Your search keyword '"Lawful interception"' showing total 72 results

1. Requirements of EU law enforcement agencies for lawful interception of information in electronic communications networks

Author

S. Кokiza and V. Stepanov

Subjects

Lawful interception, Law enforcement, Normative, Context (language use), Electronic communication, Business, Interception, Computer security, computer.software_genre, computer

Abstract

The article is devoted to the analysis of regulatory and legal acts and normative documents of the EU on information interception in electronic communication networks in the context of preparation of technical regulations of the united system of technical means.

Published

2021

2. IPvest: Clustering the IP Traffic of Network Entities Hidden Behind a Single IP Address Using Machine Learning

Author

Haim Zlatokrilov, Liran Orevi, Robert Moskovitch, Roni Mateless, and Michael Segal

Subjects

Computer Networks and Communications, business.industry, Computer science, Cloud computing, Internet traffic, computer.software_genre, Virtual machine, Lawful interception, Server, Electrical and Electronic Engineering, business, Cluster analysis, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, Mobile device, computer, Network address translation, Computer network

Abstract

IP Networks serve a variety of connected network entities (NEs) such as personal computers, servers, mobile devices, virtual machines, hosted containers, etc. The growth in the number of NEs and technical considerations has led to a reality where a single IP address is used by multiple NEs. A typical example is a home router using Network Address Translation (NAT). In organizations and cloud environments, a single IP can be used by multiple virtual machines or containers running on a single device. Discovering the number of NEs served by an IP address and clustering their traffic correctly is of value in many use cases for security, lawful interception, asset management, and other purposes. In this paper, we introduce IPvest, a system that incorporates unsupervised and supervised learning algorithms based on various features for counting and clustering network traffic of NEs masqueraded by a single IP. The features are based on the characteristics of operating systems (OSs), NAT behavior, and users’ habits. Our model is evaluated on real-world datasets including Windows, Linux-based, Android, and iOS-based devices, containers, virtual machines, and load-balancers. We show that IPvest can count the number of NEs and cluster their traffic with high precision, even for containers running on a single device and servers behind a load-balancer.

Published

2021

3. An Efficient Network Classification Based on Various-Widths Clustering and Semi-Supervised Stacking

Author

Abdulmohsen Almalawi and Adil Fahad

Subjects

semi-supervised learning, General Computer Science, Computer science, Quality of service, Internet traffic classification, multiview, General Engineering, Internet traffic, Intrusion detection system, computer.software_genre, TK1-9971, Support vector machine, Metadata, Traffic classification, Lawful interception, General Materials Science, Electrical engineering. Electronics. Nuclear engineering, Data mining, Cluster analysis, computer

Abstract

Network traffic classification is basic tool for internet service providers, various government and private organisations to carry out investigation on network activities such as Intrusion Detection Systems (IDS), security monitoring, lawful interception and Quality of Service (QoS). Recent network traffic classification approaches have used an extracted and predefined class label which come from multiple experts to build a robust network traffic classifier. However, keeping IP traffic classifiers up to date requires large amounts of new emerging labeled traffic flows which is often expensive and time-consuming. This paper proposes an efficient network classification (named Net-Stack) which inherits the advantages of various widths clustering and semi-supervised stacking to minimize the shortage of labeled flows, and accurately learn IP traffic features and knowledge. The Net-Stack approach consists of four stages. The first stage pre-processes the traffic data and removes noise traffic observations based on various widths clustering to select most representative observations from both the local and global perspective. The second stage generates strong discrimination ability for multiview representations of the original data using dimensionality reduction techniques. The third stage involves heterogeneous semi-supervised learning algorithms to exploit the complementary information contained in multiple views to refine the decision boundaries for each traffic class and get a low dimensional metadata representation. The final stage employs a meta-classifier and stacking approach to comprehensively learn from the metadata representation obtained in stage three for improving the generalization performance and predicting final classification decision. Experimental study on twelve traffic data sets shows the effectiveness of our proposed Net-Stack approach compared to the baseline methods when there is relatively less labelled training data available.

Published

2021

4. Escrowed decryption protocols for lawful interception of encrypted data

Author

Javier Lopez, Isaac Agudo, and David Nuñez

Subjects

Computer Networks and Communications, business.industry, Computer science, Escrow, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Cryptographic protocol, Encryption, Computer security, computer.software_genre, 01 natural sciences, Proxy re-encryption, Public-key cryptography, 010201 computation theory & mathematics, Lawful interception, 0202 electrical engineering, electronic engineering, information engineering, ComputingMilieux_COMPUTERSANDSOCIETY, Cryptosystem, business, Semantic security, computer, Software, Information Systems

Abstract

Escrowed decryption schemes (EDSs) are public-key encryption schemes with an escrowed decryption functionality that allows authorities to decrypt encrypted messages under investigation, following a protocol that involves a set of trusted entities called `custodians'; only if custodians collaborate, the requesting authority is capable of decrypting encrypted data. This type of cryptosystem represents an interesting trade-off to privacy versus surveillance dichotomy. In this study, the authors propose two EDSs where they use proxy re-encryption to build the escrowed decryption capability, so that custodians re-encrypt ciphertexts, in a distributed way, upon request from an escrow authority, and the re-encrypted ciphertexts can be opened only by the escrow authority. Their first scheme, called EDS, follows an all-or-nothing approach, which means that escrow decryption only works when all custodians collaborate. Their second scheme, called threshold EDS, supports a threshold number of custodians for the escrow decryption operation. They propose definitions of semantic security with respect to the authorities, custodians and external entities, and prove the security of their schemes, under standard pairing-based hardness assumptions. Finally, they present a theoretical and experimental analysis of the performance of both schemes, which show that they are applicable to real-world scenarios.

Published

2019

5. A Secure Encapsulation Schemes Based on Key Recovery System

Author

Tae Hoon Kim, Won-Bin Kim, Dae-Hee Seo, and Im-Yeong Lee

Subjects

Computer science, business.industry, Computer security, computer.software_genre, Encryption, Proxy re-encryption, Encapsulation (networking), Lawful interception, Ciphertext, Key encapsulation, business, computer, Key escrow, Signcryption

Abstract

Network users apply encryption to send and receive data securely. Since ciphertext can be encrypted and decrypted only by lawful users, third parties do not have the ability to know the content of an encrypted message. However, a secret key is uesed for encryption, and if the secret key is lost or corrupted, there is a problem that the encrypted text cannot be decrypted. Additionally, malicious use of this encryption will cause problems. If encryption is used maliciously, the government cannot prevent criminal activity. Because of this law enforcement agencies need support for lawful interception to decrypt criminals or suspect’s ciphertexts. We need a key recovery system that can safely recover these secret keys or decrypt messages for lawful interception. There are two types of key recovery systems, a key escrow method and a key encapsulation method. This paper proposes secure schemes using key encapsulation. The key encapsulation method requires the key information used in the ciphertext, and the key information can be obtained from the KRF (Key Recovery Field). The obtained key can be used to decrypt the ciphertext. however, various security threats exist in key recovery system. Such as forgery and alteration of KRF, single point of failure, inability to recover keys, and collusion attacks. To solve these problems, we propose secure encapsulation schemes based on key recovery system.

Published

2021

6. Lawful Interception in WebRTC Peer-To-Peer Communication

Author

Rami Puzis and Assaf Wagner

Subjects

Voice over IP, business.industry, Lawful interception, Authorization, Law enforcement, Business, Peer-to-peer, Service provider, Interception, Computer security, computer.software_genre, computer, WebRTC

Abstract

Lawful interception is the act of giving law enforcement officials access to communication between private individuals or organizations. According to the European Telecommunications Standards Institute (ETSI), service providers are expected to ensure that the entire contents of communication associated with the target identity being intercepted can be intercepted during the entire period of the lawful authorization, and that the delivery of the interception related information is reliable.

