1、 ETSI TS 103 221-1 V1.1.1 (2017-10) Lawful Interception (LI); Part 1: Internal Network Interface X1 for Lawful Interception TECHNICAL SPECIFICATION floppy3ETSI ETSI TS 103 221-1 V1.1.1 (2017-10)2 Reference DTS/LI-00104-1 Keywords interface, lawful interception ETSI 650 Route des Lucioles F-06921 Sop
2、hia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The p
3、resent document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such ve
4、rsions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the
5、 current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification
6、No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the
7、foregoing restriction extend to reproduction in all media. ETSI 2017. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Or
8、ganizational Partners. oneM2M logo is protected for the benefit of its Members. GSM and the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 103 221-1 V1.1.1 (2017-10)3 Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 Ref
9、erences 6g32.1 Normative references . 6g32.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 8g34 Overview 9g34.1 Reference model . 9g34.2 Reference model for X1: requesting and responding . 9g34.3 Overview of security 10g34.4 Relationship to oth
10、er standards 10g34.5 Release management 10g35 Basic concepts 11g35.1 The lifecycle of a Task . 11g35.1.1 Start and end of a Task . 11g35.1.2 Identification of a Task . 11g35.1.3 Destinations 11g35.2 The lifecycle of an X1 request/response . 11g35.2.1 Identification of X1 request/response . 11g35.2.2
11、 Responding to the request . 11g35.2.3 Behaviour if a response is not received 12g35.3 Warnings and Faults . 12g36 Message Structure and Data Definitions 12g36.1 X1 Message details . 12g36.2 Message definitions: starting, modifying and stopping tasks . 13g36.2.1 ActivateTask . 13g36.2.1.1 Summary. 1
12、3g36.2.1.2 TaskDetails 14g36.2.2 ModifyTask. 16g36.2.3 DeactivateTask . 16g36.2.4 DeactivateAllTasks . 16g36.3 Message definitions: creating, modifying and removing Destinations . 17g36.3.1 CreateDestination . 17g36.3.1.1 Summary . 17g36.3.1.2 DestinationDetails . 17g36.3.2 ModifyDestination 18g36.3
13、.3 RemoveDestination . 18g36.3.4 RemoveAllDestinations 19g36.4 Message details: Getting information from NE 19g36.4.1 Introduction. 19g36.4.2 GetTaskDetails . 19g36.4.2.1 Summary . 19g36.4.2.2 TaskStatus . 20g36.4.3 GetDestinationDetails . 20g36.4.3.1 Summary . 20g36.4.3.2 DestinationStatus 21g36.4.
14、4 GetNEStatus . 21g36.4.4.1 Summary. 21g36.4.5 GetAllDetails 22g3ETSI ETSI TS 103 221-1 V1.1.1 (2017-10)4 6.4.5.1 Summary . 22g36.4.6 ListAllDetails 22g36.4.6.1 Summary . 22g36.5 Message details: Reporting issues from the NE . 23g36.5.1 Introduction. 23g36.5.2 ReportTaskIssue on given XID . 23g36.5.
15、2.1 Summary . 23g36.5.2.2 Task report types . 23g36.5.3 ReportDestinationIssue on given DID 24g36.5.3.1 Summary . 24g36.5.4 ReportNEIssue 24g36.6 Message details: Pings and Keepalives 25g36.6.1 Ping . 25g36.6.2 Keepalive 25g36.7 Protocol error details 26g37 Transport and Encoding . 27g37.1 Introduct
16、ion 27g37.2 Profile A . 28g37.2.1 Encoding . 28g37.2.2 Transport layer 28g37.2.2.1 HTTPS and HTTP . 28g37.2.2.2 How HTTP is used 28g37.2.2.3 Profile 28g38 Security. 29g38.1 Introduction 29g38.2 Transport Security 29g38.2.1 Summary . 29g38.2.2 Profile . 29g38.2.3 Key generation, deployment and storag
17、e 29g38.2.4 Authentication . 29g38.3 Additional security measures (beyond transport layer) 30g3Annex A (normative): Requirements . 31g3A.1 Basic requirements . 31g3A.1.1 Existing standards. 31g3A.2 Protocol Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, whi
18、ch is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced i
19、n ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except fo
20、r any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Fo
21、reword This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI). The present document is part 1 of a multi-part deliverable covering the internal network interfaces for Lawful Interception as identified below: Part 1: “Internal network interface X1 for
22、 Lawful Interception“; Part 2: “Internal network interface X2 for Lawful Interception“; Part 3: “Internal network interface X3 for Lawful Interception“. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “can
23、not“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 103 221-1 V1.1.1 (2017-10)6 1 Scope The present document defi
24、nes an electronic interface for the exchange of information relating to the establishment and management of Lawful Interception. Typically, this interface would be used between a central LI administration function and the network internal interception points. Typical reference models for LI define a
25、n interface between law enforcement agencies (LEAs) and communication service providers (CSPs), called the handover interface. They also define an internal network interface within the CSP domain between administration and mediation functions for lawful interception and network internal functions, w
26、hich facilitates the interception of communication. This internal network interface typically consists of three sub-interfaces; administration (called X1), transmission of intercept related information (X2) and transmission of content of communication (X3). The present document specifies the adminis
27、tration interface X1. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the refe
28、renced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot gu
29、arantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI TS 133 107: “Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Lawful interception architecture and functions (3GPP TS 33.107)“. 2 IETF RFC 4122:
30、“A Universally Unique Identifier (UUID) URN Namespace“. 3 W3C Recommendation 28 October 2004: “XML Schema Part 2: Datatypes Second Edition“. 4 ETSI TS 103 280: “Lawful Interception (LI); Dictionary for common parameters“. 5 Recommendation ITU-T E.212: “The international identification plan for publi
31、c networks and subscriptions“. 6 ETSI TS 123 003: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Numbering, addressing and identification (3GPP TS 23.003)“. 7 IETF RFC 3261: “SIP: Session Initiation Protocol“. 8 IETF RFC 3966: “The te
32、l URI for Telephone Numbers“. 9 IETF RFC 3508: “H.323 Uniform Resource Locator (URL) Scheme Registration“. 10 IETF RFC 4282: “The Network Access Identifier“. 11 IETF RFC 2865: “Remote Authentication Dial In User Service (RADIUS)“. 12 IETF RFC 2818: “HTTP over TLS“. 13 IETF RFC 7230: “Hypertext Trans
33、fer Protocol (HTTP/1.1): Message Syntax and Routing“. 14 IETF RFC 5246: “The Transport Layer Security (TLS) Protocol Version 1.2“. 15 IETF RFC 6176: “Prohibiting Secure Sockets Layer (SSL) Version 2.0“. ETSI ETSI TS 103 221-1 V1.1.1 (2017-10)7 16 IETF RFC 7525: “Recommendations for Secure Use of Tra
34、nsport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)“. 17 IETF RFC 6125: “Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)“. 18 I
35、ETF RFC 4519: “Lightweight Directory Access Protocol (LDAP): Schema for User Applications“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies.
