7 Security

03.333G security3GPPLawful InterceptionStage 2TS

7.1 Security

The security requirements are valid for the whole Lawful Interception system, i.e. rules and procedures shall be used for all involved entities, ADMF, GMSC, MSC/VLR and DF.

7.1.1 Administration security

The administration of the lawful interception function, i.e. Activation, Deactivation and Interrogation of Lawful Interception, in the GMSC, MSC/VLR and the DFs must be done secure as described below:

– It shall be possible to configure the authorised user access to Activation, Deactivation and Interrogation of Lawful Interception separately for every physical or logical port at the GMSC, MSC/VLR and DF. This configuration possibility shall be password protected.

– Normally only the ADMF is allowed to have access to the lawful interception functionality in the GMSC, MSC/VLR and DF.

– The communication link between ADMF, GMSC, MSC/VLR, DF2 and DF3 shall be secure and shall support security mechanisms, e.g.:

– authentication;

– Closed Used Group (CUG);

– Connected Line Presentation (COLP);

– encryption.

– No network entities or remote access shall be capable to manipulate or to eavesdrop lawful interception data in the GMSC, MSC/VLR or the DF.

7.1.2 IRI security

7.1.2.1 Normal operation

The transmission of the IRI shall be done in a secure manner.

When DF2 is a physically separate from the MSC, the X2-interface shall support security mechanisms, e.g.:

– authentication;

– CUG;

– COLP;

– encryption.

7.1.2.2 Communication failure

Depending on the national law in case of communication failure IRI may be buffered in the GMSC and MSC/VLR. After successful transmission of IRI the whole buffer must be deleted. It shall be possible to delete the content buffer via command or a timer, in an unrestoreable fashion.

7.1.3 IP security

The transmission of the IP shall be done in a secure manner.

When DF3 is physically separate from the MSC, the X3-interface shall support security mechanisms, e.g.:

– authentication;

– CUG;

– COLP;

– encryption.

In case of transmission failure no buffering will be done.

7.1.4 Security aspects of Lawful Interception charging

Charging information shall be available at the DFs and the ADMF. Charging information for Lawful Interception shall be separated from "regular" GSM billing data.

Charging data transmission to the Lawful Interception billing system shall be done in a secure manner.

In case of transmission failure data shall be buffered/stored in a secure way. After successful transmission data shall be deleted in an unrestorable fashion.

7.1.5 Other security issues

7.1.5.1 Log files

Log files shall be generated by the ADMF, DF2, DF3 and the MSC/VLR. All log files are retrievable by the ADMF, and are maintained by the ADMF.

7.1.5.2 Data consistency

The administration function in the PLMN shall be capable to perform a periodic consistency check to ensure whether the target list of MSISDN, IMSI or IMEI is the same in all involved MSCs in the PLMN and the DFs. The reference data base is the ADMF data base.

Annex A (normative):
Information flows for Lawful Interception invocation

The following figures show the information flows for the invocation of Lawful Interception for various types of calls. The figures show some of the basic signalling messages of the target calls and the events on the X2 and X3-interfaces. The ISUP messages to and from the network are shown for informational purposes only; some of them may not be sent or may be combined in certain networks.