Published

2021

7. Pegasus Spyware – 'A Privacy Killer'

Author

Ajay Chawla

Subjects

Password, Exploit, Phone, Computer science, Lawful interception, Ransomware, Malware, Digital security, Android (operating system), computer.software_genre, Computer security, computer

Abstract

The recent Pegasus Project revelations of about half a lakh people across the world, including several in India, being targeted for cyber surveillance has firmly brought the spotlight on the Pegasus spyware, which is widely understood to be the most sophisticated smartphone attack tool. The revelations also mark the first time that a malicious remote jailbreak exploit had been detected within an iPhone. Pegasus is a spyware (Trojan/Script) that can be installed remotely on devices running on Apple’s iOS & Google’s Android operating systems. It is developed and marketed by the Israeli technology firm NSO Group. NSO Group sells Pegasus to “vetted governments” for “lawful interception”, which is understood to mean combating terrorism and organized crime, as the firm claims, but suspicions exist that it is availed for other purposes. Pegasus is a modular malware that can initiate total surveillance on the targeted device, as per a report by digital security company Kaspersky. It installs the necessary modules to read the user’s messages and mail, listen to calls, send back the browser history and more, which basically means taking control of nearly all aspects of your digital life. It can even listen in to encrypted audio and text files on your device that makes all the data on your device up for grabs. Since Pegasus hacks into the operating system, every activity within the phone can be monitored when the phone is switched on. It's as if someone is monitoring your phone activity over your shoulders. Pegasus operators can remotely record audio and video from your phone, extract phone messages, use GPS for location tracking, and recover passwords and authentication keys without the user even noticing. It's only when a device is sent for forensic screening, and experts look into the transfer of data to and from the phone, is when a potential attack can be confirmed. The dooming fact of it all is that since Pegasus exploits zero-day vulnerabilities, there is nothing that can be done regarding such breaches unless operating system developers proactively ship out an update to your phone, aimed to protect you from hi-tech malware like Pegasus.

Published

2021

8. A Solution to Support Integrity in the Lawful Interception Ecosystem

Author

Francesco Buccafurri, Cecilia Labrini, Alice Mariotti Nesurini, and Angelo Consoli

Subjects

Correctness, Work (electrical), Process (engineering), Computer science, Data integrity, Lawful interception, Law enforcement, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Message authentication code, Interception, Computer security, computer.software_genre, computer

Abstract

In this paper, we present an innovative solution to support integrity in a lawful interception ecosystem. The problem arises from the fact that whatever the interception system is organized, external (potentially untrusted) parties can be involved in the process. Therefore, the need to guarantee completeness, correctness, and freshness of the intercepted contents should be given. Moreover, contents often have to be transferred from law enforcement agencies to Courts or delivered to the defence, also partially. In this work, we design a complex architecture able to support effectively the above needs.

Published

2021

9. Make Remote Forensic Investigations Forensic Again: Increasing the Evidential Value of Remote Forensic Investigations

Author

Marcel Busch, Florian Nicolai, Christoph Safferling, Fabian Fleischer, Felix C. Freiling, and Christian Rückert

Subjects

Value (ethics), 021110 strategic, defence & security studies, Transport Layer Security, Computer science, business.industry, 0211 other engineering and technologies, Law enforcement, 020207 software engineering, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Lawful interception, 0202 electrical engineering, electronic engineering, information engineering, Software system, Suspect, Android (operating system), business, computer

Abstract

Due to the increasing use of encrypted communication and anonymous services, many countries introduced new regulations that allow law enforcement to perform remote forensic investigations. During such investigations, law enforcement agencies secretly obtain remote access to a suspect’s computer to search for and collect evidence, including full copies of the (unencrypted) communication data. In this paper, we argue that the evidential value of the acquired evidence can be substantially increased by two technical methods: (1) employing integrity verification techniques offered by secure hardware, and (2) exfiltrating the decryption key of encrypted communication only in order to decrypt communication obtained by lawful interception. To prove the practicality of both methods, we design and implement TEE-BI, a solution for Trusted Execution Environment-based introspection. We deploy TEE-BI on an Android-based hardware platform featuring an ARM TrustZone and demonstrate the stealthy extraction of Secure Sockets Layer encryption keys from an Android userland application. We evaluate the effectiveness, performance, and compatibility of our prototype and argue that it provides a much higher level of evidential value than (the known) existing remote forensic software systems.

Published

2021

10. A hybrid clustering-classification for accurate and efficient network classification

Author

Xun Yi, Adil Fahad, Zahir Tari, and Abdulmohsen Almalawi

Subjects

Empirical research, Traffic classification, Computer science, Lawful interception, Quality of service, Intrusion detection system, Data mining, Noise (video), Cluster analysis, computer.software_genre, computer, Port (computer networking)

Abstract

The traffic classification is the foundation for many network activities, such as quality of service (QoS), security monitoring, lawful interception, and intrusion detection system (IDS). A recent statistics-based method to address the unsatisfactory results of traditional port-based and payload-based methods has attracted attention. However, the presence of non-informative attributes and noise instances degrade the performance of this method. Thus, to address this problem, in this chapter, a hybrid clustering-classification method (called CluClas) is described to improve the accuracy and efficiency of network traffic classification by selecting informative attributes and representative instances. An extensive empirical study on four traffic data sets shows the effectiveness of the CluClas method.

Published

2020

11. Requirements Analysis Required--Otherwise Targeted Monitoring Enables Pervasive Monitoring

Author

Stephen Farrell

Subjects

Ubiquitous computing, General Computer Science, business.industry, Computer science, Interoperability, Internet privacy, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, 020204 information systems, Lawful interception, 0202 electrical engineering, electronic engineering, information engineering, The Internet, business, Requirements analysis, computer

Abstract

Lawful interception was developed in a closed manner and is usable for pervasive monitoring, which the Internet community has deemed an attack. Further developing lawful interception technology is therefore counter-productive unless accompanied by an open re-evaluation of targeted monitoring requirements assigning equal priority to requirements for security, privacy, and Internet-scale interoperability.

Published

2016

12. Extracting Suspicious IP Addresses from WhatsApp Network Traffic in Cybercrime Investigations

Author

En-Cih Chang, Da-Yu Kao, and Fu-Ching Tsai

Subjects

Network forensics, Computer science, Network packet, business.industry, Law enforcement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Cybercrime, Lawful interception, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, computer

Abstract

Sniffers are among the commonest approaches for capturing network traffic activities and collecting digital evidences in cybercrime investigations. The ubiquity of instant messaging (IM) apps on smartphones has provided criminals with communication channels that are difficult to decode. Moreover, investigators and analysts of cybercrimes are encountering increasingly large datasets. To combat criminal activity, law enforcement agencies (LEAs) often rely on call-record analysis. In this paper, cybercriminals are investigated by network forensics and sniffing techniques. Retrieving valuable information from specific IM apps is difficult because the criminal’s IP address records are not easily recognisable on the Internet. Here, a criminal’s identity is located more effectively by a packet filter framework that isolates the WhatsApp communication features from huge collections of network packets. A rule extraction method for sniffing packets is proposed that retrieves the relevant attributes from high-dimensional analysis based on geolocation and a pivot table. The utility of this methodology is illustrated on real-time network forensics and a lawful interception system in Taiwan. The methodology also meets the ISO/IEC 27043:2015 standards of fear, uncertainty, and doubt avoidance. Besides supporting LEAs in discovering criminal communication payloads, prosecuting cybercriminals and bringing them to justice, it improves the effectiveness of modern call-record analysis.

