Security Featured Article

 

Not so long ago, the ability of VoIP providers to supply e911 service — the ability to associate a physical address with a calling party’s phone number when he or she dials 9-1-1 for emergency services and send that information to the appropriate Public Safety Answering Point (PSAP) — was a big issue. Little VoIP providers were afraid to pay huge fines and scrambled for equipment and services. Other major issues of the time: taxing IP enabled services to support the Universal Service Fund, consumer protection, and disability access regulation. But perhaps the most interesting topic related to U.S. telecom (FCC) regulation has been the Communications Assistance for Law Enforcement Act (CALEA) and the subject “lawful intercept” in general, which has led to a slew of technologies and products for spying on select (just a few, we hope) individuals.

 

As for e911 (Enhanced 911), VoIP providers found that much of the “heavy lifting” associated with providing such a mandated service could be delegated to such able organizations as Dash Carrier Services (News - Alert), whose Dash911 is perhaps the premier FCC-compliant e911 solution for VoIP. Dash911 enables VoIP service providers to quickly and cost effectively deliver such 911 service to their customers. Dash supports North American coverage, easy integration (with a branded website or SOAP API for direct integration), a flexible Interconnect (SIP or PSTN), 24x7 support by e911 experts, and full-blown OSS capabilities (Complete CDR, reporting, and management tools).

 

CALEA and the lawful intercept of VoIP calls, on the other hand, has a more mysterious and intriguing ambiance. In case you’re not aware, CALEA requires telcos to design or modify their services and facilities to enable law enforcement agencies armed with court orders to intercept calls and obtain call identifying information.

 

Lawful intercept is not quite as straightforward a proposition in VoIP as it is in the PSTN, though there are tricky areas even there, as in hybrid IP/PSTN environments. Mobile communications, for example, presents its own set of problems when it comes to lawful intercept. Even here, however, there exist companies that can bring great expertise to the problem.

 

Starent Networks, for example, provides infrastructure solutions enabling mobile operators to deliver multimedia services to their subscribers. Starent’s solutions are loaded with functions and services needed for access, mobility management and call control in mobile operators’ networks. Thanks to their integrated intelligence and high performance abilities, Starent Networks’ solutions can enhance subscriber management, billing and session policy enforcement. Their products support a wide range of mobile wireless networks, such as UMTS, CDMA2000, WiFi, and WiMAX. Starent Networks’ products have been deployed by over 85 mobile operators in 35 countries.

 

Andy Capener, Vice President of Marketing Communications at Starent, says, “We sit between the radio access network and the IP Internet. We are the ‘gateway’ for the mobile subscribers into the data services they have. We play a specific role relative to those topics based on that part of the network.”

 

Starent’s Andrew Gibbs, Director of Product Management, says, “Lawful intercept is really a key requirement specified by most of our customers; it’s pretty much an international type of requirement that in which various regulatory bodies and law enforcement organizations have interest. Lawful intercept has been done for years in the PSTN. In recent years, lawful intercept has made its way into more data-oriented types of applications. One of the requirements that we see on a fairly regular basis is that our customers want to be able to tie the interception capability and monitoring function on our access platforms so they can collect this information and convey it to various types of law enforcement agencies. At that point, the information is collected by various types of collection servers at that end. Typically, this whole process begins with some type of a court-ordered subpoena by the law enforcement agency to the telecom service provider. The provider then issue or provision some type of wiretap against some target user’s session. That’s when the access gateways — meaning the Starent ST16 and ST40 — would be able to intercept this information and then forward it along.”

 

“This whole topic has become very important these days because the Internet and electronic communications is such a large part of our daily life,” says Gibbs, “and there’s more awareness of this issue, particularly by government agencies in terms of having greater control over public security interest. That’s because of some of the illicit activities that can occur over electronic communications, such as criminal activities or terrorist activities.”

 

“It used to be that the law enforcement agency had some type of proprietary monitoring equipment on their end of this application,” says Gibbs. “That was kind of an expensive way of doing things because it was nonstandard. In recent years, there has been work that’s been promoted by various types of standards organizations such as the TIA, to introduce a mediation type of layer. This mediation layer would reside in the middle of the network, between the access provider’s network and the law enforcement agency. This mediation layer, also called the delivery function, would mediate between the interception function, which would work with the access gateways, between such things as the Packet Data Services Node [PDSN], home agents, Gateway (News - Alert) GPRS Support Nodes [GGSNs] and so forth, and the actual delivery and collection function which would be the responsibility of the law enforcement agencies.”

