SlideShare uma empresa Scribd logo
1 de 26
Baixar para ler offline
Lifting the Lid on Lawful Intercept
Shane Alcock
University of Waikato
New Zealand
shane.alcock@waikato.ac.nz
© The University of Waikato • Te Whare Wānanga o Waikato
Introductions
● Research Programmer at the University of Waikato
○ Specialist in packet capture and analysis
○ Most of my work ends up as open source
○ Recently, developing software to assist with lawful intercept
● Unlike other LI experts...
○ I don’t work in law enforcement
○ I don’t work for a commercial LI vendor
○ I can be much more transparent about the LI process
© The University of Waikato • Te Whare Wānanga o Waikato
Lawful Intercept (LI)
● Legal and authorised interception of telecommunications
○ Mandated by governments
○ Aim is to investigate or prevent criminal activity
● Requested by Law Enforcement Agencies (LEAs)
○ Police, Intelligence Services, National security agencies
● Actioned by network operators
© The University of Waikato • Te Whare Wānanga o Waikato
Lawful Intercept (LI)
● Targeted at a specific user
● Supported by a lawfully issued warrant
● Severe penalties for failure to comply
○ Be prepared ahead of time!
© The University of Waikato • Te Whare Wānanga o Waikato
Lawful Intercept (LI)
LEA Network
Operator
Warrant
© The University of Waikato • Te Whare Wānanga o Waikato
Lawful Intercept (LI)
Warrant
Configuration
LI System
© The University of Waikato • Te Whare Wānanga o Waikato
Lawful Intercept (LI)
Warrant
LI System
Configuration
AAA
SIP
IP
© The University of Waikato • Te Whare Wānanga o Waikato
Lawful Intercept (LI)
Warrant
LI System
Configuration
AAA
SIP
IP
Meta-data (IRI)
Communication
Contents (CC)
© The University of Waikato • Te Whare Wānanga o Waikato
Standards
● Two widely recognised standards for LI
○ CALEA / ATIS: used in USA
○ ETSI: used almost everywhere else
● Not as simple as just sending a pcap to the LEA!
○ Standards ensure the intercept can withstand scrutiny in court
© The University of Waikato • Te Whare Wānanga o Waikato
ETSI Requirements
● Intercepted traffic must be streamed to LEAs in real time
○ Encrypted TCP sessions over public Internet
○ Closed physical connections for very sensitive intercepts
© The University of Waikato • Te Whare Wānanga o Waikato
ETSI Requirements
● Two separate handovers
○ Separate encrypted TCP session for each handover
○ One handover for meta-data
○ One for intercepted communications / packets
© The University of Waikato • Te Whare Wānanga o Waikato
ETSI Requirements
● Custom record format to label and sequence recorded data
○ Unique LIID provided by the LEA
○ Each session or call must also have a unique CIN
○ Sequence numbers per CIN to identify lost data
● Format is defined by many pages of ASN.1
© The University of Waikato • Te Whare Wānanga o Waikato
ETSI Requirements
● All communication by a target must be delivered to the LEA
○ No packet loss allowed
● Protect privacy of other network users
○ No interception of traffic for anyone other than the target
© The University of Waikato • Te Whare Wānanga o Waikato
ETSI Requirements
● Target cannot detect that the intercept is taking place
○ Communication must continue uninterrupted
○ No noticeable changes in routing or latency
© The University of Waikato • Te Whare Wānanga o Waikato
OpenLI
● Open source software for ETSI-compliant LI
○ Designed and maintained by me (mostly)
○ Low cost alternative to buying solutions from an LI vendor
○ Runs of Linux + commodity server hardware
○ Target audience: smaller operators
○ Deployed in production by operators in NZ
○ Can convert some network vendor LI formats into ETSI
https://openli.nz
© The University of Waikato • Te Whare Wānanga o Waikato
IP
Lawful Intercept with OpenLI
Warrant REST API
Requests
AAA
SIP
Meta-data (IRI)
Communication Contents
(CC)
OpenLI
Provisioner
OpenLI
Collector
OpenLI
Mediator
Intercept
InstructionsAgency Details
Intercepted Data
© The University of Waikato • Te Whare Wānanga o Waikato
OpenLI
● Multiple collectors can be distributed throughout a network
○ One per BNG or customer aggregation point
● Collector uses AAA protocols to determine target IP
○ Only intercepts packets for that session
○ Tracks dynamic IP changes
● Mediator is the only external-facing component
○ Makes outbound connections to the LEAs
© The University of Waikato • Te Whare Wānanga o Waikato
Alternatives
● Specialist LI vendors
○ Many companies offering LI solutions to choose from
○ Costs will be high and ongoing
○ Commercial-grade support
○ Provisioning and mediation included in the system
○ Good option for large carriers with money to spend
© The University of Waikato • Te Whare Wānanga o Waikato
Alternatives
● LI licenses for networking hardware
○ Cisco, Juniper, Nokia, etc.
○ Can be used for the collection phase
○ Still require a third-party mediator, as output is not ETSI compliant
Image credit: Jim Bryson
© The University of Waikato • Te Whare Wānanga o Waikato
The LI Deployment Checklist
▢ Determine the LI standards that apply to your network
○ Enquire with the relevant LEAs
○ Is the ETSI standard required?
○ Choose a vendor that meets the required standard
© The University of Waikato • Te Whare Wānanga o Waikato
The LI Deployment Checklist
▢ Security of your LI platform
○ LI is very sensitive infrastructure
○ Some vendors may not be allowed in your region
○ Also consider if you trust certain vendors
○ Internal security plan
○ Control access to the LI provisioning system
○ Audit logs of intercepts created and halted
© The University of Waikato • Te Whare Wānanga o Waikato
The LI Deployment Checklist
▢ Budgeting
○ Who pays for the LI equipment and software?
○ Who pays for support and maintenance?
○ Account for time to learn, integrate and validate LI system
© The University of Waikato • Te Whare Wānanga o Waikato
The LI Deployment Checklist
▢ Testing and validation
○ How do you confirm that the LI system is working?
○ Internally -- is there a validation mechanism available
○ Coordination with LEAs to test production system
○ Plan for regular monitoring to detect disruption
© The University of Waikato • Te Whare Wānanga o Waikato
The LI Deployment Checklist
▢ Upkeep and support
○ LI systems will require continuous maintenance
○ Adapting to new technologies, e.g. 5G
○ Updating to conform to changes in standards
○ Again, who pays and what is the budget?
© The University of Waikato • Te Whare Wānanga o Waikato
Interested in OpenLI?
● Learn more:
○ https://openli.nz
○ https://github.com/wanduow/openli
○ Email: openli-support@waikato.ac.nz
● I would love to learn more about the LI situation here
○ Public information is scarce
○ Allow me to ensure OpenLI is compliant with LEA requirements
○ Conversations would be off the record
© The University of Waikato • Te Whare Wānanga o Waikato
Thank you!
● Questions?

