Today Network Security is an essential application that must be supported by network operators. Call or media content for selected calls (or sessions) has to be made available to Lawful intercept applications, at the request of authorised Law Enforcement Agencies (LEA). It is, in part, due to the increased likelihood of terrorist attacks since 2001 that governments and law enforcement agencies around the world have been given greater powers to intercept electronic communication and it is, therefore, the responsibility of network operators that this information is readily available to them.
Currently this has posed a significant problem for networks as the process needs to involve new-world technology. Older, Circuit switched networks are not based on packet technology, unlike what is used now. Packet technology is simply “packets” of data collected from conversations, such as those of email, IM, apps and voice conversations, and those packets are transmitted randomly across the network.
‘Tapping’ data that is organised, and therefore coherent, is a simple task. Usually, however, the data is not so organised and networks are forced to present law enforcement agencies with incoherent, valueless data made up of a combination of several packets.
As networks have migrated towards an IMS core and high-speed packet transport, the task of collecting such information has become increasingly complex. Typically, passive probes are deployed to achieve this – a signalling probe that can inspect SIP packets and a media bearer probe that interfaces with the high-speed packet transport conveying the media. In the past it was thought that COTS – “commercial off the shelf” technology would be of a high enough standard to cope with the task. Unfortunately, the added complication of analysing thousands of simultaneous conversations issued from speedy data networks became overwhelming and consequently it is the job of specialised, high performance technology to extract and process data in this way.
Deploying probes to accomplish this task is no easy feat, as they need to interface to the network and to the LI application. That’s why ETIS (among others) took steps to standardise the interfaces over which such information is presented.
The process of passing this information to LI applications from network operators and service providers for further treatment and processing is known as “Handover” in deep packet inspection.
The purpose of modern lawful intercept applications is to identify only the relevant packets and extract the important information. It’s an increasingly complex and challenging environment and the technology is key to modern law enforcement techniques and ensures Network Security.