|
Technical Specification
Lawful Interception (LI);
Handover Interface and
Service-Specific Details (SSD) for IP delivery;
Part 1: Handover specification for IP delivery
�
---------------------- Page: 1 ----------------------
2 ETSI TS 102 232-1 V3.4.1 (2013-07)
Reference
RTS/LI-00103-1
Keywords
handover, IP, Lawful Interception, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2013.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
---------------------- Page: 2 ----------------------
3 ETSI TS 102 232-1 V3.4.1 (2013-07)
Contents
Intellectual Property Rights . 6
Foreword . 6
Introduction . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 9
3 Definitions, symbols and abbreviations . 10
3.1 Definitions . 10
3.2 Symbols . 10
3.3 Abbreviations . 10
4 General . 11
4.1 Functionality . 11
4.2 Intercepted data types . 12
4.2.1 Interception at network operator or access provider . 12
4.2.2 Interception at service providers . 13
4.3 Relationship to other standards . 13
4.4 Handover for GPRS/UMTS . 14
4.4.1 PS . 14
5 Headers . 14
5.1 General . 14
5.2 Description and purpose of the header fields . 15
5.2.1 Version . 15
5.2.2 LIID . 15
5.2.3 Authorization country code. 15
5.2.4 Communication identifier . 15
5.2.5 Sequence number . 16
5.2.6 Payload timestamp . 16
5.2.7 Payload direction . 17
5.2.8 Payload type. 17
5.2.9 Interception type . 17
5.2.10 IRI type . 17
5.2.11 Interception Point Identifier . 17
5.3 Encoding of header fields . 17
6 Data exchange . 18
6.1 Introduction . 18
6.2 Handover layer . 18
6.2.1 General . 18
6.2.2 Error reporting . 19
6.2.3 Aggregation of payloads . 20
6.2.4 Sending a large block of application-level data . 20
6.2.5 Padding data. 20
6.2.6 Payload encryption . 21
6.3 Session layer . 21
6.3.1 General . 21
6.3.2 Opening and closing connections . 21
6.3.3 Buffering . 21
6.3.4 Keep-alives . 22
6.4 Transport layer . 22
6.4.1 Introduction. 22
6.4.2 TCP settings . 22
6.4.3 Acknowledging data . 23
ETSI
---------------------- Page: 3 ----------------------
4 ETSI TS 102 232-1 V3.4.1 (2013-07)
6.5 Network layer . 23
7 Delivery networks . 23
7.1 Types of network . 23
7.1.1 General . 23
7.1.2 Private networks . 23
7.1.3 Public networks with strict control . 23
7.1.4 Public networks with loose control . 24
7.2 Security requirements . 24
7.2.1 General . 24
7.2.2 Confidentiality and authentication . 24
7.2.3 Integrity . 24
7.3 Further delivery requirements . 26
7.3.1 Test data . 26
7.3.2 Timeliness . 26
Annex A (normative): ASN.1 syntax trees . 27
A.1 ASN.1 syntax tree for HI2 and HI3 headers. 27
A.2 ASN.1 specification. 28
A.3 Importing parameters from other standards . 35
Annex B (informative): Requirements . 36
B.1 Types of intercepted information . 36
B.2 Identification of traffic . 36
B.3 Performance . 36
B.4 Timeliness . 37
B.5 Reliability and availability . 37
B.6 Discarding information. 37
B.7 Security. 37
B.8 Other . 38
Annex C (informative): Notes on TCP tuning. . 39
C.1 Implement RFC 5681 . 39
C.2 Minimize roundtrip times . 39
C.3 Enable maximum segment size option . 39
C.4 Path MTU discovery . . 39
C.5 Selective acknowledgement . 39
C.6 High speed options . 39
C.7 PUSH flag . 40
C.8 Nagle's algorithm . 40
C.9 Buffer size . 40
Annex D (informative): IRI-only interception . 41
D.1 Introduction . 41
D.2 Definition HI information . 41
D.3 IRI deriving . . 41
D.4 IRI by post and pre-processing HI3 information . 42
ETSI
---------------------- Page: 4 ----------------------
5 ETSI TS 102 232-1 V3.4.1 (2013-07)
Annex E (informative): Purpose of profiles . 43
E.1 Formal definitions . 43
E.2 Purpose of profiles . 43
Annex F (informative): Traffic management of the handover interface . 45
F.1 Background . 45
F.1.1 Burstiness . 45
F.1.2 Mixed content . 45
F.1.3 Network facilities for traffic management . 46
F.1.4 Evidentiary considerations . 46
F.1.5 National considerations . 46
F.2 Traffic management strategies . 46
F.3 Bandwidth estimation . 47
F.4 National considerations . 47