Mais conteúdo relacionado

Mais procurados

China Telecom - China Data Centers
China Telecom - China Data CentersChina Telecom - China Data Centers
China Telecom - China Data CentersBrian Trentacost
 
Hitrail: The Hermes VPN Network for Railway Services
Hitrail: The Hermes VPN Network for Railway ServicesHitrail: The Hermes VPN Network for Railway Services
Hitrail: The Hermes VPN Network for Railway Servicesictseserv
 
The Future of Roaming
The Future of RoamingThe Future of Roaming
The Future of RoamingMark Phillips
 
Superloop Investor Presentation
Superloop Investor PresentationSuperloop Investor Presentation
Superloop Investor PresentationPranav Rao
 
Best Network Practices for DSL Deployment
Best Network Practices for DSL DeploymentBest Network Practices for DSL Deployment
Best Network Practices for DSL DeploymentGlobal MarCom & LeadGen
 
Colt Access Solution Presentation External 12 07 2011
Colt Access Solution Presentation   External   12 07 2011Colt Access Solution Presentation   External   12 07 2011
Colt Access Solution Presentation External 12 07 2011acaiani
 
Active sharing best practice for regulators
Active sharing best practice for regulatorsActive sharing best practice for regulators
Active sharing best practice for regulatorsColeago Consulting
 
China Unicom Global Profile
China Unicom Global ProfileChina Unicom Global Profile
China Unicom Global ProfileAbhijit Datey
 
MNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operatorsMNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operators3G4G
 
FTTx Panorama - Services & Positioning - Broadband World Forum 2013
FTTx Panorama - Services & Positioning - Broadband World Forum 2013FTTx Panorama - Services & Positioning - Broadband World Forum 2013
FTTx Panorama - Services & Positioning - Broadband World Forum 2013IDATE DigiWorld
 
