Transcript Slide 1

CALEA IMPLEMENTATION
IN VoIP NETWORKS
Thursday - 02/24/05, 8:15-9:00am
By
Cemal Dikmen, Ph.D.
General Manager
Lawful Intercept Products
SS8 Networks, Inc.
Regulatory Update - VoIP

DoJ/FBI/DEA petition filed on 3/10/04 asked FCC to initiate proceeding to resolve
outstanding issues delaying CALEA implementation.

FCC has initiated a process called Notice of Proposed Rule Making (NPRM) on 8/4/2004 to
clarify the issues regarding interception of IP traffic. The comments from DoJ, service
providers, and vendors were filed on 11/8/2004. The reply comments were filed on
12/22/2004. The decision is expected in mid 2005.

NPRM tentatively concludes that CALEA applies to:



Facilities-based providers of broadband internet access;
Providers of “managed” VoIP service.
Why both broadband and managed VoIP providers?

Communications identifying information and content may only be available by access to both broadband
access and VoIP providers.

VoIP providers such as Vonage are probably going to be covered under CALEA under the
FCC’s upcoming decision.

Peer-to-Peer communications such as Skype will probably not be covered under CALEA.
Regulatory Update – IP Data
 Based on the NPRM on 8/4/2004, Facilities-based providers of
broadband internet access are expected to be covered under the
CALEA law.
 Why broadband service providers?

Communications identifying information and content may only be
available by access to both broadband access and VoIP providers.
 The specifications for IP interception are not available yet.
Old wiretap rules still apply – deliver everything to the LEA.
 Likely cause concerns over privacy. Need to define callidentifying information clearly for Pen Register & Trap and
Trace type court orders.
Regulatory Update - PoC
 Push-To-Talk over Cellular (PoC) in many cases uses VoIP
technology over wireless data networks.
 Several major wireless service providers are planning PoC
deployments.
 FCC has already declared that Push-To-Talk over Cellular
(PoC) is subject to the CALEA requirements.
 TIA is working on creating new lawful intercept
specifications for PoC. The new specifications are expected
to be published mid 2005.
 The difficulty is obtaining information and call events from
all the conference participants.
Requirements for Lawful Interception

Access to the information – Define Intercept Access Points

Provision the court order and define the target’s identity at the Intercept Access Points

Receive information from the Intercept Access Points to/from the target’s communication
channel

Format the intercepted information based on the standards

Filter the information based on the court order

Deliver the intercepted communications to one or more authorized law enforcement
agencies

Collect, store, and analyze the intercepted communications
Common CALEA Implementation
Demarcation Point
Service Provider
LEA
Court
Order
Provisioning
(a)
Intercept
Access
Points
(IAP)
SPAF
Call Data Events
(d-CII)
Call Content
(d-CC)
Proprietary
Internal Network Interface
Call Data Channel
Delivery
Function
(DF)
(e-CII)
Call Content
(e-CC)
Standards Based
Handover Interface
Collection
Function
(CF)
Lawful Intercept Standards

J-STD-025 Rev. A – For interception in wireless and wireline circuit-switched networks.

J-STD-025 Rev. B – For interception of packet data telecommunications services (e.g.,
cdma2000® packet data).

PacketCable™ – For interception of Voice over IP (VoIP) type telecommunications
services. The first specifications for VoIP interception.

T1S1 T1.678 – Lawfully authorized electronic surveillance for voice over packet
technologies in wireline telecommunications networks.

ETSI TS 101 671 – Defines the handover interface for interception of telecommunications
traffic.

ETSI TS 133 106, 133 107, 133 108 – Define interception in a GPRS/UMTS network.

ETSI TS 102 232 – Defines the handover interface for IP delivery.

ETSI TS 102 233 – Defines the handover interface for E-mail interception.
Intercept Access Points in PacketCable™
Architecture

CMS (Call Management System)
The Call Management System (CMS) provides service to the subscriber. The
CMS is responsible for intercepting the Call-Identifying information.

Cable Model Termination System (CMTS)
The Cable Modem Termination System (CMTS) which controls the set of
cable modems attached to the shared medium of the DOCSIS network. The
CMTS is responsible for intercepting the Call Content, and certain callidentifying information.

