1、 ETSI TS 102 815 V1.3.1 (2006-04)Technical Specification Lawful Interception (LI);Service-specific details for Layer 2 Lawful InterceptionETSI ETSI TS 102 815 V1.3.1 (2006-04) 2 Reference RTS/LI-00031 Keywords IP, Lawful Interception, layer 2, security ETSI 650 Route des Lucioles F-06921 Sophia Anti
2、polis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The prese
3、nt document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers
4、of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/sta
5、tus/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restricti
6、on extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the
7、benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 815 V1.3.1 (2006-04) 3 Contents Intellectual Property Rights4 Foreword.4 Introduction 4 1 Scope 5 2 References 5 3 Definitions and abbreviations.
8、6 3.1 Definitions6 3.2 Abbreviations .7 4 General .7 4.1 Access network 7 4.1.1 Scenario 1 .8 4.1.2 Scenario 2 .9 4.1.3 Scenario 3 .9 4.1.4 Scenario 4 .10 4.2 Lawful Interception (LI) requirements .11 4.2.1 Target identity.11 4.2.2 Result of interception11 4.2.3 Intercept related information message
9、s.12 4.2.4 Time constraints12 5 System model .12 5.1 Reference configuration .12 5.2 Reference states13 5.2.1 Logon13 5.2.2 Data transport13 5.2.3 Logoff .14 5.2.4 Unexpected connection loss14 6 Intercept Related Information 14 6.1 IRI events .14 6.2 HI2 attributes15 7 Content of Communication (CC)
10、.15 8 ASN.1 for IRI and CC16 8.1 ASN.1 syntax tree for HI2 and HI3 headers.16 8.2 ASN.1 specification17 Annex A (normative): Reference network topologies.20 A.1 xDSL access .20 A.1.1 Events and information 20 A.2 Cable modem access 25 A.3 WLAN access.25 Annex B (informative): Stage 1 - RADIUS charac
11、teristics.26 B.1 Network topology.26 B.1.1 RADIUS proxy.26 Annex C (informative): Bibliography.28 Annex D (informative): Change Request History29 History 30 ETSI ETSI TS 102 815 V1.3.1 (2006-04) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have b
12、een declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards
13、“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other I
14、PRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI). Introduction The present document f
15、ocuses on layer 2 interception of IP-encoded information. It is to be used in conjunction with TS 102 232 2, in which the handling of the intercepted information is described. ETSI ETSI TS 102 815 V1.3.1 (2006-04) 5 1 Scope The present document specifies Lawful Interception for an Access Provider th
16、at has access to layer 2 session information and that is not required to have layer 3 information. In this case, the focus of Lawful Interception (LI) for IP Network Access is on the portion of the network, commonly referred to as “layer 2 interception“, that facilitates subscriber access to the Pub
17、lic IP network. The present document describes the LI at the interception domain of the access network. The specification contains: a stage 1 description of the Lawful Interception service; a stage 2 description of the information flows between the functional entities (including the information elem
18、ents involved) and triggering events; and a stage 3 description of the protocol and procedures to be used in mapping from stage 2 information flows and elements to Intercept Related Information (IRI) and Content of Communication (CC). The present document is consistent with the definition of the Han
19、dover Interface, as described in TS 102 232 2. NOTE 1: Layer 3 interception is described in TS 102 234 12. NOTE 2: Layer 2 interception is not applicable to the PS domain of the GSM/UMTS networks (TS 123 060 15). 2 References The following documents contain provisions which, through reference in thi
20、s text, constitute provisions of the present document. References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Re
21、ferenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. 1 ETSI TS 101 671: “Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic“. 2 ETSI TS 102 232: “Lawful Intercep
22、tion (LI); Handover Specification for IP Delivery“. 3 IETF RFC 1122: “Requirements for Internet Hosts - Communication Layers“. 4 IETF RFC 1570: “PPP LCP Extensions“. 5 IETF RFC 3046: “DHCP Relay Agent Information Option“. 6 ITU-T Recommendation X.680: “Information technology - Abstract Syntax Notati
23、on One (ASN.1): Specification of basic notation“. 7 ITU-T Recommendation E.164: “The international public telecommunication numbering plan“. 8 IETF RFC 2341: “Cisco Layer Two Forwarding (Protocol) (L2F)“. 9 IETF RFC 2637: “Point-to-Point Tunneling Protocol (PPTP)“. 10 IETF RFC 2661: “Layer Two Tunne
24、ling Protocol (L2TP)“. ETSI ETSI TS 102 815 V1.3.1 (2006-04) 6 11 IETF RFC 1661: “The Point To Point Protocol (PPP)“. 12 ETSI TS 102 234: “Lawful Interception (LI); Service-specific details for internet access services“. 13 ETSI TS 102 233: “Lawful Interception (LI); Service specific details for E-m
25、ail services“. 14 ETSI TS 101 331: “Telecommunications security; Lawful Interception (LI); Requirements of Law Enforcement Agencies“. 15 ETSI TS 123 060: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); General Packet Radio Service (GPRS); Se
26、rvice description; Stage 2 (3GPP TS 23 060 Release 6)“. 16 IETF RFC 2684: “Multiprotocol Encapsulation over ATM Adaptation Layer 5“. 17 ETSI TR 102 503: “ASN.1 Object Identifiers in Lawful Interception Specifications“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present d
27、ocument, the terms and definitions given in TS 102 232 2, TS 102 234 12 and the following apply: access provider: Communication Service Provider (CSP), providing access to networks NOTE 1: APs generally provide dial-up access through a modem and PPP connection, though companies that offer Internet a
28、ccess with other devices, such as cable modems or wireless connections, could also be considered APs. NOTE 2: In the context of the present document, the network access is defined as IP-based network access to the Internet. access service: set of access methods provided to a user to access a service
29、 and/or a supplementary service NOTE: In the context of the present document, the service to be accessed is defined as the Internet. application service provider: third-party entity that manages and distributes software-based services and solutions to customers across a wide area network from a cent