Colt Backbone Solution Presentation External 12 07 2011
Colt Backbone Solution Presentation   External   12 07 2011Colt Backbone Solution Presentation   External   12 07 2011
Colt Backbone Solution Presentation External 12 07 2011acaiani
 
The 4G LTE Auction in Thailand
The 4G LTE Auction in ThailandThe 4G LTE Auction in Thailand
The 4G LTE Auction in ThailandYOZZO
 
Diversity
DiversityDiversity
Diversityswbuza
 
Port of rotterdam & Blockchain
Port of rotterdam & BlockchainPort of rotterdam & Blockchain
Port of rotterdam & BlockchainSajjad Khaksari
 
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrum
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrumUK Spectrum Policy Forum - Report on future use of licence exempt radio spectrum
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrumtechUK
 
Transport network strategies at Telekom Austria Group- January 2014
Transport network strategies at Telekom Austria Group- January 2014Transport network strategies at Telekom Austria Group- January 2014
Transport network strategies at Telekom Austria Group- January 2014Wi-Fi 360
 
Motivation of the New SI Proposal: Study on Licensed-Assisted Access using LTE
Motivation of the New SI Proposal:Study on Licensed-Assisted Access using LTEMotivation of the New SI Proposal:Study on Licensed-Assisted Access using LTE
Motivation of the New SI Proposal: Study on Licensed-Assisted Access using LTEYi-Hsueh Tsai
 

Mais procurados (19)

China Telecom - China Data Centers
China Telecom - China Data CentersChina Telecom - China Data Centers
China Telecom - China Data Centers
 
Hitrail: The Hermes VPN Network for Railway Services
Hitrail: The Hermes VPN Network for Railway ServicesHitrail: The Hermes VPN Network for Railway Services
Hitrail: The Hermes VPN Network for Railway Services
 
The Future of Roaming
The Future of RoamingThe Future of Roaming
The Future of Roaming
 
Superloop Investor Presentation
Superloop Investor PresentationSuperloop Investor Presentation
Superloop Investor Presentation
 
Best Network Practices for DSL Deployment
Best Network Practices for DSL DeploymentBest Network Practices for DSL Deployment
Best Network Practices for DSL Deployment
 
Colt Access Solution Presentation External 12 07 2011
Colt Access Solution Presentation   External   12 07 2011Colt Access Solution Presentation   External   12 07 2011
Colt Access Solution Presentation External 12 07 2011
 
Active sharing best practice for regulators
Active sharing best practice for regulatorsActive sharing best practice for regulators
Active sharing best practice for regulators
 
China Unicom Global Profile
China Unicom Global ProfileChina Unicom Global Profile
China Unicom Global Profile
 
MNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operatorsMNO, MVNO, MVNA, MVNE: Different types of mobile operators
MNO, MVNO, MVNA, MVNE: Different types of mobile operators
 
FTTx Panorama - Services & Positioning - Broadband World Forum 2013
FTTx Panorama - Services & Positioning - Broadband World Forum 2013FTTx Panorama - Services & Positioning - Broadband World Forum 2013
FTTx Panorama - Services & Positioning - Broadband World Forum 2013
 
FTC6 Olivier Breton Level3 resolving Frogans addresses worldwide 2016/02/16
FTC6 Olivier Breton Level3 resolving Frogans addresses worldwide 2016/02/16FTC6 Olivier Breton Level3 resolving Frogans addresses worldwide 2016/02/16
FTC6 Olivier Breton Level3 resolving Frogans addresses worldwide 2016/02/16
 
Colt Backbone Solution Presentation External 12 07 2011
Colt Backbone Solution Presentation   External   12 07 2011Colt Backbone Solution Presentation   External   12 07 2011
Colt Backbone Solution Presentation External 12 07 2011
 
The 4G LTE Auction in Thailand
The 4G LTE Auction in ThailandThe 4G LTE Auction in Thailand
The 4G LTE Auction in Thailand
 
Diversity
DiversityDiversity
Diversity
 
Port of rotterdam & Blockchain
Port of rotterdam & BlockchainPort of rotterdam & Blockchain
Port of rotterdam & Blockchain
 
