[VOIPSEC] Re: Voipsec Digest, Vol 2, Issue 33

Geoff Devine gdevine at cedarpointcom.com
Mon Feb 28 13:47:26 GMT 2005 

"Robert Foxworth" <rfoxwor1 at tampabay.rr.com> writes:

> A minor point, but it occurs to me that it is not clear as to
> whether you meant (1) that the subject of the intercept order
> should not be able to detect that the sniffing is taking place,
> i. e. detect that the sniffing is even happening, or (2) that
> the subject, and/or the others with lawful orders etc. be able
> to capture the actual data stream itself. 

This isn't exactly a security topic but it's certainly related....

The requirements of J-STD-025 are that:
A) The user under surveillance must not be able to detect that they are
under surveillance

and

B) The privacy of the surveillance must be maintained.  (Nobody but the
ILEC switch administrator who installs the taps is supposed to know
about it)

CALEA requires that you provide a call content channel (voice) and a
call detail channel (who they're talking to).  Historically, the CCC was
always a T1 line and the CDC was a hairball ASN.1-encoded PDU over X.25
or IP.

The CableLabs PacketCable approach to solving this is to add a
capability to the CMTS (the box that drives a group of cable modems) to
put specific RTP flows in an envelope tagged by a unique correlation ID
and fire the packets off to a Lawful Intercept Delivery Function (DF).
These flows are signaled to the CMTS from the soft switch over a
COPS-based QoS interface.  Media Gateways are required to have a similar
capability to handle corner cases where a call is redirected to voice
mail.  The soft switch, CMTS, and Media Gateway also signal the Lawful
Intercept Delivery Function (DF) over a RADIUS interface to provide the
CDC.

This architecture was extended to handle SIP trunking between soft
switch networks but the architecture falls over if the other network
doesn't understand the PacketCable lawful intercept objects in the SIP
signaling stream.  If a call comes in from a non-Cable SIP network like,
say, Sprint and the call is forwarded back out the Sprint network,
nobody is intercepting the call.  Eventually, they're going to be forced
to introduce a session border controller into the mix to deal with that
particular issue.  

Geoff

More information about the Voipsec mailing list