14 Invocation of Lawful Interception (LI) for Group Communications System Enablers (GCSE)
33.1083G Security3GPPHandover interface for Lawful Interception (LI)Release 17TS
14.1 Background
14.1.1 Interception at GCS AS versus other nodes
There are several scenarios possible for the interception of group communications involving GCSE (see TS 22.468 [83] and TS 23.468 [84]). First is where the GCS AS is part of the intercepting operator’s network. Second is where the GCS AS is outside of the intercepting operator’s network. This clause specifies LI solutions for both cases.
14.2 GCS AS in Intercepting Operator’s Network
14.2.1 General
In the case where the GCS AS is in the intercepting operator’s network, the ICE solution is very similar to the conferencing solution specified in Clause 11, where the main difference is that a single functional entity (the GCS AS) is utilized for GCSE, rather than two functional entities.
14.2.2 Identifiers
14.2.2.1 Overview
Specific identifiers are necessary to identify a target for interception uniquely and to correlate between the data, which is conveyed over the different handover interfaces (HI2 and HI3). The identifiers are defined in the subsections below.
For the delivery of CC, the GCS AS provides correlation numbers and target identities to the HI3. The GCS AS reports the IRI associated with the GCSE group communication services.
For the delivery of CC and IRI, the GCS AS provides correlation numbers and target identities to the HI2 and HI3. For a given target the correlation number is unique per group communications session in which the target is a member.
NOTE: If two or more target identities are involved in the same group communications session the same Correlation Number may be assigned by the relevant network element to the communication sessions of the different target identities.
14.2.2.2 Lawful Interception Identifier
For each target identity related to an interception measure, the authorized operator (NO/AN/SP) shall assign a special Lawful Interception Identifier (LIID), which has been agreed between the LEA and the operator (NO/AN/SP).
Using an indirect identification, pointing to a target identity makes it easier to keep the knowledge about a specific target limited within the authorized operator (NO/AN/SP) and the handling agents at the LEA.
The LIID is a component of the CC delivery procedure and of the IRI records. It shall be used within any information exchanged at the handover interfaces HI2 and HI3 for identification and correlation purposes.
The LIID format shall consist of alphanumeric characters. It might for example, among other information, contain a lawful authorization reference number, and the date, when the lawful authorization was issued.
The authorized operator (NO/AN/SP) shall either enter, based on an agreement with each LEA, a unique LIID for each target identity of the target or a single LIID for multiple target identities all pertaining to the same target.
If more than one LEA intercepts the same target identity, there shall be unique LIIDs assigned relating to each LEA.
14.2.2.3 Network Identifier
The network identifier (NID) is a mandatory parameter; it should be internationally unique. It consists of the following two identifiers.
1) Operator- (NO/AN/SP) identifier (mandatory):
Unique identification of network operator, access network provider or service provider.
2) Network element identifier NEID (optional):
The purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc.
A network element identifier may be an IP address or other identifier. National regulations may mandate the sending of the NEID.
14.2.2.3 Correlation Number
For a given target the Correlation Number is unique per group communications session and used for the following purposes:
– correlate CC with IRI,
– correlate different IRI records within one group communications session.
NOTE: The Correlation Number is at a minimum unique for each concurrent communication of a target within a lawful authorization.
14.2.3 Timing and quality
14.2.3.1 Timing
As a general principle, within a telecommunication system, IRI, if buffered, should be buffered for as short a time as possible.
NOTE: If the transmission of IRI fails, it may be buffered or lost.
Subject to national requirements, the following timing requirements shall be supported:
– Each IRI data record shall be sent by the delivery function to the LEMF over the HI2 within seconds of the detection of the triggering event by the IAP at least 95% of the time.
– Each IRI data record shall contain a time-stamp, based on the intercepting node’s clock that is generated following the detection of the IRI triggering event.
14.2.3.2 Quality
The quality of service associated with the result of interception should be (at least) equal to the highest quality of service of the original content of communication for all participants. This may be derived from the QoS class used for the original intercepted session, TS 23.107 [20]. However, when TCP is used as an OSI layer 4 protocol across the HI3, real time delivery of the result of the interception cannot be guaranteed. The QoS used from the operator (NO/AN/SP) to the LEMF is determined by what operators (NO/AN/SP) and law enforcement agree upon.
