Difference between revisions of "My lawful interception notes"

From Got Opinion Wiki
Jump to navigation Jump to search
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
== 5G target identifier info ==
== ADMF/MDF Manufacturers ==


5G identifiers in general
Here are some:
* Allied Associates International
* Aqsacom
* Cognyte
* EVE
* [https://g2klabs.com/ G2K]
* Matison
* SS8
* Utimaco


See [https://www.3gpp.org/DynaReport/23003.htm 3GPP 23.003] document that defines the principal purpose and use of different naming, numbering, addressing and identification resources (i.e. Identifiers (ID)) within the digital cellular telecommunications system and the 3GPP system.
== LEMF Manufacturers ==


{| class="wikitable sortable"
Here are some:
|-
! Identifier Acronym !! Full Identifier !! Defined in !! Meaning
|-
| SUPI || Subscription Permanent Identifier || [https://www.3gpp.org/DynaReport/23501.htm 3GPP 23.501] § 5.9.2 || A globally unique 5G Subscription Permanent Identifier (SUPI) shall be allocated to each subscriber in the 5G System and provisioned in the UDM/UDR. The SUPI is used only inside 3GPP system, and its privacy is specified in TS 33.501. The SUPI may contain:
* an IMSI as defined in TS 23.003, or
* a network-specific identifier, used for private networks as defined in TS 22.261
* a GLI and an operator identifier of the 5GC operator, used for supporting FN-BRGs, as further described in TS 23.316
* a GCI and an operator identifier of the 5GC operator, used for supporting FN-CRGs and 5G-CRG, as further described in TS 23.316


A SUPI containing a network-specific identifier shall take the form of a Network Access Identifier (NAI) using the NAI RFC 7542 based user identification as defined in TS 23.003.
* Cognyte
* [https://www.lawfulinterception.com/ EVE]
* [https://gladiator-forensics.com/ Gladiator Forensics]
* [https://www.jsitelecom.com/ JSI]
* [https://www.penlink.com/ PenLink]
* [https://www.sytechcorp.com/ SyTech]


When UE needs to indicate its SUPI to the network (e.g. as part of the Registration procedure), the UE provides the SUPI in concealed form as defined in TS 23.003.
== LI Testing ==


In order to enable roaming scenarios, the SUPI shall contain the address of the home network (e.g. the MCC and MNC in the case of an IMSI based SUPI).
Here are some:


For interworking with the EPC, the SUPI allocated to the 3GPP UE shall always be based on an IMSI to enable the UE to present an IMSI to the EPC.
* [https://segron.com/ Segron]


The usage of SUPI for W-5GAN is further specified in TS 23.316.
== ETSI Handover (HI) notes ==
|-
| SUCI || Subscription Concealed Identifier || [https://www.3gpp.org/DynaReport/23501.htm 3GPP 23.501] § 5.9.2a || The Subscription Concealed Identifier (SUCI) is a privacy preserving identifier containing the concealed SUPI. It is specified in TS 33.501. The usage of SUCI for W-5GAN access is further specified in TS 23.316.
|-
| PEI || Permanent Equipment Identifier || [https://www.3gpp.org/DynaReport/23501.htm 3GPP 23.501] § 5.9.3 || A Permanent Equipment Identifier (PEI) is defined for the 3GPP UE accessing the 5G System.


The PEI can assume different formats for different UE types and use cases. The UE shall present the PEI to the network together with an indication of the PEI format being used.
[[My ETSI HI via IP based network notes]]


If the UE supports at least one 3GPP access technology (i.e. NG-RAN, E-UTRAN, UTRAN or GERAN), the UE must be allocated a PEI in the IMEI or IMEISV format.
== 5G notes ==


