Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

LAWFUL INTERCEPTION MONITORING USING DISTRIBUTED ARCHITECTURE FOR NGN-2

VIEWS: 1 PAGES: 8

									 International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
        INTERNATIONAL JOURNAL OF ELECTRONICS AND
 0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME
COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)
ISSN 0976 – 6464(Print)
ISSN 0976 – 6472(Online)
Volume 4, Issue 2, March – April, 2013, pp. 129-136
                                                                               IJECET
© IAEME: www.iaeme.com/ijecet.asp
Journal Impact Factor (2013): 5.8896 (Calculated by GISI)                    ©IAEME
www.jifactor.com




      LAWFUL INTERCEPTION MONITORING USING DISTRIBUTED
                   ARCHITECTURE FOR NGN

                                   Munir B. Sayyad1, S.L. Nalbalwar2,
     1, 2
            Department of E & TC, Dr. Babasaheb Ambedkar Technological University, Lonere, Raighad,
                                                  India


   ABSTRACT

           With major developments in the telecommunication industry recently we have seen a
   migration towards an all IP network. This leads to the emergence of what is popularly known
   as the Next Generation Networks (NGN). The migration from the present legacy network to a
   converged all IP network would require a new approach towards security and lawful
   interception (LI). LI is the legally sanctioned official access to private communications, such
   as telephone calls or e-mail messages. LI for NGN has been a great concern to the Law
   Enforcement Agency (LEA). In this paper we propose a distributed architecture for LI in
   NGN. The proposed architecture suits today’s multi service provider network. We also
   discuss implementation of LI in heterogeneous network using an example of call flow for a
   SIP to H323 call.

   Keywords: Lawful Interception, NGN, Distributed Architecture, SIP, H323

   I. INTRODUCTION

           It has been a long time since the days when telecommunications was dependent on
   fixed PSTN networks, the only kind of communication payload transported was a 64kbps
   voice, where interception was possible at any point between the ends, and a simple solution
   was sufficient to monitor a circuit-switched networks.
           Today where ever you go the network follows in other words we have a ubiquitous
   packet switched network. The packet switched network is far more complex and deliver a
   wide range of services other than just voice. Data services multimedia services and other
   value added services form a greater part of the pay load. Monitoring these vast ranges of
   media has been a mammoth task for service providers. The multi vendor network scenario
   creates a highly complex network topology.

                                                    129
International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME

        With increased exploitation of advanced communication techniques for unlawful,
 malignant and malicious has proved a serious concern for LI of the communication. The
 challenges faced by service provider to comply by the different LI standards are numerous.
 Some of them are listed below

       • Wide variety of IP network link types
       • Large growing bandwidth and traffic load to monitor
       • Many application protocols used by different media types.
       • Multi vendor complex network topology.

    These were just few from the long list of challenges.

         The evolution in telecommunication to fixed-mobile convergence will be through the
 NGN path. NGN would be p multiservice, multiprotocol, multi-access, IP-based networks.
 Which is secure, reliable and trusted. The NGN framework is set by the International
 Telecommunication Union–Telecommunication Standardization Sector (ITU-T), especially
 the NGN Focus Group and European Telecommunications Standards Institute (ETSI)
         With NGN being a fully converged telecom network it would require a special
 architecture for deployment of LI system. Unlike the conventional telephone system the all IP
 network uses an end to end call flow model Moreover the NGN network takes mobility to
 new levels. The user profile in NGN would be mobile. This would allow the user to use his IP
 phone number through an host which is connected to internet. These days IP’s are allocated
 dynamically by the service providers which add to the complexity for LI. The architecture we
 propose in this paper is a distributed architecture. Distributed architecture has an advantage of
 reducing the load of processing from a single system, increase system reliability, efficiency
 and scalability. All this advantages while being able to centrally control administer and
 monitor from a central identity.
         Section II of the paper describes the requirement of NGN and its structure. Section III
 presents the proposed distributed architecture and its diagram. With an example of LI in
 SIP-H323 call flow we discuss the implementation of the proposed architecture in section IV.
 Section V summarizes the advantages and limitations of the proposed architecture and
 concludes the paper.

 II. NEXT GENERATION NETWORK

         As per the definition provided by ITU-T[1] “ A next generation network (NGN) is a
 packet based network able to provide services including Telecommunication Services and
 able to make use of multiple broadband, Quality of Service enabled transport technologies
 and in which service related functions are independent from underlying transport related
 technologies. It offers unrestricted access by users to different service providers. It supports
 generalized mobility which will allow consistent and ubiquitous provision of services to
 users.”
         In other words NGN implies to a convergence of all the networks built to provide
 different services into a network with a single core built over IP . It implies to an all IP
 network.




