STAR-GATE for PACKET DATA
Download
Report
Transcript STAR-GATE for PACKET DATA
STAR-GATE for
PACKET DATA
Arkady Linshitz
Product Manager
PRODUCT OVERVIEW
Introduction
Functional Description
GPRS and 3G Solutions
Product Demonstration
ISP Solutions
Company Confidential
STAR-GATE ARCHITECTURE
COMPREHENSIVE SOLUTION
– Covers both administrative and delivery function;
– Supports multiple networks and switches;
Company Confidential
STAR-GATE MEDIATION DEVICE
Performs the delivery function of
communication surveillance
• Wide Range of Protocols
GTP*
FTP
TIIT
ROSE
…
• Multicasting
Support 300 MC
Up to 5 simultaneous delivery
• Flexible Architecture
Company Confidential
GPRS Application Design
xGSN
X1P
X2P
X3P
MD
MD
Target Session Manager
HI1
MD
Inside
Company Confidential
HI2
HI3
STAR-GATE SAS
(Surveillance Administration Subsystem)
Assigns targets and oversees system
administration, maintenance and security
Company Confidential
STAR-GATE SAS
SINGLE POINT OF ADMINISTRATION
Company Confidential
STAR-GATE SOLUTION for GPRS
Company Confidential
STAR-GATE SOLUTION for GPRS
Interception Criteria
IMSI, MS ISDN, IMEI
Delivery Format
HI2
FTP
ROSE
HI3
FTP
GTP*
Company Confidential
STAR-GATE SOLUTION for 3G
Company Confidential
STAR-GATE SOLUTION for 3G
Interception Criteria
IMSI, MS ISDN, IMEI, (SIP URL)
Location Dependent Interception
1 or more areas in the same 3GMS
Charging Aspects
Producing intercept-charging data
Target List Synchronization
Company Confidential
3G Pan European networks The STARGATE solution
Company Confidential
STAR-GATE SOLUTION for VoIP
New Challenges
Communication Content
IP to PCM conversion
Signaling Protocols
SIP
H.323
Company Confidential
3G MD Application Design
X1
3GMS
X2
X3
VoIP Gateway
MD
Core Logic
HI1
Company Confidential
HI2
HI3
WELCOME TO
STAR-GATE DEMO
Company Confidential
STAR-GATE SOLUTION for ISP
Company Confidential
STAR-GATE for ISP - Challenges
Operational challenges:
– Target Provisioning
– Identification of target traffic
– Control and maintenance
– High Security
Technological challenges:
– Various network topologies
– Fast changing architecture
– No interference with ISP Service level
Company Confidential
STAR-GATE for ISP - Solution
Interception Criteria:
E-mail address
Username/CLI in RADIUS
IP address
MAC address
Access Solution based on:
LAN Splitter for mirroring
Switching hubs for aggregation and
filtering
PD MD Software
Company Confidential
STAR-GATE for ISP - Solution
Delivery Method:
FTP
Stream based
Delivery Format:
TIIT
STAR-GATE Tunneling Protocol
Company Confidential
ISP Mediation Device S/W Design
Network Access
(Interceptor)
Access Device
Core Logic
MD
HI1
MD
Inside
Company Confidential
HI2
HI3
Interceptors
RIPE (RADIUS IP Extractor)
Keeps in RAM the target list
(Username/CLI)
Monitors RADIUS messages
Generates HI2 messages to LEMF
Activates 3-4 layer switch and IPI based
on extracted IP address
Stops 3-4 layer switch and IPI upon logout
event
Company Confidential
Interceptors
IPI (IP Interceptor)
Gets IP address from RIPE
Analyze each packet in real-time
Collects packets
Forwards to LEMF
Company Confidential
Interceptors
SMTPI (SMTP Interceptor)
Keeps in RAM the target list (E-mail
address)
Monitors SMTP (Port # 25)
Checks E-mail address in “RCPT TO” or
“MAIL FROM”
Buffers all E-mail (from DATA command to
closing ‘.’)
Forwards LEMF
Company Confidential
Interceptors
DHCPE (DHCP Extractor)
Keeps in RAM the target list (MAC
address)
Monitors DHCP
Identifies events of IP address assignment
Generates HI2 messages to LEMF
Updates the system with the new IP
address
Company Confidential
Mr.
Adams
Mr.
Adams
Mr.
Adams
Mr.
Adams
Mr.
Adams
Mr.
Adams
The Access Device
TX
RX
TAP
TX
RX
TX
RX
TX
RX
3-4 Layer Switch
Company Confidential
Solution Considerations
Coverage
Intercepting all targets
Intercepting all data
Minimize number of intercepted links
Target Identification
RADIUS
DHCP
Security
None intrusive
Encryption
Company Confidential
The Solution
Company Confidential
System Security
Access rights: Access to target activation and
database is controlled by user rights.
Audit Trail: For user login/logout and target
activation/deactivation activities.
Centralized Target List Architecture: GSA is the
only LI entity where target list is saved on disk
Passive interception: No indication for on
going interception
Encrypted delivery to LEAs: Delivery to LEAs
can be encrypted using IP-Sec or TLS.
Company Confidential
WHY STAR-GATE
Comprehensive Solution
Any Network
Any Switch
Any Protocol
Unified Administration Center
Open Design and Flexible Architecture
Company Confidential
Thank you
Company Confidential