In the scope of this release, the PEI may be one of the following:
[[My 5G lawful interception notes]]
* for UEs that support at least one 3GPP access technology, an IMEI or IMEISV, as defined in TS 23.003;
* PEI used in the case of W-5GAN access as further specified in TS 23.316.
* for UEs not supporting any 3GPP access technologies, the IEEE Extended Unique Identifier EUI-64 of the access technology the UE uses to connect to the 5GC.
|-
| 5G-GUTI || 5G Globally Unique Temporary Identifier || [https://www.3gpp.org/DynaReport/23501.htm 3GPP 23.501] § 5.9.4 || The AMF shall allocate a 5G Globally Unique Temporary Identifier (5G-GUTI) to the UE that is common to both 3GPP and non-3GPP access. It shall be possible to use the same 5G-GUTI for accessing 3GPP access and non-3GPP access security context within the AMF for the given UE. An AMF may re-assign a new 5G-GUTI to the UE at any time. The AMF provides a new 5G-GUTI to the UE under the conditions specified in clause 6.12.3 in TS 33.501. When the UE is in CM-IDLE, the AMF may delay providing the UE with a new 5G-GUTI until the next NAS transaction.


The 5G-GUTI shall be structured as <code><5G-GUTI> := <GUAMI> <5G-TMSI></code> where GUAMI identifies one or more AMF(s).
== 4G notes ==


When the GUAMI identifies only one AMF, the 5G-TMSI identifies the UE uniquely within the AMF. However, when AMF assigns a 5G-GUTI to the UE with a GUAMI value used by more than one AMF, the AMF shall ensure that the 5G-TMSI value used within the assigned 5G-GUTI is not already in use by the other AMF(s) sharing that GUAMI value.
[[My 4G lawful interception notes]]


The Globally Unique AMF ID (GUAMI) shall be structured as <code><GUAMI> := <MCC> <MNC> <AMF Region ID> <AMF Set ID> <AMF Pointer></code> where AMF Region ID identifies the region, AMF Set ID uniquely identifies the AMF Set within the AMF Region and AMF Pointer identifies one or more AMFs within the AMF Set.
== 33 106 ==
Source: 3GPP TS 33.106 V16.0.0 (2020-07)


'''NOTE 1:''' The AMF Region ID addresses the case that there are more AMFs in the network than the number of AMFs that can be supported by AMF Set ID and AMF Pointer by enabling operators to re-use the same AMF Set IDs and AMF Pointers in different regions.
5.1.2 General principles


'''NOTE 2:''' In the case of SNPNs, the PLMN IDs may be shared among SNPNs such that the constructed GUAMIs are not globally unique. However, PLMN ID and NID are provided together, separate from the GUAMI, to uniquely identify selected or supported SNPN in RRC and N2.
...<pre>For interception, there needs to be a means of identifying the target, correspondent and initiator and related parties of any targeted communication. A means shall exist for the operator to intercept communications based on long term or permanent identifiers associated with a target service or equipment, as identified by the LEA. To achieve interception, the operator may need to translate these into further associated identifiers, in order to identify the data to be intercepted. Target identities used for interception for each domain and service are target service and equipment associated with target use or any derived IDs from such elements that are to be defined in TS 33.107 [9] and TS 33.108 [10]. Examples of these identities are IMSI, MSISDN, NAI, Tel URI, SIP URI, for the target service and IMEI, MAC for the equipment.</pre>
'''
...<pre>National regulations may require that an operator is able to intercept any communication passing through its network based on any visible identity not connected to the operator network. It shall be based on a match between this target identity and identity type (e.g. IMPU) with the detected party fields. This identity is referred as a Non-Local Identity.</pre>
NOTE 3:''' See TS 23.003 for details on the structure of the fields of GUAMI.
 
The 5G-S-TMSI is the shortened form of the GUTI to enable more efficient radio signalling procedures (e.g. during Paging and Service Request) and is defined as <code><5G-S-TMSI> := <AMF Set ID> <AMF Pointer> <5G-TMSI></code>
 
As specified in TS 38.304 and TS 36.304 for 3GPP access, the NG-RAN uses the 10 Least Significant Bits of the 5G-TMSI in the determination of the time at which different UEs are paged. Hence, the AMF shall ensure that the 10 Least Significant Bits of the 5G-TMSI are evenly distributed.
 