                                               130
International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME

        The NGN is built over a horizontally integrated layered model unlike the old vertical
 layer network model. It is modelled to provide point to point, point to multipoint, multipoint
 to multipoint connection. It can be broadly described by two horizontal layers NGN service
 and NGN transport layer.




                              Figure 1: NGN layered structure[2]

         NGN would interconnect with the existing networks and keep existing investment
 safely through devices such as the gateway. At the same time, it would also support the IP
 intelligence network terminals, including simulated telephone, electrograph, ISDN terminal,
 mobile phone, GPRS terminal, SIP terminal, H248 terminal, MGCP terminal, Ethernet
 telephone through the PC, video phone, the cable modem and so on.
         NGN would be a holistic converged network that would support all the services of
 yesterday and add number of new services. NGN ecosystem [2] can be stated briefly as

     •   Next Generation Services – Converged (quad-play-voice, data, video, mobile)
     •   Next Generation Access – High speed (Broadband) IP based connectivity (ADSL,
         VDSL, Wi-Max, Cable TV, FTTH, PLC)
     •   Next Generation Transport – Carrier Ethernet, IP-MPLS
     •   Next Generation Architecture – Service oriented (SOA), layered (transport, control,
         application)
     •   Next Generation Mobile – 3G+ (B3G)
     •   Next Generation Internet – IPv6
     •   Next Generation Interconnect – Capacity and Quality based
     •   Next Generation Licensing – Unified
     •   Next Generation Regulation – Converged, light handed

   It can be seen very clearly from the NGN ecosystem that it would require a new security
 mechanisms and architectures for lawful interception. In the next section we propose a
 distributed architecture.



                                              131
International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME

 III. DISTRIBUTED ARCHITECTURE FOR LI

         There have always been two types of basic architecture, centralized and distributed
 both of them having there unique advantages. Distributed architecture is preferred when a
 system is to be deployed for a heterogeneous network with huge data and signalling load. A
 distributed architecture distributes the labour of computation from a single device while
 providing a administrative control from the central entity.
   The proposed architecture is hierarchical architecture. We have a central LI entity (CLIE)
 that would connect to the LEA and perform administrative functions. Intermediate level
 entities (ILIE) would connect to different ISP’s. Intermediate level would also have a
 collection and storage function.All the ILIE functions would have a direct link connection
 with the CLIE. ILIE are supported by the base LI entities (BLIE). BLIE are employed at
 each of the gateways of existing network of the service provider the BLIE would monitor the
 payload as per the request from its superior entity.




                            Figure 2: Distributed architecture diagram

   The distributed architecture would also distribute the responsibilities and functions to
 different entities. The functions of each entity in this architecture would be

       • Central LI entity:
               1. It connects to the LEA. It is the only point for human interface.
               2. It has a central data storage server
               3. It resolves the target based on location and ISP
               4. It issues warrants to ILIEs for interception.
               5. Filters the information that has to be provided to LEA
               6. Monitoring of the subordinate entities.
       • Intermediate LI entity:
               1. It resolves the target into the type of network used.
               2. Issues warrants for LI to BLIE
               3. Has a storage intermediate storage function
               4. Provides a direct secure link to the CLIE


                                               132
International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME

       • Base LI entity:
              1. Monitors the target.
              2. Copies the RTP packets
              3. Decrypts the encrypted packets
              4. Provides deep packet investigation
              5. Provides a secure link to ILIE

         Each entity would be connected to other through a secure link and monitored by its
 superior entity. The structure would completely remove the scope of breech by human
 interface as it is completely secure with no involvement of any human being at all levels.
 The system is administered by strict system policies and firewalls. The intercept related
 information (IRI) is kept at two places one at the ILIE and CLIE. Location information is also
 stored with the other IRI. As per the requirements multiple public identities on different
 network can be intercepted together using this system. In the next section the working of this
 system is explained using a internetwork call flow.

 IV. WHAT HAPPENS DURING LI OF SIP TO H323 CALL

        In this section we would discuss step by step processes taking place when SIP user
 agent (UA) – target for LI calls a H323 endpoint.

                                Figure 3: SIP to H323 call Setup




         During an internetwork call the call passes through a internetworking function (IWF)
 also referred as call management system (CMS) in general. In any type of internetworking
 call IWF is the most important element for successful call setup. IWF translates the requests
 in the form that is acceptable by the other end point. During a call from SIP UA to H323 end
 point INVITE of SIP is translated to SETUP, 180 RINGING to ALERTING, 200 OK to
 ACK, SDP to H345 for negotiation of parameters.




                                              133
International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME

                        Figure 4: Call flow for LI during SIP to H323 call




 Step1: LEA gets the court orders for LI of the SIP target and provides it to the CLIE. There
        must be proper legislation for what kind of IRI is to be provided. Who is authorized to
        issue warrants for LI etc. to prevent the misuse of the system and ensure privacy of
        the citizens.
 Step2: Depending upon the target information received and the IRI requested CLIE resolves
        the target address to find the service provider and its location. It issues warrant to
        ILIE to monitor the target.
 Step3: ILIE further resolves the target address into its network types and issues a warrant to
        BLIE. BLIE keeps on monitoring the target – here a SIP UA.