F.5 Implementation considerations . 47
F.5.1 Volatile versus non-volatile storage . 47
F.5.2 Maximum buffering time . 48
F.5.3 Transmission order of buffered data . 48
F.5.4 Buffer overflow processing . 48
Annex G (normative): Implementation of payload encryption . 49
Annex H (informative): TS 102 232 family relationship . 50
Annex I (informative): Change request history . 51
History . 54
ETSI
---------------------- Page: 5 ----------------------
6 ETSI TS 102 232-1 V3.4.1 (2013-07)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://ipr.etsi.org).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI).
The present document is part 1 of a multi-part deliverable covering the Handover Interface and Service-Specific Details
(SSD) for IP delivery, as identified below:
Part 1: "Handover specification for IP delivery";
Part 2: "Service-specific details for messaging services";
Part 3: "Service-specific details for internet access services";
Part 4: "Service-specific details for Layer 2 services";
Part 5: "Service-specific details for IP Multimedia Services";
Part 6: "Service-specific details for PSTN/ISDN services";
Part 7: "Service-specific details for Mobile Services".
The ASN.1 module is also available as an electronic attachment to the original document from the ETSI site (see
clause A.2 for more details).
Introduction
The objective of the present document is to form the basis for a standardized handover interface for use by both
telecommunications service providers and network operators, including Internet Service Providers, that will deliver the
interception information required by Law Enforcement Authorities under various European treaties and national
regulations.
The present document describes how to handover intercepted information via IP-based networks from a CSP to an
LEMF. The present document covers the transportation of traffic, but does not specify functionality within CSPs or
LEMF (see clause 4.1). It handles the transportation of intercepted traffic (HI3) and intercept-related information (HI2)
but not the tasking and management of Lawful Interception (HI1).
The present document is intended to be general enough to be used in a variety of situations: it is not focused on a
particular IP-based service. The specification therefore provides information that is not dependent on the type of service
being intercepted. In particular the present document describes delivery mechanisms (clause 6), and the structure and
header details (clause 5) for both HI2 and HI3 information.
References within the main body of the present document are made if applicable to the 3GPP specification number with
in square brackets the reference number as listed in clause 2. In clause 2 "References" the corresponding ETSI
specification number is indicated with a reference to the 3GPP specification number. 3GPP specifications are available
faster than the equivalent ETSI specifications.
ETSI
---------------------- Page: 6 ----------------------
7 ETSI TS 102 232-1 V3.4.1 (2013-07)
1 Scope
The present document specifies the general aspects of HI2 and HI3 interfaces for handover via IP based networks.
The present document:
• specifies the modular approach used for specifying IP based handover interfaces;
• specifies the header(s) to be added to IRI and CC sent over the HI2 and HI3 interfaces respectively;
• specifies protocols for the transfer of IRI and CC across the handover interfaces;
• specifies protocol profiles for the handover interface.
The present document is designed to be used where appropriate in conjunction with other deliverables that define the
service-specific IRI data formats (including TS 102 227 [i.1], TS 101 909-20-1 [33], TS 101 909-20-2 [34],
TS 102 232-2 [5], TS 102 232-3 [6], TS 102 232-4 [32], TS 102 232-5 [37] and TS 102 232-6 [36]). Where possible,
the present document aligns with 3GPP TS 33.108 [9] and TS 101 671 [4] and supports the requirements and
capabilities defined in TS 101 331 [1] and TR 101 944 [i.4].
