Sicurezza e Giustizia

ETSI LI & RD Status (Sept. 2019)

Facebooktwitterredditpinterestlinkedinmail

by Gerald McQuaid and Domenico Raffaele Cione

This article highlights the relevant ETSI activity on Lawful Interception (LI) and Retained Data (RD) as update to the previous article of February 2017. The 2018th and 2019th period work items are described in the following section.

pdf-icon

 

Most ETSI TC LI committee work was focused to standardize both the LI internal (X) and external handover (HI) interfaces to cover the new 5G requirements in addition to the latest coming LEA functional demands.
The 5G Interception domain addressed by ETSI interfaces includes the one being defined by the 3GPP committees as specified by the Release 15 LI specifications ETSI TS 133 126 (5G LEA requirements from 3GPP TS 33 126), ETSI TS 133 127 (5G Architecture and Functions from 3GPP TS 33 127) and ETSI TS 133 128 (5G Protocols and Procedures from 3GPP TS 33 128).

The Internal Network Interfaces for the administrative LI procedures (X1, ref. TS 103 221-1) was for the first time standardized in 2018 and enhanced by ETSI during 2019 to cover all the possible administrative interfaces from the CSP Administration Function (ADMF) towards the Network Elements (NE’s), Triggering Functions and Mediation Functions (MF’s). ETSI X1 is now structured to cover all the network interception domains scenarios (e.g. including 5G use cases).
TS 102 677 v1.1.1 on LI Dynamic Triggering (DT) of Interception was published during 2019 focusing on the architecture for the lawful interception of dynamically-allocated flows in a secondary communications domain, triggered by the activity of permanent identities in a primary domain. DT compliments the use of ETSI TS 103 221-1 X1 interface specification.

The Internal Network Interfaces for the IRI (Intercept Related Information) and CC (Content of Communication) data (X2 and X3, ref. TS 103 221-2) have just been finalized to support any Product Data Units (PDUs) type format (i.e. 3GPP, ETSI TS 102 232 parts) transferring from Points of Interception (POI’s) towards the Mediation Delivery Functions (MFD’s). Furthermore, ETSI TC LI has started a study on high bandwidth delivery (to be published as TR 103 656 expected in 2020) focusing on the X3 and HI3 interfaces with the intent to define the proper protocol mechanisms assuring all data delivery with respect all possible huge delivery data throughput for 5G relevant use cases.

 

For the External Network Interfaces, ETSI is now working solely on the IP based delivery HI of TS 102 232-i family based on the decision to put the TS 101 671 (and related ES 201 671) specifications to the historical status (e.g. not updated anymore since 2018).
TC LI has published new versions of HI of TS 102 232-i family to provide LEA with intercepted data of communication services for messaging, internet access, layer 2, IP multimedia, PSTN/ISDN and mobile. The new TS 102 232-1 v3.20.1 has been enriched to provide HI2 and HI3 data handover of the Inter LEMF HI (ILHI) and of the 5G PDUs also covering the new payload type HI4 PDU of 3GPP TS 33.128 (ref. TS 102 232-7 v3.6.1). For VoLTE roaming, the ETSI HI is aligned to support LI in VPLMN with S8HR as defined in 3GPP.
The interception of the IP Multimedia services has been improved (ref. TS 102 232-5 v3.11.1) to include IMSI/IMEI as possible target identifiers, IRI only for SMS in SIP messages.
TS 102 232-2 is now under study to extend the lawful interception to the Instant Messaging service as defined at EC level to allow users to transfer messages of a finite number of users in near-real-time whereby the persons initiating or participating in the communications determine its recipient(s).

A new publication of the Dictionary for common standard parameters, TS 103 280 v2.3.1 was provided in 2019 to add the 5G identifiers and to correct several previous 4G, 3G parameters that are commonly used in the different LI specifications where interfaces are specified. Furthermore, it was guaranteed also the alignment to the ASN.1 object identifies defined in latest LI HI specification by releasing the updated version v1.12.1 of the report TR 102 503 (with v1.13.1 expected by October 2019).

Retained Data (RD) Handover Interface specification was enhanced to take into account of a series of input from LEA’s requesting to add new data as payment transaction, passport or ID copy, bill copy, Multi-SIM support. TS 102 657 v1.23.1 was published.
ETSI is now working to extend the RD HI interfaces to handover the so-called “Lawful Disclosure” (LD), which not only deals with CDRs and subscription information, but may also be used for retrieval of invoices, mailboxes and other business data available within the CSP domain.
The new HI1 specification TS 103 120 v1.3.1 (updated to support 5G) was agreed to be extended to support LD for both warrant request managing (from LEA to CSP) and subsequent LD data transferring (from CSP to LEA). This new LD specification is planned to be finalized by ETSI by mid 2020.