30、ral data centre NOTE: In the context of the present document, a company that offers services that are accessible to users who have connectivity via the Internet. interconnect network: network connecting the AP and the IAP, across which the layer 2 tunnel is established internet access provider: comp
31、any that provides access to the Internet NOTE: The IAP provides subscribers a username, password and an IP address that enables subscribers to log onto the Internet for virtual connectivity to Application Service Providers. layer 2: link layer, as defined in RFC 1122 3 layer 2 interception: lawful i
32、nterception using technology that can access layer 2 information physical line termination point: point in the access providers infrastructure where the physical line to the customer is terminated EXAMPLE: xDSL-line termination point, Cable-line termination point, Ethernet-line termination point. tu
33、nnel router: router that is an endpoint of a layer 2 tunnel; there are at least two tunnel routers for each layer 2 tunnel ETSI ETSI TS 102 815 V1.3.1 (2006-04) 7 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AAA Authentication, Authorization and Acco
34、unting AP Access Provider ASN.1 Abstract Syntax Notation 1 ASP Application Service ProviderATM Asynchronous Transfer Mode CC Content of Communication CMTS Cable Modem Termination System CPE Customer Premises Equipment CSP Communications Service Provider DF Delivery FunctionDHCP Dynamic Host Configur
35、ation Protocol DSL Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexer HI1 Handover Interface 1 (for Administrative Information) HI2 Handover Interface 2 (for Intercept Related Information) HI3 Handover Interface 3 (for Content of Communication) IAP Internet Access Provider IAS
36、Internet Access Service INI Internal Network Interface IP Internet Protocol IRI Intercept Related Information ISDN Integrated Services Digital Network ISP Internet Service Provider L2F Layer 2 Forwarding L2TP Layer 2 Tunneling Protocol LAES Lawful Authorized Electronic Surveillance LCP Link Control
37、ProtocolLEA Law Enforcement Agency LEMF Law Enforcement Monitoring Facility LI Lawful Interception LIID Lawful Interception Identifier MAC Media Access Control MD Mediation Device NAS Network Access Server PLTP Physical Line Termination Point PPP Point-to-Point Protocol PPTP Point-to-Point Tunneling
38、 Protocol PSTN Public Switched Telephone Network RADIUS Remote Authentication Dial In User Service SP Service Provider VoIP Voice over Internet Protocol WLAN Wireless Local Area Network 4 General 4.1 Access network An access network provides layer 2 connectivity from the Physical Line Termination Po
39、int (PLTP) for end-users to an Application Service Provider (ASP) through an Internet Access Provider (IAP). The access provided may be via a telephone, cable, or wireless-network. The present document describes the LI at the access network. The figures contained in the following clauses do not nece
40、ssarily refer to physical configurations but identify the business roles associated with various scenarios to provide services. A provider can have one or more of following roles: Access Provider (AP), Internet Access Provider (IAP) and Application Provider. ETSI ETSI TS 102 815 V1.3.1 (2006-04) 8 L
41、awful interception of communications must accommodate a multitude of scenarios for public telecommunications. Four representative scenarios are described below. 4.1.1 Scenario 1 This scenario reflects the situation in which the three identified provider roles are provisioned by independent providers
42、. For example, an ASP provides Call Control for VoIP service, and is using the transport facilities of an IAP for connectivity to the AP. In this scenario, the specifications of the present document are relevant to the AP, while the IAP and ASP may be involved with interception according to the spec
43、ifications of TS 102 233 13 and TS 102 234 12. Figure 1: Scenario in which access, transport and application services are offered by three different providers ETSI ETSI TS 102 815 V1.3.1 (2006-04) 9 4.1.2 Scenario 2 This scenario reflects the situation in which a network operator is acting only as a
44、n AP, and not as an IAP or ASP. In this scenario, the specifications of the present document are relevant to the AP, while the IAP / ASP may be involved with interception according to the specifications of TS 102 233 13 and TS 102 234 12. Figure 2: Scenario in which access is offered by a provider s
45、eparate from the one that is offering Internet transport and application service 4.1.3 Scenario 3 This scenario reflects the situation in which the AP and IAP roles are offered by a single provider. In this scenario the Service Provider (SP), having roles as an AP and an IAP, may be involved with in
46、terception according to TS 102 234 12 and layer 2 interception is not preferred. ETSI ETSI TS 102 815 V1.3.1 (2006-04) 10Figure 3: Scenario in which access and Internet transport are offered by a single provider that does not offer application service 4.1.4 Scenario 4 This scenario reflects the situ
47、ation in which the AP, IAP and ASP roles are offered by a single provider. In this scenario the service provider, having roles as an AP, an IAP and an ASP, may be involved with interception according to TS 102 233 13 and TS 102 234 12, and layer 2 interception is not preferred. Figure 4: Scenario in
48、 which access, transport and application services are offered by the same provider ETSI ETSI TS 102 815 V1.3.1 (2006-04) 114.2 Lawful Interception (LI) requirements This clause lists the requirements for Lawful Interception.(LI) These requirements are derived from higher-level requirements listed in
49、 TS 101 331 14 and TS 102 232 2 and are specific to Internet Access Services (IAS). These requirements focus on both the administrative part of Internet Access for delivery over HI2 as well as capturing traffic for delivery over HI3. 4.2.1 Target identity Where the special properties of a given service, and the justified requirements of the LEAs, necessitate the use of various identifying characteristics for determination of the traffic to be intercepted, the provider (CSP) shall ensure that the tra
