Lawful interception
Features
SS7 monitoring solutions
The need for monitoring
Due to universal concerns over ARPU, telecommunications fraud, denial of service attacks, customer satisfaction, and growing security fears - particularly over global terrorist activities - monitoring and surveillance solutions are on the increase.
The need for such interception in fixed, mobile and next generation networks has never been more acute, and in many countries it is mandatory. Hence, we have the legally sanctioned interception of private communications, which plays a crucial role in helping law enforcement agencies (LEAs) combat criminal activity.
Countries around the world have varying national legislation for monitoring public telecommunications systems. In Europe the law is known as Lawful Interception (LI), in the United States there is Communications Assistance for Law Enforcement Act (CALEA), and in CIS countries, Sistema Operativno-Rozysknykh Meropriyatii (SORM), literally, 'System of Ensuring Investigative Activity'.
In this environment there is an obligation on every network operator or service provider to provide LEAs and intelligence services with access to the communications of individuals or organisations. Clearly, this presents application developers and solution providers with an opportunity to offer monitoring platforms.
Opportunities abound to develop a variety of critical applications for key market sectors, including LI mediation and delivery solutions and security applications involving speaker identification, speech recognition and key word spotting, for example.
Network operators, competitive local exchange carriers (CLECs), other licensed operators (OLOs) and LEAs all require cost-effective solutions to meet national, international and legal demands for reliable information. In addition, they need support for digital network interfaces and the ability to conform to the standards for delivery of information.
SS7 monitoring
SS7 signalling can be monitored to detect call placement and/or service or feature interaction, and to determine parameters such as: caller ID (CLI/ANI); circuit identification code (CIC); dialled number; point code (DPC/OPC); redirection number; and time stamp information.
SS7 networks need to be monitored in real-time to capture signalling information and trigger the recording of certain calls. Both ISUP call set-up and database application (TCAP) signalling data must be monitored to determine the presence, identity, location and status of callers. This is particularly important for mobile calls, which are substantially more difficult to tap into than fixed networks, because usage could be anywhere where the home operator and its roaming partners provide service.
With the existing public switched telephone network (PSTN), interception is performed by applying a 'tap' on the telephone line of the target, typically in response to a warrant from an LEA. Realistically, any application will seek to filter out only those calls that require recording by LEAs, as it is difficult - excessive, expensive and unreasonable - as well as being a privacy issue, to attempt to tap into all calls.
Aculab's enabling technology
Aculab's enabling technology presents developers with the essential digital network access interface cards and software needed for an SS7 monitoring solution.
The SS7 signalling monitor and Prosody X media processing platform are ideal components for LI mediation and delivery solutions, with support for additional ISDN connectivity and an MRCP interface to speech engines. These Aculab products can be used as an 'input adapter' that can be implemented in any SS7 network for 'ISUP sniffing' and voice telephony interception. Using a non-intrusive monitoring method, a solution can be deployed that is independent of the network switch type.
Additionally, the SS7 signalling monitor provides developers and systems integrators with a powerful means of creating a variety of applications for operators and service providers with compelling needs. Products can be created: to capture, filter and record network traffic for analysis; generate call detail records; help manage and optimise wired and wireless networks; aid management of mobile roaming and billing; as well as for LI purposes.
Helpfully, Aculab presents an API model with three different decode levels and the developer also has the option of adding alternative, user-defined decoders. Choosing raw HDLC presents Level 2 MSU data directly to an application with no MTP3 or user part decode. An auto-decode facility buffers the MTP3 payload, and can be set for all traffic, or for explicit decode of selected messages. And the ISUP decoder presents ISUP message data to the application, either automatically, or via API control.
The monitor API can co-exist with SS7 signalling APIs (ISUP and TCAP), as well as the Prosody X API. This is extremely useful when enhanced applications, such as interfacing via MRCP to a speech engine for key word spotting in security applications, are needed. Additionally, ISDN or CAS protocols can be used in parallel with the monitor, which means the legal intercept standard format for delivery of data to LEAs can be readily met.
Usefully, protocol variants (e.g., ITU-T, ANSI, China ISUP) are configurable on a per link basis, and traffic from multiple signalling links can be merged into a single TCP/IP connection to an application. Multiple cards can be used for distributed, scalable, high density traffic monitoring, filtering, analysis and recording systems.
Application requirements
SS7 network monitoring results in information, such as the origin of a call, its duration and call frequency, being extracted by an application. And the application should trigger local recording (fully associated signalling) or remote recording (quasi-associated/mobile calls) of bearer timeslots when a particular set of filtering criteria has been met. The powerful search and filter capability of Aculab's SS7 signalling monitor can be used to specify which messages an application needs to capture from within each monitored traffic stream.
Application developers should also be aware of the requirements for mediation and delivery of data to LEAs. The purpose of these terms are defined by LI specifications like ETSI TS 101 671 and the ANSI J-STD-025A standard.
A mediation system collects interception related information (IRI) and content of communication (CC) from pertinent network elements in real-time, formats the information to match the constraints imposed by the different regulatory bodies and standard organisations (e.g., ETSI, CALEA, ETSI-NL), and delivers both data and content via specified interfaces to an LEA.
The delivery function, which mandates separate delivery of different types of information, relates to the capture and conversion of signalling and bearer data into the required legal intercept standard format for delivery to LEAs. Delivery of the interception content is forwarded to the LEA using secure data links. The ETSI specification requires a separate delivery of IRI and CC, with the IRI being delivered to the LEA over a data connection and the CC - the bearer channel call data - delivered over an ISDN connection.
Unsurprisingly, Aculab's enabling technology provides a useful option in this regard, in that it offers software selectable E1 and T1 trunk connections that can be used for the ISDN connection. A great many national and international protocols, together with host independent approvals, are readily available under a cost free licence from Aculab. This includes the SS7 protocols mentioned above (ISUP and TCAP), which are also offered under the same cost free licence. All told, very cost-effective solutions can be easily and quickly deployed worldwide.
How it all fits together
LI occurs through a process that involves legislation and standards, the courts, telcos and operators, LI equipment suppliers, enabling technology vendors, such as Aculab, and LEAs - the FBI, MI5 and others.
Bookmark