Published

2019

13. Improving Lawful Interception in Virtual Datacenters

Author

Tobias Eggendorfer, Daniel Spiekermann, and Jörg Keller

Subjects

business.industry, Computer science, Network packet, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, computer.software_genre, Virtualization, Virtual network interface, Virtual machine, Server, Lawful interception, Packet analyzer, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Computer network

Abstract

The rise of cloud computing led to the need for highly flexible and dynamic infrastructures, which are able to handle a variety of different applications, the accruing big data and the requests of various customers simultaneously. By the use of virtualization modern datacenters provide an environment for cloud computing infrastructures. In these environments hundreds of thousands of physical servers host hundreds of thousands of virtual machines. This huge number of involved systems as well as additional virtual layer inside these environments impede lawful interceptions and network forensic investigations, which are performed to wiretap a suspicious system. Without any constraints, all phases of a network forensic investigation are faced with arising challenges like access and packet capture of virtual network interface cards, record the captured packets on hardware devices or the subsequent analysis of encapsulated network packets. Due to the huge number of relevant systems, the investigation gets inflexible and slow, which prevents a valid and usable wiretapping of a suspicious system. In this paper we propose an improvement of the packet capture process, which in turn enhances the recording and the subsequent analysis of the lawful interception. By reducing the number of relevant physical servers the number of involved hosting servers is decreased. In combination with further information of the virtual environment an enhanced process is possible, which ensures a valid lawful interception of the relevant network traffic.

Published

2018

14. Defeating the Downgrade Attack on Identity Privacy in 5G

Author

Kimmo Järvinen, Valtteri Niemi, Philip Ginzboorg, Mohsin Khan, Cremers, Cas, Lehmann, Anja, Department of Computer Science, Doctoral Programme in Computer Science, Helsinki Institute for Information Technology, University of Helsinki, Department of Communications and Networking, Aalto-yliopisto, and Aalto University

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, education, 0211 other engineering and technologies, 02 engineering and technology, Pseudonym, Identity privacy, Computer security, computer.software_genre, Public-key cryptography, 020204 information systems, Synchronization (computer science), 0202 electrical engineering, electronic engineering, information engineering, 3GPP, IMSI catchers, 021110 strategic, defence & security studies, business.industry, 113 Computer and information sciences, Downgrade attack, User equipment, Lawful interception, Identity (object-oriented programming), business, Cryptography and Security (cs.CR), computer, 5G, conference

Abstract

3GPP Release 15, the first 5G standard, includes protection of user identity privacy against IMSI catchers. These protection mechanisms are based on public key encryption. Despite this protection, IMSI catching is still possible in LTE networks which opens the possibility of a downgrade attack on user identity privacy, where a fake LTE base station obtains the identity of a 5G user equipment. We propose (i) to use an existing pseudonym-based solution to protect user identity privacy of 5G user equipment against IMSI catchers in LTE and (ii) to include a mechanism for updating LTE pseudonyms in the public key encryption based 5G identity privacy procedure. The latter helps to recover from a loss of synchronization of LTE pseudonyms. Using this mechanism, pseudonyms in the user equipment and home network are automatically synchronized when the user equipment connects to 5G. Our mechanisms utilize existing LTE and 3GPP Release 15 messages and require modifications only in the user equipment and home network in order to provide identity privacy. Additionally, lawful interception requires minor patching in the serving network.

Published

2018

15. Study on Trends in Standardization of Lawful Interception and the Continuous Packet Capture in Heterogeneous Networks

Author

Youngsub Han, Myoungrak Lee, and Sangsoo Kim

Subjects

Standardization, Computer science, Lawful interception, Packet analyzer, Computer security, computer.software_genre, computer, Heterogeneous network

Abstract

Lawful interception(LI) is carried out in accordance with the relevant laws and regulations of each country‘s law enforcement authorities(LEA: Law Enforcement Agencies) and is refers to the act of receiving authorization (warrant) on the interception before performing the tapping of these legal acts. Lawful interception of the traditional public network PSTN (Public Switched Telephone Network), 2nd and 3rd generation of wireless networks was carred out by connecting directly to the switch like a conventional 접수일(2015년08월07일), 심사의뢰일(2015년08월18일), 심사완료일(1차:2015년09월02일) 게재확정일(2015년10월10일), 게재일(2015년10월31일) 701-866 대구광역시 동구 아양로 352, 사서함 304-304, 지휘통신과. email: lmr2010@korea.ac.kr 52851 경남 진주시 동진로 420, 국방기술품질원 정보화기획실. email: yshan08@gmail.com (교신저자) 04383 서울특별시 용산구 이태원로 22, 국방부 군수정보화팀. email: softkim@gmail.com 합법적 감청의 표준화 동향과 이기종 통신망에서의 연속적 패킷 수집에 관한 연구 Copyright c 2015 SERSC 428 cable network. However, the mobile phone (mobile phone) or Voice over IP (VoIP) technology those provide mobility need a new approach to ensure LI. It is necessary to perform a continuous LI in the wide range of network environments while guarantee the continuity of mobile node’s communication. In this paper, we analyzed the traditional lawful interception laws and concepts of the United States, Europe and international standardization trend of LI. In addition, we proposed continuous LI architecture to perform dynamic triggering in heterogeneous networks and verified its effectiveness by experiment.

Published

2015

16. Digital Wiretap Warrant: Improving the security of ETSI Lawful Interception

Author

Alfonso Muñoz, Manuel Urueña, Raquel Aparicio, and Gerson Rodríguez de los Santos

Subjects

Warrant, Computer science, business.industry, Probable cause, Law enforcement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020206 networking & telecommunications, Plaintext, 02 engineering and technology, 16. Peace & justice, Computer security, computer.software_genre, Encryption, Computer Science Applications, Medical Laboratory Technology, Digital evidence, 020204 information systems, Lawful interception, 0202 electrical engineering, electronic engineering, information engineering, business, Law, computer, Chain of custody

Abstract

Lawful Interception (LI) of data communications is an essential tool for Law Enforcement Agencies (LEA) in order to investigate criminal activities carried out or coordinated by means of Internet. However, the ability to secretly monitor the activities of citizens also has a great impact on civil rights. Therefore, democratic societies must prevent abuse and ensure that LI is only employed in specific cases with justifiable grounds or a probable cause. Nowadays, in many countries each interception must be authorized by a wiretap warrant, usually issued by a judge. However, this wiretap warrant is merely an administrative document that should be checked by the network or service operator before enabling the monitoring of its customers, whose communications are later handed over to a LEA in plaintext. This paper proposes the idea of employing a Digital Wiretap Warrant (DWW), which further protects the civil liberties, security and privacy of LI by ensuring that monitoring devices can only be enabled with a valid DWW, and by encrypting the captured data so only the authorized LEA is able to decrypt those communications. Moreover, in the proposed DWW framework all digital evidence is securely time-stamped and signed, thus guaranteeing that it has not been tampered with, and that a proper chain of custody has been met. In particular this paper proposes how to apply the DWW concept to the lawful interception framework defined by the ETSI LI Technical Committee, and evaluates how the additional security mechanisms could impact the performance and storage costs of a LI platform.

Published

2015

17. WhatsApp network forensics: Discovering the communication payloads behind cybercriminals

Author

En-Cih Chang, Fu-Ching Tsai, and Da-Yu Kao

Subjects

Network forensics, business.industry, Computer science, Law enforcement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Criminal investigation, Cybercrime, Lawful interception, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, computer

Abstract

The ubiquity of instant messaging (IM) apps on smart phones have provided criminals to communicate with channels which are difficult to decode. Investigators and analysts are increasingly experiencing large data sets when conducting cybercrime investigations. Call record analysis is one of the critical criminal investigation strategies for law enforcement agencies (LEAs). The aim of this paper is to investigate cybercriminals through network forensics and sniffing techniques. The main difficulty of retrieving valuable information from specific IM apps is how to recognize the criminal' IP address records on the Interne t. This paper proposes a packet filter framework to WhatsApp communication patterns from huge collections of network packets in order to locate criminal's identity more effectively. A rule extraction method in sniffing packets is proposed to retrieve relevant attributes from high dimensional analysis regarding to geolocation and pivot table. The results can support LEAs in discovering criminal communication payloads, as well as facilitating the effectiveness of modern call record analysis. It will be helpful for LEAs to prosecute cybercriminals and bring them to justice.