The new TS 103 462 v1.1.1 was published in 2018 to address the new European Investigation Order (EIO) for criminal matters which specifies that an LEA of a country A shall be able to get intercepted data of a target using a communication service in a CSP network located in a country B. This first Inter LEMF handover interface (ILHI) was specified for LI data and following it was agreed for a new work item to extend this ILHI specification to RD and LD data.

Current most ETSI organizations focus and work action is currently for a Technical Report (to be published as TR 103 685 expected in 2020) on LI and LD network function security focusing on threats and risks to provide applicable recommendations. Major interest is on virtualization including but not restricted to NFV (ref. GR NFV-SEC 011 v1.1.1).

 

Latest published ETSI standard on LI & RD* (September 2019)

ETSI TS 103 221-1 V1.5.1 (2019-07) Lawful Interception (LI); Part 1: Internal Network Interface X1 for Lawful Interception
It refers to internal intercepted information on X1 interface between the two entities of the controlling function (e.g. a CSP Administration Function (ADMF)) and the controlled function (e.g. a Network Element (NE) performing interception or mediation).

ETSI TS 103 221-2 V1.1.1 (2019-03) Lawful Interception (LI); Part 2: Internal Network Interface X2/X3 for Lawful Interception. It refers to internal intercepted information on X2/X3 interface between the two entities of the Point Of Interception (POI), which performs interception and the Mediation Function (MF), which performs the necessary translation, correlation and mediation for onward handover over material to LEAs via the HI2 and HI3 interfaces.

ETSI TS 103 120 v1.3.1 (2019-05) Lawful Interception (LI); Interface for warrant information. It defines a standard HI electronic interface for the LI warrant management, e.g. HI1. It is intended to be used also in the new NFV network scenarios.

ETSI TS 103 462 v1.1.1 (2018-07) Lawful Interception (LI); Inter LEMF Handover Interface. It specifies the LEMF to LEMF interface to support (as a minimum) European Investigation Orders (EIOs) related to LI and/or RD. The specification aims to be capable of securely handling real-time and stored data transfer between LEMFs in accordance with ETSI TS 102 232 parts 1 to 7 and the related ETSI TS 133 108/128 for LI.

ETSI TS 102 232-1 V3.20.1 (2019-08) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery. It refers to handover intercepted information via IP-based networks from a CSP to an LEMF covering the transportation of traffic without specifying any service functionality within CSPs or LEMF.

ETSI TS 102 232-5 V3.11.1 (2019-08) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services. It details HI IRI and CC in relation to the Internet Protocol (IP) Multimedia (MM) Services based on the Session Initiation Protocol (SIP) and Real Time Transport Protocol (RTP) and Message Session Relay Protocol (MSRP) and IP MM services as described by the Recommendations ITU-T H.323 and H.248.

ETSI TS 102 232-7 V3.6.1 (2019-04) Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 7: Service-specific details for Mobile Services. It specifies an approach for the handover of the lawfully-intercepted information that is defined by 3GPP TS 33.108 & TS 33.128 (5G) and by ANSI/J-STD-025-B by using the handover techniques defined in ETSI TS 102 232-1.

ETSI TS 102 657 V1.23.1 (2019-08) Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data. It contains handover requirements and a handover specification for the data that is identified in national legislations on Retained Data. It defines an electronic interface and considers both the requesting of retained data and the delivery of the results.

ETSI GS NFV-SEC 011 V1.1.1 (2018-04) Network Functions Virtualization (NFV); NFV Security; Report on NFV LI Architecture. It identifies the set of capabilities, interfaces, functions and components which can be utilized by the virtualized applications (VNFs) to provide Lawful Interception

ETSI TS 103 280 V1.3.1 (2019-04) Lawful Interception (LI); Dictionary for common parameters. It defines a dictionary of parameters that are commonly used in multiple TC LI specifications. It represents a reference document to provide technical means for other specifications to use and it is intended to be a reference in the development of new specifications

ETSI TR 102 503 V1.12.1 (2018-10) Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and Retained data handling Specifications. It reported the updated overview over the relevant Object Identifiers (OID) used in Lawful Interception and Retained data handling specifications of ETSI and other specifications from ITU-T and ISO.

ETSI TS 101 671 V3.15.1 (2018-06) Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic. First ETSI specification defining HI2 (Rose and FTP) and HI3 for GSM, TETRA, GPRS, ISDN, PSTN, fixed NGN (including PSTN/ISDN emulation) and fixed IMS PSTN simulation.

ETSI TS 133 126 V15.1.0 (2019-04) LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception requirements (3GPP TS 33.126 Release 15)
It specifies Stage 1 Lawful Interception requirements for 3GPP networks and services. It covers 5G as difference from ETSI TS 133 106 V15.1.0 (2018-06).

ETSI TS 133 127 V15.2.0 (2019-07) LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Lawful Interception (LI) architecture and functions (3GPP TS 33.127 Release 15)
It specifies Stage 2 Lawful Interception architecture and functions for 3GPP networks. It covers 5G as difference from ETSI TS 133 107 V15.6.0 (2019-07).

