STAR-GATE for PACKET DATA

Download Report

Transcript STAR-GATE for PACKET DATA 

STAR-GATE for
PACKET DATA
Arkady Linshitz
Product Manager
PRODUCT OVERVIEW
Introduction
Functional Description
GPRS and 3G Solutions
Product Demonstration
ISP Solutions
Company Confidential
STAR-GATE ARCHITECTURE
COMPREHENSIVE SOLUTION
– Covers both administrative and delivery function;
– Supports multiple networks and switches;
Company Confidential
STAR-GATE MEDIATION DEVICE
Performs the delivery function of
communication surveillance
• Wide Range of Protocols
 GTP*
 FTP
 TIIT
 ROSE
 …
• Multicasting
 Support 300 MC
 Up to 5 simultaneous delivery
• Flexible Architecture
Company Confidential
GPRS Application Design
xGSN
X1P
X2P
X3P
MD
MD
Target Session Manager
HI1
MD
Inside
Company Confidential
HI2
HI3
STAR-GATE SAS
(Surveillance Administration Subsystem)
Assigns targets and oversees system
administration, maintenance and security
Company Confidential
STAR-GATE SAS
SINGLE POINT OF ADMINISTRATION
Company Confidential
STAR-GATE SOLUTION for GPRS
Company Confidential
STAR-GATE SOLUTION for GPRS
Interception Criteria
 IMSI, MS ISDN, IMEI
Delivery Format
 HI2
 FTP
 ROSE
 HI3
 FTP
 GTP*
Company Confidential
STAR-GATE SOLUTION for 3G
Company Confidential
STAR-GATE SOLUTION for 3G
Interception Criteria
 IMSI, MS ISDN, IMEI, (SIP URL)
Location Dependent Interception
 1 or more areas in the same 3GMS
Charging Aspects
 Producing intercept-charging data
Target List Synchronization
Company Confidential
3G Pan European networks The STARGATE solution
Company Confidential
STAR-GATE SOLUTION for VoIP
New Challenges
Communication Content
 IP to PCM conversion
Signaling Protocols
 SIP
 H.323
Company Confidential
3G MD Application Design
X1
3GMS
X2
X3
VoIP Gateway
MD
Core Logic
HI1
Company Confidential
HI2
HI3
WELCOME TO
STAR-GATE DEMO
Company Confidential
STAR-GATE SOLUTION for ISP
Company Confidential
STAR-GATE for ISP - Challenges
Operational challenges:
– Target Provisioning
– Identification of target traffic
– Control and maintenance
– High Security
Technological challenges:
– Various network topologies
– Fast changing architecture
– No interference with ISP Service level
Company Confidential
STAR-GATE for ISP - Solution
Interception Criteria:




E-mail address
Username/CLI in RADIUS
IP address
MAC address
Access Solution based on:
 LAN Splitter for mirroring
 Switching hubs for aggregation and
filtering
 PD MD Software
Company Confidential
STAR-GATE for ISP - Solution
Delivery Method:
 FTP
 Stream based
Delivery Format:
 TIIT
 STAR-GATE Tunneling Protocol
Company Confidential
ISP Mediation Device S/W Design
Network Access
(Interceptor)
Access Device
Core Logic
MD
HI1
MD
Inside
Company Confidential
HI2
HI3
Interceptors
RIPE (RADIUS IP Extractor)
 Keeps in RAM the target list
(Username/CLI)
 Monitors RADIUS messages
 Generates HI2 messages to LEMF
 Activates 3-4 layer switch and IPI based
on extracted IP address
 Stops 3-4 layer switch and IPI upon logout
event
Company Confidential
Interceptors
IPI (IP Interceptor)
 Gets IP address from RIPE
 Analyze each packet in real-time
 Collects packets
 Forwards to LEMF
Company Confidential
Interceptors
SMTPI (SMTP Interceptor)
 Keeps in RAM the target list (E-mail
address)
 Monitors SMTP (Port # 25)
 Checks E-mail address in “RCPT TO” or
“MAIL FROM”
 Buffers all E-mail (from DATA command to
closing ‘.’)
 Forwards LEMF
Company Confidential
Interceptors
DHCPE (DHCP Extractor)
 Keeps in RAM the target list (MAC
address)
 Monitors DHCP
 Identifies events of IP address assignment
 Generates HI2 messages to LEMF
 Updates the system with the new IP
address
Company Confidential
Mr.
Adams
Mr.
Adams
Mr.
Adams
Mr.
Adams
Mr.
Adams
Mr.
Adams
The Access Device
TX
RX
TAP
TX
RX
TX
RX
TX
RX
3-4 Layer Switch
Company Confidential
Solution Considerations
Coverage
 Intercepting all targets
 Intercepting all data
 Minimize number of intercepted links
Target Identification
 RADIUS
 DHCP
Security
 None intrusive
 Encryption
Company Confidential
The Solution
Company Confidential
System Security
Access rights: Access to target activation and
database is controlled by user rights.
Audit Trail: For user login/logout and target
activation/deactivation activities.
Centralized Target List Architecture: GSA is the
only LI entity where target list is saved on disk
Passive interception: No indication for on
going interception
Encrypted delivery to LEAs: Delivery to LEAs
can be encrypted using IP-Sec or TLS.
Company Confidential
WHY STAR-GATE
Comprehensive Solution
 Any Network
 Any Switch
 Any Protocol
Unified Administration Center
Open Design and Flexible Architecture
Company Confidential
Thank you
Company Confidential