                                              134
International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME

 Step4: SIP UA attempts to make a call it sends an INVITE message to the IWF .
 Step5: IWF sends the information of the address that the target is attempting to call to the
        BLIE
 Step6: BLIE forwards the information to ILIE.
 Step7: ILIE forwards the information to CLIE.
 Step8: CLIE resolves the address that the target is attempting to communicate with and
        issues warrants to the ILIE in the regeion of called part. In our case an H323 End
        Point.
 Step9: ILIE issues warrants to the BLLI.
 Step10: BLIE sends ACK to ILIE.
 Step11: ILIE sends ACK to CLIE.
 Step12: IWF sends SETUP request to H323 EP.
 Step13: H323 EP sends ACK to IWF.
 Step14: IWF sends 200 OK to the SIP UA.
 Step15: SIP UA sends SDP request for negotiation of resources.
 Step16: IWF sends H245 to H323 EP.
 Step17: Accepts the requirements and sends a media.
 Step18: The BLIE copies the media packets and forwards them to ILIE
 Step19: ILIE forwards the RTP packets to CLIE.
 Step20: H323 EP sends RTP packets to SIP UA.
 Step21: SIP UA attempts sends RTP packets.
 Step22: The packets are copied by BLIE and forwarded to ILIE
 Step23: ILIE stores forwards the RTP Packets to CLIE
 Step24: SIP UA sends the RTP packets to H323 EP.
 Step25: CLIE sends the IRI requested using a secure link.

     The call termination is not shown in the figure but takes place in the same manner as the
 call setup.
     In the proposed process the RTP packets are copied at both the end terminals. This would
 prevent any tempering of data and ensures authentic and accurate data delivery for LI. It even
 makes decryption process fast and accurate. The collection function at BLIE also filters the
 data packets for deep packet investigation. It can be noticed that all functions or entities can
 communicate only to their superior or subordinate entity. The policies for communication
 between the entities can be set as per the legal requirements through CLIE.

 V. CONCLUSION

    This paper proposes distributed architecture for LI in NGN. The proposed architectures
 have many unparallel advantages like it has no human interface except at the CLIE so there is
 chances of breech due to human factors are minimized to zero. The architecture is best suited
 for a heterogeneous inter network call. It is also general model which caters the service for
 LEA having targets in multiple Service Providers. In the process proposed for a call we have
 suggested coping storing of RTP packets at two places making it system data protected at two
 separate places. Each entity connects with other over direct secure lines which are not part of
 the network. This also provides high speed secure connectivity between the entities reducing
 the delay. This model can be scaled up to support more data without any basic change in
 architecture. Finally the hierarchical architecture simplifies the system management and
 collection.
                                               135
International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN
0976 – 6464(Print), ISSN 0976 – 6472(Online) Volume 4, Issue 2, March – April (2013), © IAEME

         Like any other model this architecture also has some limitations and drawbacks. The
 biggest drawback is it increases the time required for call setup. Devices at different network
 gateways with have to be installed in the network. This would be a capital burden on the
 service providers. The model can work efficiently only with strict government legislation and
 cooperation between the service providers. If these things have been taken care off then the
 model would provide a accurate and authentic LI in future networks.

 REFERENCES

 [1]   ITU-T Recommendation General overviewof NGN Y.2001 (12/2004)
 [2]   Satya N GuptaEmergence of next generation networks (NGN) – Regulatory and Security
       Challenges, BT global services
 [3]   F Baker, B Foster, C Sharp RFC- 3924 Cisco Architecture for Lawful Interception in IP
       networks, Cisco Systems, October 2004
 [4]   AndroMilanoviC, SiniSaSrbljid, Ivo RainjeviC, Darryl Sladden, Daniel Skrobo, and Ivan
       MatoSeviC.Distributed Architecture for lawful interception in VoIP networks, Ljubljana
       solvania,Eurocon 2003
 [5]   The Cisco Service Independent Intercept Architecture Version 3.0, Cisco System Inc,
       2007
 [6]   Tatiana Kovacikova, PavolSegec, NGN Standards Activities in ETSI,Slovakia
 [7]   ZohrehAyatollahi - SaeedeSarukhani - FatemehFayazi - Zahra AskaryRoknabady -
       AfsaneMadaniInteroperablity problems in Next Generation Network Protocols, Iran
       Telecommunication Research Center
 [8]   H. SchulzrinneColumbia University, C. Agboh, RFC4123 - Session Initiation Protocol
       (SIP)-H.323 Interworking,July 2005




                                              136

								
To top