NBTC over view
NBTC over viewNBTC over view
NBTC over view
 
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrum
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrumUK Spectrum Policy Forum - Report on future use of licence exempt radio spectrum
UK Spectrum Policy Forum - Report on future use of licence exempt radio spectrum
 
Transport network strategies at Telekom Austria Group- January 2014
Transport network strategies at Telekom Austria Group- January 2014Transport network strategies at Telekom Austria Group- January 2014
Transport network strategies at Telekom Austria Group- January 2014
 
Motivation of the New SI Proposal: Study on Licensed-Assisted Access using LTE
Motivation of the New SI Proposal:Study on Licensed-Assisted Access using LTEMotivation of the New SI Proposal:Study on Licensed-Assisted Access using LTE
Motivation of the New SI Proposal: Study on Licensed-Assisted Access using LTE
 

Semelhante a Lifting the Lid on Lawful Intercept

Blockchain Technology - Week 4 - Hyperledger and Smart Contracts
Blockchain Technology - Week 4 - Hyperledger and Smart ContractsBlockchain Technology - Week 4 - Hyperledger and Smart Contracts
Blockchain Technology - Week 4 - Hyperledger and Smart ContractsFerdin Joe John Joseph PhD
 
Blockchain and government opportunities
Blockchain and government opportunitiesBlockchain and government opportunities
Blockchain and government opportunitiesSusan Dart
 
Janet and The Cloud / Sky - Universities driving value from Guest Wi-Fi
Janet and The Cloud / Sky - Universities driving value from Guest Wi-FiJanet and The Cloud / Sky - Universities driving value from Guest Wi-Fi
Janet and The Cloud / Sky - Universities driving value from Guest Wi-FiThomas Aspinall
 
20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)
20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)
20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)Tom Lyons
 
Unit 1 IoT Fundamentals.pdf
Unit 1 IoT Fundamentals.pdfUnit 1 IoT Fundamentals.pdf
Unit 1 IoT Fundamentals.pdfZoyaAli844417
 
PITA 22: Addressing interconnection and security in the Pacific
PITA 22: Addressing interconnection and security in the PacificPITA 22: Addressing interconnection and security in the Pacific
PITA 22: Addressing interconnection and security in the PacificAPNIC
 
TTBizLink Project, Trinidad And Tobago
TTBizLink Project, Trinidad And TobagoTTBizLink Project, Trinidad And Tobago
TTBizLink Project, Trinidad And TobagoUNDP India
 
Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25ISOC-KG
 
Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...Jisc
 
Julie Marguerite - Tefis open calls (fia dec 2010)
Julie Marguerite - Tefis open calls  (fia dec 2010)Julie Marguerite - Tefis open calls  (fia dec 2010)
Julie Marguerite - Tefis open calls (fia dec 2010)FIA2010
 
Understanding blockchains
Understanding blockchainsUnderstanding blockchains
Understanding blockchainsLen Bass
 
Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46Jisc
 
SDN evolution: the view from academia. Dr Brendan Jennings, TSSG
SDN evolution: the view from academia. Dr Brendan Jennings, TSSGSDN evolution: the view from academia. Dr Brendan Jennings, TSSG
SDN evolution: the view from academia. Dr Brendan Jennings, TSSGWalton Institute
 
COMIT community day summer 2018 - main slides
COMIT community day summer 2018 - main slidesCOMIT community day summer 2018 - main slides
COMIT community day summer 2018 - main slidesComit Projects Ltd
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdfAmitH42
 
Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In NepalCyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In NepalICT Frame Magazine Pvt. Ltd.
 

Semelhante a Lifting the Lid on Lawful Intercept (20)

Blockchain Technology - Week 4 - Hyperledger and Smart Contracts
Blockchain Technology - Week 4 - Hyperledger and Smart ContractsBlockchain Technology - Week 4 - Hyperledger and Smart Contracts
Blockchain Technology - Week 4 - Hyperledger and Smart Contracts
 
Blockchain and government opportunities
Blockchain and government opportunitiesBlockchain and government opportunities
Blockchain and government opportunities
 
Janet and The Cloud / Sky - Universities driving value from Guest Wi-Fi
Janet and The Cloud / Sky - Universities driving value from Guest Wi-FiJanet and The Cloud / Sky - Universities driving value from Guest Wi-Fi
Janet and The Cloud / Sky - Universities driving value from Guest Wi-Fi
 