Media Gateway (MG)
The Media Gateway (MG) is designated as an Intercept Access Point for
purposes of intercepting Call Content for redirected calls to the PSTN.
PacketCable Voice Intercept - CMTS
Service Provider Domain
LI Administration
Function
Law Enforcement
Collection Function
Warrant
Call Management
Server (CMS)
Admin
CDC
CDC
DELIVERY
FUNCTION
Customer
Premise IAD
(SIP, H.323, or MGCP
based Gateway)
Call
Control
COPS
Request
Call
Control
Voice
Packets
RTP Stream
Target
Subscriber
CCC
CMTS
Customer
Premise
IAD (MTA)
CMTS
PacketCable Voice Intercept – Media GW
Service Provider Domain
Warrant
LI Administration
Function
Call Management
Server (CMS)
Admin
Law Enforcement
Collection Function
CDC
CDC
DELIVERY
XCIPIO
SSDF
FUNCTION
Call
Forward to
PSTN
MGCP
Voice
Packets
Target
Subscriber
Customer
Premise IAD
(SIP, H.323, or MGCP
based Gateway)
CCC
Call
Control
Call to
Target
PSTN
Gateway
CMTS
Forwarded
Call
Session Border Controller for VoIP
 A single Intercept Access Point (IAP) for both call
identifying information and call content.
 Eliminates the need to provision for call content
interception in real-time.
 Eliminates the dependency on the lawful intercept
capabilities of the softswitch, trunking gateway, CMTS
and/or edge routers.
 Transparent handling of call forwarding type features.
Session Border Controller as IAP
Service Provider Domain
Provisioning
of Warrant
LI Administration
Function
SBC
Law Enforcement
Collection Function
Provisioning and Call
Events over TCP/IP
Based SS8 Interface
IRI
IRI
XCIPIO SSDF
CC
CC
Customer
Premise IAD
(SIP, H.323, or MGCP
based Gateway)
Call
Control
Call
Control
Customer
Premise
IAD
Target
Subscriber
Cisco CMTS
And Routers
Technical Challenges

PacketCable is the most widely deployed implementation and it requires DQoS. Call
content interception cannot be performed if CMTS does not support DQoS. This situation
created new and different architectures which required Delivery Function to take an active
role in call content interception.

Most of the network elements (Call Management Systems, Gatekeepers, Media Gateways,
Aggregation Routers, CMTS, etc.) need to support lawful interception within the
distributed IP environment.

CMS Subscriber Provisioning interface does not address lawful interception provisioning.
The target provisioning requires proprietary interfaces.

It is extremely difficult (or sometimes impossible) to capture call identifying information
and call content in some of the call features, specifically for the features implemented
within the customer premise IAD.
Intercepting Conference Calls
 Conferencing is implemented within the Customer Premise Equipment
(CPE) in some of the technologies. In this case, there is no way of
knowing a conference is taking place.
 Calls are intercepted as individual calls.
 There is no call data information to report conference events.
 Each leg of the call content is delivered to the LEA separately.
Hosted Conference Service
Service Provider Domain
Conference
Server
PSTN
TGW
1-800-CONFERENCE
Customer
Premise IAD
IP Network
CMTS
Target
Subscriber
CMTS
3rd Party Conference Service
Conference
Service
Provider
PSTN
1-800-CONFERENCE
Service Provider Domain
TGW
Customer
Premise IAD
IP Network
CMTS
Target
Subscriber
CMTS
Real Life Problem ! ! !
VoIP Service Provider
Call Management
Server (CMS)
Call
Control
Call
Control
Access
Provider
Access
Provider
IP Backbone
Provider
Customer
Premise IAD
Customer
Premise IAD
RTP Stream
CMTS
Target
Subscriber
CMTS
Associate
Delivery Function As A Network Element
The Delivery Function should provide the user with:
 Single point for surveillance administration
 Built-in test tools for remote testing
 Standard MML and remote GUI support
 Alarm reporting and Error logging
 Automatic software fault recovery
 Automatic or manual disk backup
 SNMP support for alarm reporting
Thank You ! ! !
Cemal Dikmen
[email protected]
Phone: +1.203.567.0603
http://www.ss8.com