As specified in TS 38.331 and TS 36.331 for 3GPP access, the NG-RAN's RRC Connection Establishment's contention resolution process assumes that there is a low probability of the same 5G-TMSI being allocated by different AMFs to different UEs. The AMFs' process for allocating the 5G-TMSI should take this account.
'''
NOTE 4:''' To achieve this, the AMF could, for example, use a random seed number for any process it uses when choosing the UE's 5G-TMSI.
|-
| AMF Name || || [https://www.3gpp.org/DynaReport/23501.htm 3GPP 23.501] § 5.9.5 || An AMF is identified by an AMF Name. AMF Name is a globally unique FQDN, the structure of AMF Name FQDN is defined in TS 23.003]. An AMF can be configured with one or more GUAMIs. At a given time, GUAMI with distinct AMF Pointer value is associated to one AMF name only.
|-
| IGI || Internal-Group Identifier || [https://www.3gpp.org/DynaReport/23501.htm 3GPP 23.501] § 5.9.7 || The subscription data for an UE in UDR may associate the subscriber with groups. A group is identified by an Internal-Group Identifier.
 
'''NOTE 1:''' A UE can belong to a limited number of groups, the exact number is defined in stage 3 specifications.<br>
'''NOTE 2:''' In this Release of the specification, the support of groups is only defined in non-roaming case.<br>
The Internal-Group Identifier(s) corresponding to an UE are provided by the UDM to the SMF as part Session Management Subscription data and (when PCC applies to a PDU Session) by the SMF to the PCF. The SMF may use this information to apply local policies and to store this information in CDR. The PCF may use this information to enforce AF requests as described in clause 5.6.7.
The Internal-Group Identifier(s) corresponding to an UE are provided by the UDM to the AMF as part of Access and Mobility Subscription data. The AMF may use this information to apply local policies (such as Group specific NAS level congestion control defined in clause 5.19.7.5).
|-
| GPSI || Generic Public Subscription Identifier || [https://www.3gpp.org/DynaReport/23003.htm 3GPP 23.003] § 28.8 || The Generic Public Subscription Identifier (GPSI) is defined in clause 5.9.8 of 3GPP TS 23.501.
 
The GPSI is defined as:
* a GPSI type: in this release of the specification, it may indicate an MSISDN or an External Identifier; and
* dependent on the value of the GPSI type:
* an MSISDN as defined in clause 3.3; or
* an External Identifier as defined in clause 19.7.2.<br>
'''NOTE:''' Depending on the protocol used to convey the GPSI, the GPSI type can take different formats.
|-
| NAI || Network Access Identifier || Example ||
|-
| Email address ||  ||  ||
|-
| E164Number ||  ||  ||
|-
| ||  ||  ||
|}
 
 
Lawful interception (LI) at each network or service function and applicable target identifiers.
 
{| class="wikitable sortable"
|-
! Target identifier !! AMF !! SMF/UPF !! UDM !! SMSF !! Location !! MMS Proxy-Relay
|-
| SUPIIMSI || &#x2713; || &#x2713; || &#x2713; || &#x2713; || || &#x2713;
|-
| SUPINAI || &#x2713; || &#x2713; || &#x2713; || &#x2713; || || &#x2713;
|-
| PEIIMEI || &#x2713; || &#x2713; || &#x2713; || &#x2713; || ||
|-
| PEIIMEISV || &#x2713; || &#x2713; || &#x2713; || &#x2713; || ||
|-
| GPSIMSISDN || &#x2713; || &#x2713; || &#x2713; || &#x2713; || || &#x2713;
|-
| GPSINAI || &#x2713; || &#x2713; || &#x2713; || &#x2713; || ||
|-
| PEI ||  ||  ||  ||  || &#x2713; ||
|-
| GPSI ||  ||  ||  ||  || &#x2713; ||
|-
| SUPI ||  ||  ||  ||  || &#x2713; ||
|-
| E164Number ||  ||  ||  ||  ||  || &#x2713;
|-
| EmailAddress ||  ||  ||  ||  ||  || &#x2713;
|-
| IMPI ||  ||  ||  ||  ||  || &#x2713;
|-
| IMPU ||  ||  ||  ||  ||  || &#x2713;
|-
| IMSI ||  ||  ||  ||  ||  || &#x2713;
|-
| NAI ||  ||  ||  ||  ||  || &#x2713;
|}
 
== IRI events ==
 
=== Network layer ===
 
The IRI-POI present in the AMF shall generate xIRI, when it detects the following specific events or information:
* Registration.
* Deregistration.
* Location update.
* Start of interception with already registered UE.
* Unsuccessful communication related attempt.
 