 

“The other benefit of having such a mediation layer is that it’s a standards-based approach, it enables support for nomadic types of use cases,” says Gibbs, “where the user could be accessing the network from more than one location for fully mobile-type use cases where it’s important to have some kind of location,” says Gibbs. “It also enables mediation between different types of applications and also different types of access gateways from many different types of vendors. It’s a more scalable type of framework, from our customers’ standpoint and also from the law enforcement agencies’ standpoint.”

 

“Starent’s unique contribution to this area is that our platform is considered a highly intelligent mobile subscriber-aware management system,” says Gibbs. “Starent’s unique benefit that it provides is that, with its subscriber awareness, our platform is able to consolidate this type of monitoring and interception function in-line, within our access platforms. So the benefit it provides to the operator is that capital avoidance as well as achieving reduced operational costs.”

 

When it comes to the world’s largest IP networks, another name that looms large in the world of carrier-class security and traffic intelligence is Narus (News - Alert), Inc. The company’s NarusInsight is a highly scalable traffic intelligence system for capturing, analyzing and correlating IP traffic in real-time. Indeed, the NarusInsight Intercept Suite (NIS) is said to be the industry’s only network traffic intelligence system that supports real-time precision targeting, capturing and reconstruction of webmail traffic, e-mail, chat, calendaring, draft folders, address books, etc. Traffic from all nodes and many protocols can be reassembled and viewed from a single management station or distributed across multiple stations. Additionally, NIS supports most webmail services, including Google Gmail, MSN Hotmail, Yahoo! Mail, and Gawab Mail (English and Arabic versions).

 

In short, Narus technology prides itself on the ability of its technology to identify and track nearly all network and application protocols across very large networks.

 

NarusInsight’s high-speed full packet capture and processing can handle not only deep packet analysis from Layer 2 to layer 7 and full traffic correlation across every link and element on the network, but it achieves these intensive feats of packet processing at network speeds of up to OC-192 at Layer 2 and OC-48 at Layer 7, enabling carriers to monitor traffic at either the edge of the network or at the core. Thus, rather than dealing with legacy, siloed security and traffic management solutions that aren’t very scalable, NarusInsight offers one common, scalable system for IP services security, intercept and traffic management that’s easily extended by whatever sophisticated applications are necessary to gain insight into network traffic.

 

Another interesting product line in this area is DeepSweep-1 for CALEA, from IP Fabrics. It’s a neat, self-contained network solution for broadband and VoIP CALEA compliance. DeepSweep targets small and medium-sized cable operators, ISPs and VoIP networks. A single DeepSweep system can function as a complete CALEA compliance solution, providing the probe, mediation/delivery, and administration functions that competing systems implement as separate devices. DeepSweep also offers users compliance and safe harbor by implementing multiple industry standards, including ATIS (News - Alert)-1000013-2007 (T1.IAS), ATIS-1000021, T1.678 v2, and CableLabs CBIS.

 

Don’t let its size fool you. DeepSweep-1’s internal host processor and multi-core packet inspection accelerators allow it to monitor multiple 1 Gbps Ethernet links at true wire-speed with full Layer 2–7 inspection capabilities. DeepSweep fully inspects every network packet, so it doesn’t require assistance from switches, routers, or other probes for discovery, filtering, or intercept. Broadband DeepSweep users enjoy extreme flexibility in expressing subject IDs, including username/text (via UTF-8 and other encodings), MAC address, IPv4/IPv6 address, and DHCP option 82 and VoIP users can select from name@host, name@IPv4/IPv6 address, phone@host, and tel:phone. DeepSweep also has the ability to specify/limit the discovery protocol, including RADIUS, IPCP, CHAP, DHCP, and PPPoE.

 

DeepSweep for CALEA comes in three basic models. The first two are for Broadband Internet Access and Services CALEA compliance. They adhere to either Cablelabs CBIS or ATIS-1000013.2007 (or both) and they include such features as the ability to specify subject IDs as MAC addresses, IP addresses, DHCP option 82 IDs, subject IDs via text string, pen-register, trap-and-trace, and full content intercepts. Both models will seamlessly integrate with the DeepSweep Secure Buffered Delivery systems or other buffering systems that comply with either the CBIS BIF functionality or the ATIS-1000021 specification.

 

The second DeepSweep model is for VoIP CALEA compliance. Adhering to ATIS T1.678, it includes the ability to specify subject IDs by host, address, or telephone, pen-register, trap-and-trace, full content intercepts, and fully configurable collection device addresses.

 

All DeepSweep for CALEA models support multiple concurrent cases, each with potentially multiple subjects and each dynamically updatable. The models can easily be configured for both VoIP and broadband CALEA compliance, and each system includes 500GB-1000GB (model dependent) of disk storage. Since the system is also software upgradable, it is easily modified to support buffered delivery mechanisms, such as ATIS-1000021.

 

Who would have thought that regulatory stuff could be this interesting?