20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)
20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)
20190626 eu blockchain_how europe supports blockcahcin (cv conference) (1)
 
Unit 1 IoT Fundamentals.pdf
Unit 1 IoT Fundamentals.pdfUnit 1 IoT Fundamentals.pdf
Unit 1 IoT Fundamentals.pdf
 
PITA 22: Addressing interconnection and security in the Pacific
PITA 22: Addressing interconnection and security in the PacificPITA 22: Addressing interconnection and security in the Pacific
PITA 22: Addressing interconnection and security in the Pacific
 
TTBizLink Project, Trinidad And Tobago
TTBizLink Project, Trinidad And TobagoTTBizLink Project, Trinidad And Tobago
TTBizLink Project, Trinidad And Tobago
 
Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25Isoc bishkek 2015 11-25
Isoc bishkek 2015 11-25
 
Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...Trust and identity - enabling intra- and inter-organisational authentication ...
Trust and identity - enabling intra- and inter-organisational authentication ...
 
Julie Marguerite - Tefis open calls (fia dec 2010)
Julie Marguerite - Tefis open calls  (fia dec 2010)Julie Marguerite - Tefis open calls  (fia dec 2010)
Julie Marguerite - Tefis open calls (fia dec 2010)
 
chapter-1_iot.pptx
chapter-1_iot.pptxchapter-1_iot.pptx
chapter-1_iot.pptx
 
IOT UNIT 1B.ppt
IOT UNIT 1B.pptIOT UNIT 1B.ppt
IOT UNIT 1B.ppt
 
intro to iot.pdf
intro to iot.pdfintro to iot.pdf
intro to iot.pdf
 
Understanding blockchains
Understanding blockchainsUnderstanding blockchains
Understanding blockchains
 
The I in Internet of Things: Implications for the Global Open Internet
The I in Internet of Things: Implications for the Global Open InternetThe I in Internet of Things: Implications for the Global Open Internet
The I in Internet of Things: Implications for the Global Open Internet
 
Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46Opening plenary session - Day one Networkshop46
Opening plenary session - Day one Networkshop46
 
SDN evolution: the view from academia. Dr Brendan Jennings, TSSG
SDN evolution: the view from academia. Dr Brendan Jennings, TSSGSDN evolution: the view from academia. Dr Brendan Jennings, TSSG
SDN evolution: the view from academia. Dr Brendan Jennings, TSSG
 
COMIT community day summer 2018 - main slides
COMIT community day summer 2018 - main slidesCOMIT community day summer 2018 - main slides
COMIT community day summer 2018 - main slides
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdf
 
Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In NepalCyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
Cyber Security Practices and Future Plan: Real Scenario in ISPs In Nepal
 

Mais de Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

Mais de Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Último

Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 

Último (12)

Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 

Lifting the Lid on Lawful Intercept

  • 1. Lifting the Lid on Lawful Intercept Shane Alcock University of Waikato New Zealand shane.alcock@waikato.ac.nz
  • 2. © The University of Waikato • Te Whare Wānanga o Waikato Introductions ● Research Programmer at the University of Waikato ○ Specialist in packet capture and analysis ○ Most of my work ends up as open source ○ Recently, developing software to assist with lawful intercept ● Unlike other LI experts... ○ I don’t work in law enforcement ○ I don’t work for a commercial LI vendor ○ I can be much more transparent about the LI process
  • 3. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) ● Legal and authorised interception of telecommunications ○ Mandated by governments ○ Aim is to investigate or prevent criminal activity ● Requested by Law Enforcement Agencies (LEAs) ○ Police, Intelligence Services, National security agencies ● Actioned by network operators
  • 4. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) ● Targeted at a specific user ● Supported by a lawfully issued warrant ● Severe penalties for failure to comply ○ Be prepared ahead of time!
  • 5. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) LEA Network Operator Warrant
  • 6. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) Warrant Configuration LI System
  • 7. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) Warrant LI System Configuration AAA SIP IP
  • 8. © The University of Waikato • Te Whare Wānanga o Waikato Lawful Intercept (LI) Warrant LI System Configuration AAA SIP IP Meta-data (IRI) Communication Contents (CC)
  • 9. © The University of Waikato • Te Whare Wānanga o Waikato Standards ● Two widely recognised standards for LI ○ CALEA / ATIS: used in USA ○ ETSI: used almost everywhere else ● Not as simple as just sending a pcap to the LEA! ○ Standards ensure the intercept can withstand scrutiny in court
  • 10. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Intercepted traffic must be streamed to LEAs in real time ○ Encrypted TCP sessions over public Internet ○ Closed physical connections for very sensitive intercepts
  • 11. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Two separate handovers ○ Separate encrypted TCP session for each handover ○ One handover for meta-data ○ One for intercepted communications / packets
  • 12. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Custom record format to label and sequence recorded data ○ Unique LIID provided by the LEA ○ Each session or call must also have a unique CIN ○ Sequence numbers per CIN to identify lost data ● Format is defined by many pages of ASN.1
  • 13. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● All communication by a target must be delivered to the LEA ○ No packet loss allowed ● Protect privacy of other network users ○ No interception of traffic for anyone other than the target
  • 14. © The University of Waikato • Te Whare Wānanga o Waikato ETSI Requirements ● Target cannot detect that the intercept is taking place ○ Communication must continue uninterrupted ○ No noticeable changes in routing or latency
  • 15. © The University of Waikato • Te Whare Wānanga o Waikato OpenLI ● Open source software for ETSI-compliant LI ○ Designed and maintained by me (mostly) ○ Low cost alternative to buying solutions from an LI vendor ○ Runs of Linux + commodity server hardware ○ Target audience: smaller operators ○ Deployed in production by operators in NZ ○ Can convert some network vendor LI formats into ETSI https://openli.nz
  • 16. © The University of Waikato • Te Whare Wānanga o Waikato IP Lawful Intercept with OpenLI Warrant REST API Requests AAA SIP Meta-data (IRI) Communication Contents (CC) OpenLI Provisioner OpenLI Collector OpenLI Mediator Intercept InstructionsAgency Details Intercepted Data
  • 17. © The University of Waikato • Te Whare Wānanga o Waikato OpenLI ● Multiple collectors can be distributed throughout a network ○ One per BNG or customer aggregation point ● Collector uses AAA protocols to determine target IP ○ Only intercepts packets for that session ○ Tracks dynamic IP changes ● Mediator is the only external-facing component ○ Makes outbound connections to the LEAs
  • 18. © The University of Waikato • Te Whare Wānanga o Waikato Alternatives ● Specialist LI vendors ○ Many companies offering LI solutions to choose from ○ Costs will be high and ongoing ○ Commercial-grade support ○ Provisioning and mediation included in the system ○ Good option for large carriers with money to spend
  • 19. © The University of Waikato • Te Whare Wānanga o Waikato Alternatives ● LI licenses for networking hardware ○ Cisco, Juniper, Nokia, etc. ○ Can be used for the collection phase ○ Still require a third-party mediator, as output is not ETSI compliant Image credit: Jim Bryson
  • 20. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Determine the LI standards that apply to your network ○ Enquire with the relevant LEAs ○ Is the ETSI standard required? ○ Choose a vendor that meets the required standard
  • 21. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Security of your LI platform ○ LI is very sensitive infrastructure ○ Some vendors may not be allowed in your region ○ Also consider if you trust certain vendors ○ Internal security plan ○ Control access to the LI provisioning system ○ Audit logs of intercepts created and halted
  • 22. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Budgeting ○ Who pays for the LI equipment and software? ○ Who pays for support and maintenance? ○ Account for time to learn, integrate and validate LI system
  • 23. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Testing and validation ○ How do you confirm that the LI system is working? ○ Internally -- is there a validation mechanism available ○ Coordination with LEAs to test production system ○ Plan for regular monitoring to detect disruption
  • 24. © The University of Waikato • Te Whare Wānanga o Waikato The LI Deployment Checklist ▢ Upkeep and support ○ LI systems will require continuous maintenance ○ Adapting to new technologies, e.g. 5G ○ Updating to conform to changes in standards ○ Again, who pays and what is the budget?
  • 25. © The University of Waikato • Te Whare Wānanga o Waikato Interested in OpenLI? ● Learn more: ○ https://openli.nz ○ https://github.com/wanduow/openli ○ Email: openli-support@waikato.ac.nz ● I would love to learn more about the LI situation here ○ Public information is scarce ○ Allow me to ensure OpenLI is compliant with LEA requirements ○ Conversations would be off the record
  • 26. © The University of Waikato • Te Whare Wānanga o Waikato Thank you! ● Questions?