice Telephony Serv
33、ices“. i.3 ETSI TS 101 909-20-2: “Digital Broadband Cable Access to the Public Telecommunications Network; IP Multimedia Time Critical Services; Part 20: Lawful Interception; Sub-part 2: Streamed multimedia services“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present do
34、cument, the terms and definitions given in TS 102 232-1 2, TS 102 232-3 12 and the following apply: Access Provider (AP): Communication Service Provider (CSP), providing access to networks NOTE 1: APs generally provide dial-up access through a modem and PPP connection, though companies that offer In
35、ternet access with other devices, such as cable modems or wireless connections, could also be considered APs. NOTE 2: In the context of the present document, the network access is defined as IP-based network access to the Internet. access service: set of access methods provided to a user to access a
36、 service and/or a supplementary service NOTE: In the context of the present document, the service to be accessed is defined as the Internet. ETSI ETSI TS 102 232-4 V3.2.2 (2014-07)7Application Service Provider (ASP): third-party entity that manages and distributes software-based services and solutio
37、ns to customers across a wide area network from a central data centre NOTE: In the context of the present document, a company that offers services that are accessible to users who have connectivity via the Internet. interconnect network: network connecting the AP and the IAP, across which the layer
38、2 tunnel is established Internet Access Provider (IAP): company that provides access to the Internet NOTE: The IAP provides subscribers a username, password and an IP address that enables subscribers to log onto the Internet for virtual connectivity to Application Service Providers. layer 2: link la
39、yer, as defined in RFC 1122 3 layer 2 interception: lawful interception using technology that can access layer 2 information Physical Line Termination Point (PLTP): point in the access providers infrastructure where the physical line to the customer is terminated EXAMPLE: xDSL-line termination point
40、, Cable-line termination point, Ethernet-line termination point. tunnel router: router that is an endpoint of a layer 2 tunnel; there are at least two tunnel routers for each layer 2 tunnel 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AAA Authenticat
41、ion, Authorization and Accounting ADSL Asymmetric Digital Subscriber Line AP Access Provider ASN.1 Abstract Syntax Notation 1 ASP Application Service ProviderATM Asynchronous Transfer Mode CC Content of Communication CIN Communication Identity Number CMTS Cable Modem Termination System CPE Customer
42、Premises Equipment CSP Communications Service Provider DF Delivery FunctionDHCP Dynamic Host Configuration Protocol DSL Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexer HI1 Handover Interface 1 (for Administrative Information) HI2 Handover Interface 2 (for Intercept Related I
43、nformation) HI3 Handover Interface 3 (for Content of Communication) IAP Internet Access Provider IAS Internet Access Service INI Internal Network Interface IP Internet Protocol IRI Intercept Related Information ISDN Integrated Services Digital Network L2F Layer 2 Forwarding L2TP Layer 2 Tunneling Pr
44、otocol LAES Lawful Authorized Electronic Surveillance LAN Local Area Network LCP Link Control Protocol LEA Law Enforcement AgencyLEMF Law Enforcement Monitoring Facility LI Lawful Interception LIID Lawful Interception IDentifier MAC Media Access Control MD Mediation Device ETSI ETSI TS 102 232-4 V3.
45、2.2 (2014-07)8NAS Network Access Server OID Object IDentifier PLTP Physical Line Termination Point PPP Point-to-Point Protocol PPTP Point-to-Point Tunneling Protocol PS Packet Switched PSTN Public Switched Telephone Network RADIUS Remote Authentication Dial In User Service SP Service Provider VoIP V
46、oice over Internet Protocol WLAN Wireless Local Area Network xDSL Digital Subscriber Line technologies 4 General 4.1 Access network An access network provides layer 2 connectivity from the Physical Line Termination Point (PLTP) for end-users to an Application Service Provider (ASP) through an Intern
47、et Access Provider (IAP). The access provided may be via a telephone, cable, or wireless-network. The present document describes the LI at the access network. The figures contained in the following clauses do not necessarily refer to physical configurations but identify the business roles associated
48、 with various scenarios to provide services. A provider can have one or more of following roles: Access Provider (AP), Internet Access Provider (IAP) and Application Provider. Lawful interception of communications has to accommodate a multitude of scenarios for public telecommunications. Four repres
49、entative scenarios are described below. 4.1.1 Scenario 1 This scenario reflects the situation in which the three identified provider roles are provisioned by independent providers. For example, an ASP provides Call Control for VoIP service, and is using the transport facilities of an IAP for connectivity to the AP. In this scenario, the specifications of the present document are relevant to the AP, while the IAP and ASP may be involved with interception according to the specifications of TS 102 232-2 13 and TS