Published

2018

18. Digital Privacy in Africa: Cybersecurity, Data Protection & Surveillance

Author

Ewan Sutherland

Subjects

business.industry, Corporate governance, media_common.quotation_subject, Digital government, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, Dignity, Lawful interception, Data Protection Act 1998, The Internet, business, Sophistication, computer, media_common

Abstract

The push in Africa for the widespread adoption of telecommunications and Internet is aimed at boosting economic growth and access to digital government services. However, it has significant effects on privacy by enabling surveillance of the networks, by allowing the collection of data about customers, their locations and transactions, which can be linked to other data and analysed for commercial or governmental purposes. Data can also be stolen or destroyed, by criminals, foreign powers and terrorists. While countries have enthusiastically created telecommunications regulatory authorities, they have only rarely created data protection authorities to oversee well established principles for the collection, use and storage of data. Similarly, they have lagged on the introduction of strategies for cybersecurity and the centres needed to collect data on attacks and defences. Surveillance by secret police has grown in sophistication, with facilities for lawful interception, IMSI-catchers and surveillance RATs, none of which is overseen by parliaments or the courts. Consequently, the rights to dignity and privacy are very poorly observed and more often breached.

Published

2018

19. LiaaS: Lawful Interception as a Service

Author

Mehrnoosh Monshizadeh, Vikramajeet Khatri, Mohammadali Varfan, Raimo Kantola, Department of Communications and Networking, Nokia Bell Labs, Bonn-Rhein-Sieg University of Applied Sciences, Aalto-yliopisto, and Aalto University

Subjects

Service (systems architecture), Computer science, Lawful Interception, Big data, Cloud computing, Conference call, 02 engineering and technology, computer.software_genre, Machine Learning, 0203 mechanical engineering, Server, 0202 electrical engineering, electronic engineering, information engineering, Automated Minutes, ta113, Multimedia, ta213, business.industry, End user, 020302 automobile design & engineering, 020206 networking & telecommunications, Automated Audio Analysis, Metadata, Lawful interception, Automated Video Analysis, business, computer

Abstract

Machine learning techniques are the key to success for big data analytics in forthcoming 5G and cloud networks. Internet Service Providers (ISPs) and mobile networks are still relying on traditional Lawful Interception (LI) mechanisms that use error prone meta data and are vulnerable to cyber-attacks. While new identity methods are used to monitor suspected end users, the major challenge is the amount of data that needs to be monitored to find the traffic of interest related to the specific targets. On the other hand, for a conversation (audio or video) between two or multiple attendees, such as a conference call or interview, extracting, briefing and classifying important information can be prone to errors and exhaustion of resources if it is done by humans. This paper proposes an intelligent, secure, fast and reliable platform called Lawful interception as a Service (LiaaS) to detect, analyze and intercept content from different media such as voice and video call. The proposed platform also extracts the minutes of conversation and the most important information from the media (audio or video) so any desired detail can be searched from it.

Published

2018

20. On Identities in Modern Networks

Author

Tomáš Martínek, Libor Polcak, and Radek Hranicky

Subjects

Service (systems architecture), Computer science, General Medicine, Detailed data, Computer security, computer.software_genre, Identifier, Identification (information), Network testing, Lawful interception, Court order, lcsh:Criminal law and procedure, lcsh:K5000-5582, computer, Network address translation

Abstract

Communicating parties inside computer networks use different kind of identifiers. Some of these identifiers are stable, e.g., logins used to access a specific service, some are only temporary, e.g., dynamically assigned IP addresses. This paper tackles several challenges of lawful interception that emerged in modern networks. The main contribution is the graph model that links identities learnt from various sources distributed in a network. The inferred identities result into an interception of more detailed data in conformance with the issued court order. The approach deals with network address translation, short-lived identifiers and simultaneous usage of different identities. The approach was evaluated to be viable during real network testing based on various means to learn identities of users connected to a network.

Published

2014

21. 3G IP Multimedia Subsystem based framework for lawful interception

Author

Jungbean Lee, Hoh Peter In, Young Gab Kim, Do Hoon Kim, and Byungsik Yoon

Subjects

Session Initiation Protocol, Service (systems architecture), Voice over IP, Computer science, computer.internet_protocol, business.industry, Network packet, Quality of service, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, IP Multimedia Subsystem, Service provider, Computer security, computer.software_genre, Lawful interception, Electrical and Electronic Engineering, business, computer, Computer network

Abstract

Issues related to lawful interception, such as invasion of privacy and efficient investigation, are presently at the forefront of social consciousness. Interception technology has to consistently evolve in order to keep pace with new and varied network structures. Thus, standard lawful interception documents that are appropriate for the existing PSTN, 2G and 3G, and packet-based communication are being proposed. In particular, newly arising services based on IP Multimedia Subsystems (IMSs) that support multimedia streaming, data transmission, and voice over IP, make lawful interception even more imperative. In this paper, we propose an architecture for IMS/Session Initiation Protocol based Lawful Interception (LI) in wireless 3G networks. We also propose LI techniques that are differentiated according to the IMS characteristics where content service providers are separated from network providers. Using the standards of dynamic triggering technologies for commissioning the authority to intercept among multiple network providers as a basis, we analyze IMS architecture and service operation methods. We then propose an LI architecture that is appropriate for IMS services. In addition, we present the results of a quality of service performance analysis conducted on our proposed interception architecture for various numbers of IMS users.

Published

2013

22. Implementation and performance of VoIP interception based on SIP session border controller

Author

Menghui Yang and Hua Liu

Subjects

Session Initiation Protocol, Voice over IP, Computer science, business.industry, Network packet, computer.internet_protocol, Session border controller, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Testbed, Real-time computing, Data_CODINGANDINFORMATIONTHEORY, Bottleneck, Lawful interception, Electrical and Electronic Engineering, Interception, business, computer, Computer network

Abstract

In an effort to provide lawful interception for session initiation protocol (SIP) voice over Internet protocol (VoIP), an interception architecture using session border controller (SBC) is proposed. Moreover, a prototype based on the proposed architecture is implemented. A testbed is set up and tests are carried out in order to analyze the performance and the capability of function entities and interfaces in the proposed architecture. Test results show that SBC interception capability in SIP signaling is superior to that in real-time transport protocol (RTP) media stream. In order to eliminate the possible bottleneck of RTP packets interception in SBC, an analytic model is proposed to investigate the mechanism in which RTP packet's traffics are shared among different SBC media functions. Analysis results show that multiple SBC media functions can share the RTP packets arrival and can significantly decrease RTP packets service time in SBC. Test results also show that delivery function, collect function and their interfaces in the proposed interception architecture have corresponding interception performance and capability with SBC.

Published

2013

23. NFV Security: Emerging Technologies and Standards

Author

Steve Goeringer and Igor Faynberg

Subjects

Security monitoring, Network Functions Virtualization, Computer science, Emerging technologies, business.industry, Cloud computing, Computer security, computer.software_genre, Identity management, Lawful interception, Trust management (information system), Architecture, business, computer

Abstract

This chapter addresses the network function virtualization (NFV) security while reflecting on the work of the ETSI NFV Security Working Group (NFV SEC WG) and the industry view it has formulated in the past 4 years. To this end, the chapter explains the differences between the “generic” cloud and NFV and discusses the security threats as well as new benefits for security provided in the NFV environment. The chapter further explains how the trust is bootstrapped from hardware and established among the execution components, the discussion culminating in the treatment of the subject of remote attestation. The requirements and architecture for lawful interception (LI) in the NFV environment, as well as the security monitoring and management in the NFV environment, are treated in much detail. Finally, a separate section is dedicated to the analysis of the OpenStack security. There is substantial bibliography offered to a reader who wishes to understand the background and minute detail of the subject.