For the handover of intercepted data within GSM/UMTS PS domain, the present document does not override or
supersede any specifications or requirements in 3GPP TS 33.108 [9] and TS 101 671 [4].
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 101 331: "Lawful Interception (LI); Requirements of Law Enforcement Agencies".
[2] ETSI ES 201 158: "Telecommunications security; Lawful Interception (LI); Requirements for
network functions".
[3] Void.
[4] ETSI TS 101 671: "Lawful Interception (LI); Handover interface for the lawful interception of
telecommunications traffic".
NOTE: Periodically TS 101 671 is published as ES 201 671. A reference to the latest version of the TS as above
reflects the latest stable content from ETSI/TC LI.
[5] ETSI TS 102 232-2: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 2: Service-specific details for messaging services".
[6] ETSI TS 102 232-3: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 3: Service-specific details for internet access services".
[7] Void.
[8] Void.
ETSI
---------------------- Page: 7 ----------------------
8 ETSI TS 102 232-1 V3.4.1 (2013-07)
[9] ETSI TS 133 108: "Universal Mobile Telecommunications System (UMTS); LTE; 3G security;
Handover interface for Lawful Interception (LI) (3GPP TS 33.108)".
[10] ISO 3166-1: "Codes for the representation of names of countries and their subdivisions - Part 1:
Country codes".
[11] Recommendation ITU-T X.680: "Information technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation".
[12] Recommendation ITU-T X.690: "Information technology - ASN.1 encoding rules: Specification of
Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding
Rules (DER)".
[13] FIPS PUB 186-2: "Digital Signature Standard (DSS)".
[14] IETF RFC 0791: "Internet Protocol".
[15] IETF RFC 0792: "Internet Control Message Protocol".
[16] IETF RFC 0793: "Transmission Control Protocol".
[17] IETF RFC 1122: "Requirements for Internet Hosts - Communication Layers".
[18] IETF RFC 1323: "TCP Extensions for High Performance".
[19] IETF RFC 1191: "Path MTU discovery".
[20] IETF RFC 2018: "TCP Selective Acknowledgement Options".
[21] IETF RFC 5246: "The Transport Layer Security (TLS) Protocol Version 1.2".
NOTE 1: IETF RFC 5246 obsoletes IETF RFC 4346: "The Transport Layer Security (TLS) Protocol Version 1.1"
and IETF RFC 3268: "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security
(TLS)" which was referenced until TS 102 232-1 (V2.6.1).
NOTE 2: IETF RFC 4346 obsoletes IETF RFC 2246: "The TLS Protocol Version 1.0".
[22] IETF RFC 2460: "Internet Protocol, Version 6 (IPv6) Specification".
[23] IETF RFC 5681: "TCP Congestion Control".
NOTE: IETF RFC 5681 obsoletes IETF RFC 2581: "TCP Congestion Control".
[24] IETF RFC 5321: "Simple Mail Transfer Protocol".
NOTE: IETF RFC 5321 obsoletes IETF RFC 2821: "Simple Mail Transfer Protocol".
[25] IETF RFC 5322: "Internet Message Format".
NOTE: IETF RFC 5322 obsoletes IETF RFC 2822: "Internet Message Format".
[26] IETF RFC 2923: "TCP Problems with Path MTU Discovery".
[27] IETF RFC 6298: "Computing TCP's Retransmission Timer".
NOTE: IETF RFC 6298 obsoletes IETF RFC 2988: "Computing TCP's Retransmission Timer".
[28] IETF RFC 3174: "US Secure Hash Algorithm 1 (SHA1)".
[29] Void.
[30] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile".
NOTE: IETF RFC 5280 obsoletes IETF RFC 3280: "Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile".
ETSI
---------------------- Page: 8 ----------------------
9 ETSI TS 102 232-1 V3.4.1 (2013-07)
[31] ISO/IEC TR 10000-1: "Information technology
...