ETSI TS 133 128 V15.1.0 (2019-07) LTE; 5G; Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Security; Protocol and procedures for Lawful Interception (LI); Stage 3 (3GPP TS 33.128 Release 15). It specifies Stage 3 Lawful Interception protocol and procedures for 3GPP networks. It covers 5G as difference from ETSI TS 133 108 V15.5.0 (2019-07).

Note: * The list is limited to the Specifications published during 2019 and 2018 only. ©

 

 


Other articles of Gerald McQuaid

ETSI INTERFACE TO IMPLEMENT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
LAWFUL INTERCEPTION IN VIRTUALIZED NETWORKS (Sept. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
ETSI LI & RD Status (Feb. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVII)
Current ETSI activity on Lawful Interception (LI) and Retained Data (RD) is managed mainly by three main standardization committees: ETSI TC LI (the leading LI/RD group), TC CYBER and ISG NFV
LEMF TO LEMF INTERFACE TO SUPPORT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
THE LI-INTERFACE FOR WARRANT INFORMATION
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVI)
Traditionally the ETSI standardization work was focused on IRI and CC data details by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications. Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA.
LAWFUL INTERCEPTION ITEMS FOR VOLTE
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.
ETSI AND STATUS OF LI & RD STANDARDS
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVI)
This thematic section is intended to inform readers on the latest progress of standardization work items on Lawful Interception (LI) and Retained Data (RD) mainly focusing on European regional level (ETSI). The scope is to cover all relevant LI and RD aspects in terms of requirements, communication service providers architecture and network interfaces/protocols definition.

Other articles of Domenico Raffaele Cione

ETSI INTERFACE TO IMPLEMENT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVIII)
The ETSI work to provide a Technical Specification (TS) to support the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] had started in 2016 and was carried on during all 2017 and 2018 on all technical aspects of the new interface resulting now finalized with the publication of a first version of the Inter LEMF Handover Interface (ILHI) [4]. This specification provides LEMF’s with all implementation details to allow LI data transferring from one LEMF located in the country B (responding country where a target abroad is requested to be intercepted) to a LEMF located in the country A (requesting country where the request of interception is originated).
LAWFUL INTERCEPTION IN VIRTUALIZED NETWORKS (Sept. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVII)
NFV refers to the replacement of traditional specialised hardware devices with software that can be installed on standardised, off-the-shelf piece of hardware. ETSI work on NFV was initially set to address a requirement to define a list of base security requirements imposed by lawful interception in the NFV architecture.
ETSI LI & RD Status (Feb. 2017)
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVII)
Current ETSI activity on Lawful Interception (LI) and Retained Data (RD) is managed mainly by three main standardization committees: ETSI TC LI (the leading LI/RD group), TC CYBER and ISG NFV
LEMF TO LEMF INTERFACE TO SUPPORT EUROPEAN INVESTIGATION ORDERS (EIOs)
by Gerald McQuaid and Domenico Raffaele Cione (N. IV_MMXVI)
Imminently, the Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order (EIO) in criminal matters [1] is expected to become part of the EU-nations’ national laws. This EU directive requires each European Member State to transpose the directive into national law by 22 May 2017 (Article 33). This EIO describes the possibilities about lawful interception (LI) of telecommunications and collection of traffic and location retained data (RD) extended to network scenarios out of a pure national network context: an EIO may be issued for the interception of telecommunications by a Member State to obtain intercepted data of a target when using a communication service in a CSP’s network located in another Member State country (ref. Article 30 of [1]).
THE LI-INTERFACE FOR WARRANT INFORMATION
by Gerald McQuaid and Domenico Raffaele Cione (N. III_MMXVI)
Traditionally the ETSI standardization work was focused on IRI and CC data details by defining, updating and maintaining related data Handover Interfaces (HI-2 and HI-3) specifications. Furthermore, ETSI had defined a dedicated Handover Interface, named HI-1, referred to be also crossing borders between countries based on corresponding international laws or agreements. HI-1 was defined as an interface between LEA and CSP to transport all kind of administrative information being used for the transmission of the request to establish or to remove the interception action from the LEA to the CSP and the acknowledgement message back to the LEA.
LAWFUL INTERCEPTION ITEMS FOR VOLTE
by Gerald McQuaid and Domenico Raffaele Cione (N. II_MMXVI)
VoLTE, Voice over Long Term Evolution (LTE), is a standard-based technology used to support voice calls over the LTE technology being now used by 4G wireless networks.
ETSI AND STATUS OF LI & RD STANDARDS
by Gerald McQuaid and Domenico Raffaele Cione (N. I_MMXVI)
This thematic section is intended to inform readers on the latest progress of standardization work items on Lawful Interception (LI) and Retained Data (RD) mainly focusing on European regional level (ETSI). The scope is to cover all relevant LI and RD aspects in terms of requirements, communication service providers architecture and network interfaces/protocols definition.