Published

2017

24. Detection of Encrypted Multimedia Traffic through Extraction and Parameterization of Recurrence Plots

Author

Andrea Senatore, Maurizio Longo, Mario Di Mauro, and Michele Cirillo

Subjects

Voice over IP, Multimedia, Data stream mining, Computer science, business.industry, 010401 analytical chemistry, Payload (computing), 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Encryption, 01 natural sciences, 0104 chemical sciences, Task (computing), Recurrence quantification analysis, Lawful interception, 0202 electrical engineering, electronic engineering, information engineering, Data mining, Representation (mathematics), business, computer

Abstract

The detection of encrypted multimedia traffic (like VoIP or Video) is a crucial task for both TELCO operators and authorities involved in lawful interception issues. As an example, Skype traffic that cannot be detected through classical methods as port-based detection (because of a random based choice port option) nor payload inspection (because of encryption mechanisms adopted). Dwelling on Skype, the aim of this work is to propose a novel technique that, by recasting the regularities of the data streams in terms of recurrence plots (a representation derived from Chaos Theory), extracts some unprecedented observables; such observables are then considered in a decision-tree building procedure exploiting the C4.5 algorithm in order to draw a decision about the presence or the absence of the targeted traffic. In the final section, a comparison with a reference technique is presented.

Published

2016

25. Monitoring and Protection Techniques

Author

Jyrki T. J. Penttinen

Subjects

business.industry, computer.internet_protocol, Computer science, Network packet, Service provider, Fault management, Lawful interception, IPsec, Mobile telephony, Roaming, business, computer, Mobile network operator, Computer network

Abstract

This chapter discusses techniques for the protection of mobile communications, services, users and applications. Real‐time network analysis and protection techniques are summarized such as deep packet investigation, virus protection and Legal/Lawful interception (LI). The protection needs to be scalable in order to provide carrier‐grade IPSec throughput and performance and to minimize any network latency. The protection of the Gp/S8 interface shields the packet core network against malicious intentions regarding roaming, i.e., when users are connected to services via other mobile network operator (MNO) networks. Performance monitoring and fault management of the networks can be considered an integral part of the security assurance. LI has been designed for authorized access to the communications of commercial, government and military environments. LI provides the means for mobile and fixed network operators and service providers to collect traffic and identification information of private or organizational communications for post‐analysis for law enforcement officials.

Published

2016

26. Secure SIP authentication scheme supporting lawful interception

Author

Jian Wang, Shuhua Wu, and Qiong Pu

Subjects

Provable security, Authentication, Session Initiation Protocol, Voice over IP, Computer Networks and Communications, business.industry, Computer science, computer.internet_protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Computer security, computer.software_genre, law.invention, Signaling protocol, law, Server, Lawful interception, Internet Protocol, business, computer, Information Systems, Computer network

Abstract

The session initiation protocol (SIP) is the most widely used signaling protocol for creating, modifying, and terminating multimedia sessions in an Internet Protocol-based telephony environment. Recently, Arshad et al. proposed an authentication scheme based on elliptic curve cryptosystems for SIP. In this paper, we first show that their scheme is vulnerable to the password-guessing attack. Thereafter, we propose a new authentication and key agreement scheme for SIP, which is immune to the presented attacks. Our scheme achieves provable security and, yet, is efficient. Moreover, we also provide an extended scheme capable of protecting media stream's privacy even against SIP servers while supporting lawful interception, which is inevitably required for protecting the national security or for detecting the criminal evidence. Copyright © 2012 John Wiley & Sons, Ltd.

Published

2012

27. Decision Tree Based Rules Redistribution Algorithm for IP Monitoring of Lawful Interception on IPv4 Networks

Author

Xiao Ma, Sheng Kai Qu, Xin Huang, and Qin Qin Tang

Subjects

Scheme (programming language), computer.internet_protocol, Computer science, business.industry, Network packet, General Engineering, Law enforcement, Decision tree, ComputerApplications_COMPUTERSINOTHERSYSTEMS, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Redistribution (cultural anthropology), Computer security, computer.software_genre, IPv4, Order (exchange), Lawful interception, business, computer, Algorithm, computer.programming_language, Computer network

Abstract

IP networks were growing rapidly over past decades. Perhaps more significant is the impact that it is also provide a medium to the illicit activities. Therefore, IP monitoring of lawful interception of IPv4 Networks was proposed to combat against those illicit activities over IP Networks. The Law Enforcement Agencies (LEA) can monitor the IP packets as well as capture them for analysis or providing forensics. In order to assist IP Monitoring of lawful interception from technical perspective, we propose a scheme named Decision Tree Based Rules Redistribution Algorithm (DTBRRA) which can be fast applied on IP networks.

Published

2012

28. A three-level authenticated conference key establishment protocol for UMTS networks

Author

Chien-Lung Hsu, Tzong-Chen Wu, and Chung-Fu Lu

Subjects

Authentication, Computer science, Cost effectiveness, business.industry, General Engineering, Key distribution, Computer security, computer.software_genre, Lawful interception, Communication in small groups, Scalability, business, Protocol (object-oriented programming), computer, UMTS frequency bands, Computer network

Abstract

A conference key establishment protocol allows a group of conferees to agree on a secret key shared among them for secure group communication. This paper proposes a three-level conference key establishment protocol based on the Universal Mobile Telecommunications System (UMTS) framework to establish a group-level key, home location register (HLR) level keys, and visitor location register (VLR) level keys simultaneously for a group of conferees. The group-level key is used to secure the communications for all conferees, the HLR-level key is for those within the same HLR domain, and the VLR-level key is for those within the same VLR domain. The group-level key can be used for securing inter-domain group-oriented applications such as commercial remote conferencing systems. The HLR- and VLR-level keys can be used for securing intra-domain subgroup applications (e.g., location-based or context-aware services) and dynamic key updating. Since our proposed protocol exploits existing UMTS security functions and the exclusive-or operation, it is compatible with UMTS architecture. This means that it is fast and easy to implement on the existing UMTS architecture. Furthermore, the proposed protocol has low computational complexities and can provide cost effectiveness, load-amortization, scalability, user authentication, key establishment, key confirmation, key updating, and lawful interception.

Published

2011

29. A scalable and efficient key escrow model for lawful interception of IDBC-based secure communication

Author

Kyusuk Han, Chan Yeob Yeun, Kwangjo Kim, Taeshik Shon, and Jong Hyuk Park

Subjects

Computer Networks and Communications, Computer science, Wireless network, business.industry, Eavesdropping, Computer security, computer.software_genre, Encryption, Secure communication, Lawful interception, Key (cryptography), Cryptosystem, Electrical and Electronic Engineering, business, computer, Key escrow, Computer network

Abstract

Key escrowing is one of the core technologies for the lawful interception (LI) of secure communications in the wired and wireless networks. Although many previous studies on the key escrowing have been done before, they are insufficient to be deployed in practical networks due to conflicts with the LI requirements. Moreover, there is lack of consideration on the LI of ID-based cryptosystem (IDBC)-based secure communication because the interest of the LI was moved to the industries and IDBC has the inherent key escrowing property. However, the inherent property of IDBC cannot prevent ‘illegal’ eavesdropping of all the communications in the networks from the law enforcement agency with the ‘legally’ obtained key. Thus, we propose a new key escrow model that satisfies the requirements of LI and overcomes the potential threats of IDBC. Our contributions enable the scalable and efficient key escrowing for the LI of secure one-way and two-pass communication in the mobile networks. Copyright © 2010 John Wiley & Sons, Ltd. (A part of this paper was presented in IEEE International Conference on Consumer Electronics '09 [1].)

Published

2011

30. A Real-time Crime Detection System Based on Lawful Interception - A Case Study of MSN Messenger

Author

Yao Feng Wang, Wan-Jia Chen, Chi-Chun Lo, and Chi-Hua Chen

Subjects

Engineering, Lawful Interception, business.industry, Internet privacy, MSN Messenger, Law enforcement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Crime Detection, General Medicine, Computer security, computer.software_genre, Criminal investigation, Internet service provider, Lawful interception, ComputingMilieux_COMPUTERSANDSOCIETY, Information flow (information theory), Interception, business, Protocol (object-oriented programming), Crime detection, computer, Engineering(all)

Abstract

In recent years, the number of online crimes (e.g., the various emerging scams and criminal schemes) has increased. Online crime suspects utilize the anonymous nature of web to disguise their identity through various methods and evade detection and surveillance from law enforcement agencies. This study proposes an effective lawful interception system, Real-time Crime Detection System (RCDS), which includes Criminal Investigation Bureau (CIB), Internet Service Providers (ISP), and Network Interception Server (NIS) to establish a legally sanctioned lawful interception process which can collect and store evidence for criminal detection in real time. We provide a case study of MSN Messenger to describe the MSN Protocol (MSNP), information flow process, and lawful interception methodologies. The RCDS can provide criminal detection and surveillance services for MSN to obtain criminal communication records in turn reducing online criminal activities.