The IRI-POI present in the SMF/UPF shall generate xIRI, when it detects the following specific events or information:
* PDU session establishment.
* PDU session modification.
* PDU session release.
* Start of interception with an established PDU session.
 
The IRI-POI present in the SMSF shall generate xIRI, when it detects the following specific events or information:
* SMS message.
 
=== Service layer ===
 
The IRI-POI present in the UDM shall generate xIRI, when the UDM detects the following specific events or information:
* Serving system.
* Subscriber record change.
* Cancel location.
* Location information request.
 
The IRI-POI present in the IMS Signalling Function generates the following xIRI:
* Encapsulated SIP message.
* CC unavailable in serving PLMN.
* Start of interception with an established IMS session.
 
The IRI-POI present in the MMS Proxy-Relay shall generate xIRI, when it detects the following specific events or information:
* An MMS message is sent by the target or sent to the target.


== RFCs ==
== RFCs ==
Line 166: Line 53:


[https://tools.ietf.org/html/rfc7348 RFC 7348: Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks]
[https://tools.ietf.org/html/rfc7348 RFC 7348: Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks]
[https://www.rfc-editor.org/rfc/rfc5503.html#page-21 RFC 5503 PacketCable Distributed Call Signaling Architecture] contains P-DCS-LAES, PacketCable-Distributed Call Signaling-Lawfully Authorized Electronic Surveillance, extension.


<center>[[Telecommunications info|To Telecommunications info]]</center>
<center>[[Telecommunications info|To Telecommunications info]]</center>

Latest revision as of 13:39, 21 February 2023

ADMF/MDF Manufacturers

Here are some:

  • Allied Associates International
  • Aqsacom
  • Cognyte
  • EVE
  • G2K
  • Matison
  • SS8
  • Utimaco

LEMF Manufacturers

Here are some:

LI Testing

Here are some:

ETSI Handover (HI) notes

My ETSI HI via IP based network notes

5G notes

My 5G lawful interception notes

4G notes

My 4G lawful interception notes

33 106

Source: 3GPP TS 33.106 V16.0.0 (2020-07)

5.1.2 General principles

...

For interception, there needs to be a means of identifying the target, correspondent and initiator and related parties of any targeted communication. A means shall exist for the operator to intercept communications based on long term or permanent identifiers associated with a target service or equipment, as identified by the LEA. To achieve interception, the operator may need to translate these into further associated identifiers, in order to identify the data to be intercepted. Target identities used for interception for each domain and service are target service and equipment associated with target use or any derived IDs from such elements that are to be defined in TS 33.107 [9] and TS 33.108 [10]. Examples of these identities are IMSI, MSISDN, NAI, Tel URI, SIP URI, for the target service and IMEI, MAC for the equipment.

...

National regulations may require that an operator is able to intercept any communication passing through its network based on any visible identity not connected to the operator network. It shall be based on a match between this target identity and identity type (e.g. IMPU) with the detected party fields. This identity is referred as a Non-Local Identity.

RFCs

Cisco Architecture for Lawful Intercept in IP Networks

RFC 7348: Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks

RFC 5503 PacketCable Distributed Call Signaling Architecture contains P-DCS-LAES, PacketCable-Distributed Call Signaling-Lawfully Authorized Electronic Surveillance, extension.

To Telecommunications info
Retrieved from "https://wiki.gotopinion.info/wiki/index.php?title=My_lawful_interception_notes&oldid=2995"