Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 33.107  Word version:  16.0.0

Top   Top   Up   Prev   Next
0…   4   5…   5A…   6…   7…   7A…   8…   9…   10…   11…   12…   12.2…   12.3…   12.4…   12.5…   13…   14…   15…   16…   17…   18…   19…   20…   21…   22…   23…   A…   B…   C…   D…   E…   F…   G…   H…   I…   J…   L…

 

8  SecurityWord‑p. 82

8.0  General |R12|

The security requirements are valid for the whole Lawful Interception system, i.e. rules and procedures shall be used for all involved entities, such as 3G GSN and the DF.

8.1  Administration security

The administration of the LI function, i.e. Activation, Deactivation and Interrogation of Lawful Interception, in the 3G ICEs and the DFs shall be done securely as described below:
  • It shall be possible to configure the authorised user access within the serving network to Activate, Deactivate and Interrogate Lawful Interception separately for every physical or logical port at the 3G ICEs and DF. It shall be possible to password protect user access.
  • Only the ADMF is allowed to have access to the LI functionality in the 3G ICEs and DF.
  • The communication links between ADMF, 3G GSN, 3G MSC Servers or any ICEs of this specification, LI LCS Client, CSCF, DF2, and DF3 may be required by national option to support security mechanisms. Options for security mechanisms include:
    • CUG / VPN;
    • COLP;
    • CLIP;
    • authentication;
    • encryption.
Through the use of user access restrictions, no unauthorised network entities or remote equipment shall be able to view or manipulate LI data in the 3G GSN, 3G MSC Server, LI LCS Client, CSCF, 3GPP ICE, any 3GPP nodes, and Administration nodes of this specification or the DFs.
Up

8.2  IRI security

8.2.1  Normal operation

The transmission of the IRI shall be done in a secure manner.
When DFs are physically separate from the 3G ICEs or any nodes described in this specification for IRI creations, the X2-interface may be required by national option to support security mechanisms. Options for security mechanisms include:
  • CUG/VPN;
  • COLP;
  • CLIP;
  • authentication;
  • encryption.

8.2.2  Communication failure

Depending on the national law in case of communication failure IRI may be buffered in the 3G INEs or other node elements used in this specification. After successful transmission of IRI the whole buffer shall be deleted. It shall be possible to delete the content buffer via command or a timer, in an un-restorable fashion.

8.3  CC securityWord‑p. 83
The transmission of the CC shall be done in a secure manner.
When DFs are physically separate from the 3G INEs or any other nodes used for interception mentioned in this specification, the X3-interface may be required by national option to support security mechanisms. Options for security mechanisms include:
  • CUG/VPN;
  • COLP;
  • CLIP;
  • authentication;
  • encryption.
In case of transmission failure no buffering is required within the intercepting network.

8.4  Security aspects of Lawful Interception (LI) billing

Billing information may be suppressed or made available at the DFs and the ADMF. Billing information for Lawful Interception shall be separated from "regular" billing data.
Billing data transmission to the Lawful Interception billing system may be done in a secure manner per national option.
In case of transmission failure billing-data shall be buffered/stored in a secure way. After successful transmission billing data shall be deleted in an un-restorable fashion.

8.5  Other security issues

8.5.1  Log files

Log files shall be generated by the ADMF, DF2, DF3, 3G MSC Servers, or any 3GPP nodes of this specification, LI LCS Client, CSCF and the 3G GSN. All log files are retrievable by the ADMF, and are maintained by the ADMF in a secure manner.

8.5.2  Data consistency

The administration function in the 3GMS or any nodes described in this specification shall be capable of performing a periodic consistency check to ensure that the target list of target identities in all involved 3G MSC Servers or any 3GPP nodes of this specification, LI LCS Client, CSCFs, 3G GSNs in the 3GMS and the DFs contain the appropriate target Ids consistent with the intercept orders in the ADMF. The reference data base is the ADMF data base.

Up   Top   ToC