Published

2011

31. Computational approaches to suspicion in adversarial settings

Author

David B. Skillicorn

Subjects

Data records, ComputingMilieux_THECOMPUTINGPROFESSION, Social network, Computer Networks and Communications, business.industry, Computer science, Law enforcement, Difficulty focusing, Computer security, computer.software_genre, Data science, Theoretical Computer Science, Adversarial system, Lawful interception, business, computer, Software, Information Systems

Abstract

Intelligence and law enforcement agencies collect large datasets, but have difficulty focusing analyst attention on the most significant records and structures within them. We address this problem using suspicion, which we interpret as relevant anomaly, as the measure associated with data records and individuals. For datasets collected about widespread activities in which the signs of adversarial activity are rare, we suggest ways to build predictive models of suspicion. For datasets collected as the result of lawful interception, we suggest a model of suspicion spreading using the social network implied by the intercepted data.

Published

2010

32. An overview of VoIP and P2P copyright and lawful-interception issues in the United States and Taiwan

Author

Wen-Hsing Lai and Fa-Chang Cheng

Subjects

Government, Voice over IP, business.industry, Computer science, Internet privacy, Copyright infringement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Computer security, computer.software_genre, Computer Science Applications, Medical Laboratory Technology, Phone, Lawful interception, The Internet, Architecture, business, Law, Protocol (object-oriented programming), computer

Abstract

With the evolution of increasingly sophisticated Internet communication technologies, ensuing legal and policy issues have also emerged. VoIP (voice-over-Internet Protocol) and P2P (peer-to-peer) file-sharing software are two relevant examples of the differing characteristics of Internet communications compared to traditional communication technologies, e.g., telephone, cell phone or client-and-server architecture, from the viewpoint of government surveillance (or the investigation of copyright infringement) and the protection of user privacy. Herein, we try to make observations and opinions regarding the legal issues related to VoIP and P2P file-sharing software.

Published

2010

33. A seamless lawful interception architecture for mobile users in IEEE 802.16e networks

Author

Byungsik Yoon, Hoh Peter In, Hyogon Kim, Taek Lee, and Myoungrak Lee

Subjects

IEEE 802, Computer Networks and Communications, business.industry, Wireless network, Computer science, Mobile computing, Computer security, computer.software_genre, Server, Lawful interception, Wireless, The Internet, Mobile telephony, business, computer, Information Systems, Computer network

Abstract

Lawful interception (LI) involves legally accessing private communication such as telephone calls or email messages. Numerous countries have been drafting and enacting laws concerning the LI procedures. With the proliferation of portable Internet services such as the IEEE 802.16e wireless mobile networks, surveillance over illegal users is an emerging technical issue in LI. The ever-migrating users and their changing IP's make it harder to provide support for seamless LI procedures on 802.16e networks. Few studies, however, on seamless LI support have been conducted on the 802.16e mobile networks environments. Proposed in this paper are a seamless LI architecture and algorithms for the 802.16e networks. The simulation results demonstrate that the proposed architecture improves recall rates in intercepting mobile user, when compared to the existing LI architectures.

Published

2009

34. An efficient end-to-end security mechanism for IP multimedia subsystem

Author

Han-Chieh Chao, Tin-Yu Wu, Chi-Yuan Chen, and Yueh-Min Huang

Subjects

Voice over IP, Computer Networks and Communications, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, IP Multimedia Subsystem, Wireless Multimedia Extensions, Mutual authentication, Computer security, computer.software_genre, Security association, Lawful interception, Next-generation network, Wireless, Session key, The Internet, business, computer, Key exchange, Computer network

Abstract

With the rapid growth of the Internet and wireless communications, people make extensive use of portable wireless devices to access information such as voice, data and multimedia, any time from any place, enjoying ubiquitous services. IP multimedia subsystem (IMS) are regarded as the total solution for packet-switched networks, combining wired and wireless infrastructures, providing a standardized interface for information services. We propose the IMSKAAP key exchange protocol and fit it into the IMS session initiation procedure to achieve media plane end-to-end security. This mechanism also mitigates the impact of spam over IP telephony (SPIT) using mutual authentication, fulfilling the lawful interception requirement. The simulation result shows that the proposed mechanism provides a more secure session key exchange and does not need the additional message exchange cost. The voice call end-to-end delay is also lower than the hop-by-hop security associations defined by 3GPP.

Published

2008

35. Lawful interception – key concepts, actors, trends and best practice considerations

Author

Mathieu Gorge

Subjects

General Computer Science, Computer science, Best practice, Lawful interception, Terrorism, Key (cryptography), Track (rail transport), Computer security, computer.software_genre, Law, computer

Abstract

Mathieu Gorge examines how police in different countries track the electronic movements of terrorist and criminals and how their methods will develop.

Published

2007

36. The mechanics of lawful interception

Author

Stephen Gleave

Subjects

Information Systems and Management, Voice over IP, Computer Networks and Communications, Computer science, business.industry, Law enforcement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Legislation, Service provider, Computer security, computer.software_genre, Statute, Work (electrical), Phone, Lawful interception, Law, Safety, Risk, Reliability and Quality, business, computer

Abstract

Phone tapping was one issue at the top of the headlines last year, after the NSA was discovered listening in to US citizens' conversations. But the issue of lawful intercept stretches back for years. During the mid-nineties, legislation was signed in the US that outlined a more structured framework for telephone carriers' compliance with law enforcement requests, and created standards for the exchange of such information. Now, thanks to the rise of VoIP, P2P and other forms of communication, the law is being updated. And Europe has also been working to put its own legislation in place governing the retention of such information. Stephen Gleave, VP of marketing at SS8 Networks, explains how the legal requirements surrounding lawful interception have evolved over the years, and describes where we're headed. For years, communication service providers (CSPs) wanting an operating licence have had to meet set conditions. One such condition is that they must work with law enforcement to gather intelligence which may be used as evidence in the prosecution of criminals. Governments around the world have passed legislation that mandates this co-operation and have continually strived to update these statutes as technology advances and criminal communications become more sophisticated.

Published

2007

37. A Decision Theory Based Tool for Detection of Encrypted WebRTC Traffic

Author

Maurizio Longo and Mario Di Mauro

Subjects

Voice over IP, business.industry, Computer science, computer.internet_protocol, Decision theory, Cryptography, Encryption, WebRTC, Statistical classification, Datagram Transport Layer Security, Lawful interception, business, computer, Computer network

Abstract

The detection of encrypted streamed traffic (like VoIP or Video) is an increasingly important issue for authorities involved in lawful interception. Aside from well established technologies like Skype, Facetime and MSN Messenger a new one is recently spreading: Web Real-Time Communication (WebRTC), which, with the support of powerful encryption methods as DTLS, offers capabilities for encrypted streaming voice and video without the need of installing a specific application but using a common browser like Chrome, Firefox or Opera. WebRTC traffic cannot be detected through methods of semantic recognition since it does not exhibit a distinguishable sequence of information pieces and hence statistical recognition methods are called for. In this paper we propose and evaluate a decision theory based system allowing to recognize encrypted WebRTC traffic by means of an open-source machine learning environment: Weka.

