B.4 Security

03.333G security3GPPLawful InterceptionStage 2TS

B.4.1 Security

The security requirements are valid for the whole Lawful Interception system, i.e. rules and procedures shall be used for all involved entities, GSN and the DF.

B.4.1.1 Administration security

The administration of the LI function, i.e. Activation, Deactivation and Interrogation of Lawful Interception, in the GSN and the DFs must be done secure as described below:

– It shall be possible to configure the authorised user access to Activation, Deactivation and Interrogation of Lawful Interception separately for every physical or logical port at the GSN and DF. This configuration possibility shall be password protected.

– Normally only the ADMF is allowed to have access to the LI functionality in the GSN and DF.

– The communication link between ADMF, GSN, DF2P, and DF3P shall be secure and shall support security mechanisms, e.g.:

– CUG / VPN;

– COLP;

– authentication;

– encryption.

– No network entities or remote equipment shall be able to access or manipulate LI data in the GSN or the DF.

B.4.1.2 IRI security

B.4.1.2.1 Normal operation

The transmission of the IRI shall be done in a secure manner.

When DF2P is physically separate from the GSN, the X2p-interface shall support security mechanisms, e.g.:

– CUG/VPN;

– COLP;

– authentication;

– encryption.

B.4.1.2.2 Communication failure

Depending on the national law in case of communication failure IRI may be buffered in the GSN. After successful transmission of IRI the whole buffer must be deleted. It shall be possible to delete the content buffer via command or a timer, in an unrestoreable fashion.

B.4.1.3 IP security

The transmission of the IP shall be done in a secure manner.

When DF3P is physically separate from the GSN, the X3p-interface shall support security mechanisms, e.g.:

– CUG/VPN;

– COLP;

– authentication;

– encryption.

In case of transmission failure no buffering will be done.

B.4.1.4 Security aspects of Lawful Interception billing

Billing information shall be available at the DFs and the ADMF. Billing information for Lawful Interception shall be separated from "regular" GPRS billing data.

Billing data transmission to the Lawful Interception billing system shall be done in a secure manner.

In case of transmission failure billing-data shall be buffered/stored in a secure way. After successful transmission billing data shall be deleted in an unrestorable fashion.

B.4.1.5 Other security issues

B.4.1.5.1 Log files

Log files shall be generated by the ADMF, DF2P, DF3P and the GSN. All log files are retrievable by the ADMF, and are maintained by the ADMF in a secure manner.

B.4.1.5.2 Data consistency

The administration function in the PLMN shall be capable to perform a periodic consistency check to ensure whether the target list of MSISDN, IMSI or IMEI is the same in all involved SGSNs in the PLMN and the DFs. The reference data base is the ADMF data base.