Page 423 - Handbook of Modern Telecommunications
P. 423

3-214                   CRC Handbook of Modern Telecommunications, Second Edition

              •   There should be physical and logical access controls.
              •   Any necessary key, passwords, and user identifications for the authorization and the logical access
                 to the interception function should be securely stored.
              •   Any  transmission  of  passwords  and  user  identifications  for  access  to  interception  functions
                 should be secure.
              •   Physical interfaces should be secured mechanically and/or logically against unauthorized use.
              Transmission of all information between the NOW/AP/SVP and the LEMF across HI1, HI2, and
            HI3 shall be confidential. During communication between systems that are not based on leased lines,
            appropriate mechanisms should ensure that the recipient is in the position to verify or authenticate the
            identity of the sender while the connection is set up. During communication between systems that are
            not based on leased lines, appropriate mechanisms should ensure that the sender is in the position to
            verify or authenticate the identity of the recipient at the start of a connection.
              Only specifically authorized personnel should be able to control interceptions. In general, the LEA
            should not have any direct access to any network element.
              The entire communication between the administration system and the interception function should
            be confidential. All internal interfaces must be secured.
              The interception functions shall be implemented in such a manner that:
              •   The  interception  subject  and  his  correspondents  do  not  know  that  a  lawful  interception  is
                 active.
              •   During the intercepted communication itself, the quality of the communication shall remain the
                 same as usual and the service shall be unchanged, including all supplementary services such as
                 call forwarding, etc.
              •   When there is no intercepted communication, the quality of communication shall remain the
                 same and the service shall be unchanged; in other words, there is no modification to services sup-
                 plied or information received either by the interception subject or by some other party.
              An employee of NWO/AP/SVP who has been duly authorized may be permitted to know that inter-
            ception is in progress, or that a subscriber is an interception target. But an employee of NWO/AP/SVP
            who has not been duly authorized may not be permitted to know that interception is in progress, or that
            a subscriber is an interception target.


            3.8.7   Principles of Monitoring and Intercepts
                  (Hardware and Software Probes)
            State-of-the-art technology permits monitoring of everything in networking infrastructures. But every-
            thing has a price tag. The following challenges must be addressed by telecommunications service pro-
            viders and LEAs:
              •   How to identify dynamic targets
              •   How to deal with roaming in/out subscribers
              •   How to intercept compressed and encrypted traffic
              •   How to capture a call in progress
              •   How to meet real time constraints
              •   How to deal with identity management
              •   How to identify target locations
              •   How to identify prepaid targets
              Lawful intercepts require full monitoring capabilities in networks. This requirement causes several
            concerns on behalf of the telecommunications service providers:
              •   Optimizing the combination of internal and external lawful intercept capabilities
   418   419   420   421   422   423   424   425   426   427   428