Published

2015

38. Revealing Encrypted WebRTC Traffic via Machine Learning Tools

Author

Maurizio Longo and Mario Di Mauro

Subjects

computer.internet_protocol, business.industry, Computer science, Decision tree, Machine learning, computer.software_genre, Encryption, WebRTC, Random forest, Datagram Transport Layer Security, Naive Bayes classifier, C4.5 algorithm, Lawful interception, Artificial intelligence, business, computer

Abstract

The detection of encrypted real-time traffic, both streaming and conversational, is an increasingly important issue for agencies in charge of lawful interception. Aside from well established technologies used in real-time communication (e.g. Skype, Facetime, Lync etc.) a new one is recently spreading: Web Real-Time Communication (WebRTC), which, with the support of a robust encryption method such as DTLS, offers capabilities for encrypted voice and video without the need of installing a specific application but using a common browser, like Chrome, Firefox or Opera. Encrypted WebRTC traffic cannot be recognized through methods of semantic recognition since it does not exhibit a discernible sequence of information pieces and hence statistical recognition methods are called for. In this paper we propose and evaluate a decision theory based system allowing to recognize encrypted WebRTC traffic by means of an open-source machine learning environment: Weka. Besides, a reasoned comparison among some of the most credited algorithms (J48, Simple Cart, Naive Bayes, Random Forests) in the field of decision systems has been carried out, indicating the prevalence of Random Forests.

Published

2015

39. Secure SMS Communication Using Encryption Gateway and Digital Signature

Author

Mhair Kashif

Subjects

Short Message Service, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, GSM 03.38, Computer security, computer.software_genre, Encryption, Public-key cryptography, Digital signature, Concatenated SMS, GSM, Default gateway, Channel (programming), Lawful interception, Mobile telephony, business, computer, Computer network

Abstract

GSM Networks were initially designed for communication purpose and security aspect was not covered in the system, but now different systems are using diverse encryption techniques to protect the SMS text from unwanted receivers. Most of work has been done in GSM to secure message from person who can eavesdrop the GSM Channel, from the hacker who can perform replay attacked using his historical messages and from the hacker who can disclose the message secrecy. Eavesdropping in a radio channel is easy but due to a lot of traffic there is a very less chances to find the correct information and the desired SMS however in today's GSM system still have two problems. The easiest way to read the text message from any person is the mobile operator network entities so there is a need to make it possible that our sent SMS is not in the format that should be easily read, so Protection of message text, its readability at operators end at different network entities like, SMSC, MSC and Lawful Interception System, and the second problem is message non-repudiation, this term is used for the behavior of an attacker such that it impersonates as some other genuine user. Because in today's network it is possible that at operator end messages can be sent using any sender number and receiver cannot confirm that this message is generated from the specified number or from any other network operator.

Published

2014

40. CluClas: Hybrid clustering-classification approach for accurate and efficient network classification

Author

Zahir Tari, Abdulmohsen Almalawi, Kurayman Alharthi, Ibrahim Khalil, and Adil Fahad

Subjects

Computer science, business.industry, Quality of service, Payload (computing), Intrusion detection system, computer.software_genre, Machine learning, Data modeling, Traffic classification, Lawful interception, Data mining, Artificial intelligence, Noise (video), business, Cluster analysis, computer

Abstract

The traffic classification is the foundation for many network activities, such as Quality of Service (QoS), security monitoring, Lawful Interception and Intrusion Detection Systems (IDS). A recent statistics-based approach to address the unsatisfactory results of traditional port-based and payload-based approaches has attracted attention. However, the presence of non-informative attributes and noise instances degrade the performance of this approach. Thus, to address this problem, in this paper, we propose a hybrid clustering-classification approach (called CluClas) to improve the accuracy and efficiency of network traffic classification by selecting informative attributes and representative instances. An extensive empirical study on four traffic data sets shows the effectiveness of our proposed approach.

Published

2014

41. Regulating Social Network Services for Lawful Interception

Author

Esti Peshin

Subjects

Software_OPERATINGSYSTEMS, Social network, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Law enforcement, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Legislation, Service provider, Computer security, computer.software_genre, Packet switched, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Lawful interception, Software_PROGRAMMINGLANGUAGES, Cyber crime, Interception, business, computer

Abstract

Lawful interception has evolved over the past decades from the target based monitoring and interception of telecomm conversations, to the monitoring and interception of packet switched communications. The lawful monitoring and interception of both telecomm and packet switched communications is regulated by law enforcement agencies, with the cooperation, under the Lawful Interception regulation and legislation, of the service providers.

Published

2014

42. Meeting lawful interception requirements for selected IP traffic offload and local IP access traffic

Author

John Cartmell

Subjects

Software_OPERATINGSYSTEMS, business.industry, Computer science, Cellular radio, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Law enforcement, Core network, Internet traffic, Computer security, computer.software_genre, General partnership, Lawful interception, Cellular network, Architecture, business, computer, Computer network

Abstract

Cellular network operators are dealing with the increased data requirements of their customers by attempting to offload traffic from the mobile core network. The 3rd Generation Partnership Project (3GPP) standards have defined several strategies that allow for offloading user traffic from the mobile core network. The 3GPP standards also define requirements for the mobile networks to support lawful interception of subscriber traffic. The current methods employed by mobile network operators to perform lawful interception are insufficient to support the traffic offload methods. This paper describes the current lawful interception landscape as well as the methods to perform traffic offload. It then proposes the architecture and methods that allow for traffic offload while satisfying law enforcement needs.

Published

2013

43. Copra: Conditional pseudonym resolution algorithm in VANETs

Author

Kpatcha M. Bayarou, Norbert Bibmeyer, and Jonathan Petit

Subjects

050210 logistics & transportation, Public key certificate, EWI-24524, Computer science, business.industry, 05 social sciences, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, METIS-302728, IR-89476, 020206 networking & telecommunications, 02 engineering and technology, Pseudonym, Certificate, Computer security, computer.software_genre, Telecommunications network, Identifier, Lawful interception, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Wireless, business, computer, Computer network

Abstract

Wireless communication between vehicles is protected by digital certificates but these certificates and related identifiers must not be usable to track vehicles. Therefore, short-term pseudonymous certificates are applied and regularly changed in order to protect the driver's privacy. But in well defined situations, e.g. network attacks or traffic accidents, it should be possible to retrieve the appropriate long-term identifier from the certificate issuer. Hence, the resolution of pseudonym identifiers is a balancing act between full privacy and uncontrolled access to long-term identifiers. We propose a generic pseudonym resolution protocol that can be applied by network infrastructure entities to request pseudonym resolution information only under defined conditions. It is shown that the protocol is balanced and flexible to be applied for different use cases (e.g. lawful interception or misbehavior detection). In contrast to related protocols our solution does not increase pseudonym certificate size and avoids additional overhead and delay in the certificate acquisition phase. Further, a new feature is proposed that enables the infrastructure entities to validate the stated reason for the desired pseudonym resolution before respective information is provided. Measurements from field operational test implementations show the feasibility and practicability of the protocol when applying misbehavior detection in wireless vehicular communication networks.

Published

2013

44. Packet Inspection — Shifting the Paradigm of Fundamental Rights

Author

Agata Królikowski

Subjects

Engineering, business.industry, Network packet, Deep packet inspection, Computer security, computer.software_genre, Encryption, Application layer, Net neutrality, Lawful interception, Obfuscation, Deep content inspection, business, computer

Abstract

In recent years deep packet inspection (DPI) has often been cited as a major factor in the debate concerning net neutrality. Packet inspection (PI) enables a profound analysis of the contents of IP-packets, especially with respect to the application layer and private data. To protect against this sort of privacy invading attack users are usually advised to encrypt as much of their data as possible in an online transaction. However, current PI-engines not only use plain text analysis but also employ a variety of statistical methods. This in turn allows the analysis and classification of packets even if encryption or obfuscation methods have been applied. It is possible to monitor and shape packet flows in real time and on a large scale. These PI-engines are deeply embedded in the current network infrastructure due to the requirements of lawful interception. This brings about a huge potential for misuse, because the engine’s operation is not ‘visible’ to the end-user.