36、For non-specific references, the latest version of the referenced document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessar
37、y for the application of the present document but they assist the user with regard to a particular subject area. i.1 OWASP TLS Cheat Sheet. NOTE: Available at https:/www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet. i.2 ETSI TR 103 308: “CYBER; Security baseline regarding LI and RD for
38、 NFV and related platforms“. i.3 ETSI GS NFV-SEC 009: “Network Functions Virtualisation (NFV); NFV Security; Report on use cases and technical approaches for multi-layer host administration“. i.4 ETSI GS NFV-SEC 012: “Network Functions Virtualisation (NFV) Release 3; Security; System architecture sp
39、ecification for execution of sensitive NFV components“. i.5 OWASP XML Security Cheat Sheet. NOTE: Available at https:/www.owasp.org/index.php/XML_Security_Cheat_Sheet. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply:
40、 destination: Point to which IRI and/or CC is delivered by the NE Destination Identifier (DID): identifier to uniquely identify a Destination internally to the X1 interface protocol error: error at the X1 protocol level (rather than any fault with ADMF or NE) NOTE: In the present document, the term
41、“error“ in general refers to a protocol error, whereas issues with systems not behaving correctly are called “faults“. task: continuous instance of interception at a single NE carried out against a set of target identifiers, identified by an X1 Identifier, starting from an activate command and endin
42、g with a deactivate command or terminating fault terminating fault: fault signalled from NE to ADMF which terminates the specific Task X1: LI interfaces internal to the CSP for management tasking X2: LI interfaces internal to the CSP for IRI delivery ETSI ETSI TS 103 221-1 V1.1.1 (2017-10)8 X3: LI i
43、nterfaces internal to the CSP for CC delivery X1 Identifier (XID): identifier to uniquely identify a Task internally to the X1 interface X1 Transaction ID: identifier used to identify a specific request/response pair 3.2 Abbreviations For the purposes of the present document, the following abbreviat
44、ions apply: ADMF Administration Function AVP Attribute-Value Pair CC Content of Communication CIDR Classless Inter Domain Routing CSP Communication Service Provider DID Destination IDentifier FQDN Full Qualified Domain Name FTP File Transfer Protocol GTP-C GPRS Tunnel Protocol (control plane) GTP-U
45、GPRS Tunnel Protocol ( user plane) HI Handover Interface HTML HyperText Markup Language HTTP Hyper Text Transfer Protocol HTTPS HTTP over TLS IMEI International Mobile Equipment Identity IMPI IP Mutltimedia Private Identity IMPU IP Mutltimedia Public identity IMSI International Mobile Station Identi
46、ty IP Internet Protocol IRI Intercept Related Information LEA Law Enforcement AgencyLEMF Law Enforcement Monitoring Facility LI Lawful Interception MAC Media Access Control NAI Network Access Identifier NAT Network Address Translation NE Network Element NOTE: The element or function performing the i
47、nterception NFV Network Functions Virtualisation OWASP Open Web Application Security Project SGSN Serving GPRS Support Node SIP Session Initiation Protocol SNMP Simple Network Management Protocol TCP Transmission Control Protocol TISPAN Telecommunication and Internet converged Services and Protocols
48、 for Advanced Networking TLS Transport Layer Security TPM Trusted Platform Module UDP User Datagram Protocol UID Unique IDentifier URI Uniform Resource Identifier UTF UCS Transformation FormatsUUID Universally Unique IDentifier XID X1 IDentifier XML eXtended Markup Language XSD XML Schema Definition
49、 ETSI ETSI TS 103 221-1 V1.1.1 (2017-10)9 4 Overview 4.1 Reference model The X1 interface is based on communication between two entities; the CSP Administration Function (ADMF), and the Network Element (NE) performing interception. The X1 reference model is shown in figure 1. ADMF Law EnforcementNENENENETasking interface e.g. HI-1 (out of scope)X1X1X1X1Figure 1: X1 reference model Only one ADMF shall make changes by X1 to a given NE. This is called the ADMF which is “responsible“ for that NE. Onward delivery of information from