Published

2012

45. Experimental Analysis of the Femtocell Location Verification Techniques

Author

Ravishankar Borgaonkar, Jean-Pierre Seifert, and Kevin Redon

Subjects

Network architecture, Licensed spectrum, Computer science, business.industry, Computer security, computer.software_genre, Order (business), Lawful interception, Femtocell, Cellular network, Revenue, State (computer science), business, computer, Computer network

Abstract

Mobile network operators are adapting femtocells in order to simplify their network architecture for increased performance and greater revenue opportunities. While emerging as a new low-cost technology which assures best connectivity, it has also introduced a range of new potential risks for the mobile network operators. Here we study the risks associated with the location verification techniques of femtocells. First we state the goals of location verification and describe techniques implemented in the existing femtocells. We demonstrate how location locking techniques can be defeated by using modern attack vectors against the location verification methods. Our experimental result suggest that location security methods are insufficient to avoid femtocell's misuse. An attacker can operates the femtocell from an unregistered location, thereby creating problems for various important services such as for assisting emergency call services, for following licensed spectrum rules, for Lawful interception services, and for the commercial purposes.

Published

2012

46. Law Enforcement 2.0: Regulating the Lawful Interception of Social Media

Author

Esti Peshin

Subjects

business.industry, Computer science, Internet privacy, Law enforcement, Internet traffic, Computer security, computer.software_genre, Packet switched, Internet service provider, Lawful interception, Spite, Social media, Interception, business, computer

Abstract

Lawful interception (LI) has evolved over the past few decades from target based monitoring & interception of telecomm conversations, to the monitoring & interception of packet switched (IP) communications. However, in spite of this evolution, the nature of the communication remained linear, where the initiator communicates with one, or a number of, recipients. Initially, with telecomm, all of the participants in the call were online, i.e. active participants at the time of the call; whereas, with the introduction of packet-switched or IP traffic, some of the interaction between the participants became turn-based, where the recipients receive the information from the initiator after an interval. Notwithstanding spam, the participants, more often than not, opted to receive the information.

Published

2012

47. A security analysis of smartphone data flow and feasible solutions for lawful interception

Author

Mithun Paul, Nitin Singh Chauhan, and Ashutosh Saxena

Subjects

Security analysis, Jurisdiction, Computer science, business.industry, Internet privacy, Cryptography, Public key infrastructure, Encryption, Computer security, computer.software_genre, Electronic mail, Server, Lawful interception, business, computer

Abstract

Smartphones providing proprietary encryption schemes, albeit offering a novel paradigm to privacy, are becoming a bone of contention for certain sovereignties. These sovereignties have raised concerns about their security agencies not having any control on the encrypted data leaving their jurisdiction and the ensuing possibility of it being misused by people with malicious intents. Such smartphones have typically two types of customers, independent users who use it to access public mail servers and corporates/enterprises whose employees use it to access corporate emails in an encrypted form. The threat issues raised by security agencies concern mainly the enterprise servers where the encrypted data leaves the jurisdiction of the respective sovereignty while on its way to the global smartphone router. In this paper, we have analyzed such email message transfer mechanisms in smartphones and proposed some feasible solutions, which, if accepted and implemented by entities involved, can lead to a possible win-win situation for both the parties, viz., the smartphone provider who does not want to lose the customers and these sovereignties who can avoid the worry of encrypted data leaving their jurisdiction.

Published

2011

48. Speaker Spotting: Automatic Telephony Surveillance for Homeland Security

Author

V. Ramasubramanian

Subjects

Speaker diarisation, Identification (information), Biometrics, Human–computer interaction, Computer science, Lawful interception, Problem domain, Homeland security, Context (language use), Computer security, computer.software_genre, Speaker recognition, computer

Abstract

Automating telephony surveillance is an appealing and appropriate technology from the view point of being able to detect/spot if a person from a specific watch-list is on line. Such an automatic solution is of considerable interest in the context of homeland security where a potentially large number of wire tapped conversations may have to be processed in parallel, in different deployment scenarios and demographic conditions, and with typically large watch-lists, all of which make manual lawful interception unmanageable, tedious and perhaps even impossible. In this chapter, we first introduce this problem domain starting with a sketch of a glamorous fictitious example, followed by an outline of lawful interception and wire-tapping; we then take a brief look at similar watch-list based negative recognition application using the now very successful Iris biometrics and consider equivalent scenarios in the context of speaker-spotting based on voice as a biometric. Further, in the main body of this chapter, we first provide the basic framework for watch-list based speaker-spotting, namely, open-set speaker identification, subsequently refined into a ‘multi-target detection’ framework. We then examine in some detail the main theoretical analysis available within the framework of multi-target identification, leading to performance predictions of such systems with respect to the watch-list size as the critical factor. In a related note, we also briefly touch on the prioritization mode of operation which also lends itself to interesting theoretical analysis and performance predictions. Speaker-spotting systems face unique challenges, in a way combining the difficulties inherent in conventional speaker authentication applications as well as forensic speaker recognition applications; we consider these, while using the NIST SRE evaluation results to gain insights on the performances achievable presently and the latent performance limitations which seem to warrant a cautionary approach before widespread use of speaker recognition technology for surveillance applications becomes possible. In the later part of the chapter, we outline related topics such as speaker change detection, speaker segmentation and speaker diarization, followed by a summary of product level solutions currently available in the context of surveillance and homeland security applications, finally concluding with discussions highlighting the state-of-the-art and potential future research directions.

Published

2011

49. Lawful interception data retention regulation recommendation: Recommendations for countries that do not have relevant regulations of this field

Author

Indira Malik and Sigit Haryadi

Subjects

Computer science, business.industry, Data management, Service provider, Computer security, computer.software_genre, Electronic mail, Data governance, Backup, Lawful interception, Retention period, Data retention, business, computer

Abstract

Since the need of the communication data in revealing the crime are just emerged after the event detected, communication data retention for lawful interception (LI) are really demanded. This paper aim to give recommendation for telecommunication regulatory body in making communication data retention regulation. This research describes points of recommendation to National Telecommunication Regulatory Body in establishing LI data retention regulation which conducted by the Communication Service Provider in the country. These recommendations are very useful for countries that do not have relevant regulations of this field. This paper suggests that propose data retention system must have an ability to run administrative function, data collection function and data management function. Each function should maintain such a log. Administrative log has to keep warrant information include target identity and date start, and the duration of data retention needed. In telecommunication infrastructure target are either MSISDN, IMEI or IMSI. For communication data through IP mechanism, target is either email address, account name or IP address. Information item that have to be retained are include subscriber data, usage data and traffic data, equipment data, network element data, additional service data and the call contents. If storage capacity are not fully provided yet, the retention for data that need the largest storage space such as video and file might be less priority. Regulatory Body must determine the data retention format based on handover interface. To prevent abuse of data, regulation should put clauses that obligate each party to delete data longer than retention period. Besides this paper recommends decentralize location of storage media, apart from operational system and have a hot site backup.

Published

2011

50. ETSI security standardization

Author

Carmine Rizzo

Subjects

Security service, Network security, business.industry, Information security standards, Information and Communications Technology, Lawful interception, Interoperability, Information security, business, Communications security, Computer security, computer.software_genre, computer

Abstract

Information security standards are essential to ensure interoperability among systems and networks, compliance with legislations and adequate levels of security. These standards provide the means for protecting the user, creating a more secure and profitable environment for the industrial sector, from SMEs to large global companies, and providing benefits for a diverse range of interest groups that include government organisations, research bodies and universities. The increasingly rapid evolution and growth in the complexity of new systems and networks, coupled with the sophistication of changing threats and the presence of intrinsic vulnerabilities, present demanding challenges for maintaining the security of Information and Communications Technology (ICT) systems and networks. To minimise exposure to risks, security must be built in from the beginning when designing new architectures, not added on later as an optional feature. As a response to such challenges, ETSI, the European Telecommunications Standards Institute, is committed to the establishment and continuous improvement of effective and interoperable telecommunications systems for the benefit of the global community. As such, ETSI is a key player of the global Cybersecurity efforts, by addressing security issues in a broad number of areas including Next Generation Networks (NGN), protecting communications and the ICT infrastructure, working on mobile/wireless communications, emergency telecommunications, lawful interception and data retention.

Published

2011