14.2.4 Security Aspects
14.2.4.1 General
Security is defined by national requirements.
14.2.5 Quantitative Aspects
14.2.5.1 General
The number of target interceptions supported is a national requirement.
The area of Quantitative Aspects addresses the ability to perform multiple, simultaneous interceptions within a provider’s network and at each of the relevant intercept access points within the network. Specifics related to this topic include:
– The ability to access and monitor all simultaneous communications originated, received, or redirected by the target;
– The ability for multiple LEAs (up to five) to monitor, simultaneously, the same target while maintaining unobtrusiveness, including between agencies;
– The ability of the network to simultaneously support a number of separate (i.e. multiple targets) legally authorized interceptions within its service area(s), including different levels of authorization for each interception (i.e. IRI only, or IRI and communication content), including between agencies.
14.2.6 IRI for GCSE based Communications
14.2.6.1 General
The IRI will in principle be available in the following phases of a group communications service transmission:
1) At a communications group creation, when a GCS AS communications group is created that includes the target or when the target is added to an existing communications group;
2) At the start of a group communications session to which the target is connected;
3) At the point when the target joins an active group communications session;
4) When the target leaves an active group communications session;
5) At the end of a group communications session, when the GCS AS terminates a group communications session;
6) At certain times when relevant information are available.
The IRI may be subdivided into the following categories:
1. Control information for HI2 (e.g. correlation information);
2. Basic data communication information, for standard data transmission between two parties.
The events defined in TS 33.107 [19] are used to generate records for the delivery via HI2.
There are multiple different event types received at DF2 level. According to each event, a Record is sent to the LEMF if this is required. The following table gives the mapping between event type received at DF2 level and record type sent to the LEMF.
Table 14.1: Mapping between GCS AS Service Events and HI2 records type
|
Event |
IRI Record Type |
|
Activation of GCSE Communications Group (successful) |
BEGIN |
|
Start of Intercept with Active GCSE Communications Group |
BEGIN |
|
User Added |
CONTINUE |
|
User Dropped |
CONTINUE |
|
Modification of Target Connection to GCS AS |
CONTINUE |
|
Deactivation of GCSE Communications Group |
END |
A set of information is used to generate the records. The records used transmit the information from mediation function to LEMF. This set of information can be extended in the ICE or DF2 MF, if this is necessary in a specific country. The following table gives the mapping between information received per event and information sent in records.
Table 14.2: Mapping between Events information and IRI information
|
Parameter |
description |
HI2 ASN.1 parameter |
|
Added user id |
Identifies the user added to an active GCSE Group Communications |
addedUserID |
|
Correlation Number |
The correlation number is used to correlate CC and IRI. The correlation number is also used to allow the correlation of IRI records. |
gcseCorrelation |
|
Dropped user id |
Identifies the user dropped from an active GCSE Group Communications |
droppedUserID |
|
Event Date |
Date of the event generation in the GCS AS. |
timestamp |
|
Event Time |
Time of the event generation in the GCS AS. Timestamp shall be based on the GCS AS internal clock. |
|
|
Event Type |
Description which type of event is delivered: Activation of GCSE GC, User Added to Active GCSE GC, User Dropped from Active GCSE GC, Target Connection Modification, Start of Intercept on an Active GCSE GC, GCSE GC End |
gcseEvent |
|
GCSE group communications members |
Identifies the members of a GCSE communications group who could potentially participate in an active GCSE communications group |
gcseGroupMembers |
|
GCSE group communications participants |
Identifies the participants of an active GCSE communications group |
gcseGroupParticipants |
|
GCSE Group ID |
Identity of the GCSE Communications Group |
gcseGroupID |
|
Group Communications Characteristics |
Identifies the characteristics of the group communications (e.g. voice, video) |
gcseGroupCharacteristics |
|
Identity of Visited Network |
Identifies the PLMN serving the UE. |
visitedNetworkID |
|
Lawful interception identifier |
Unique number for each lawful authorization. |
lawfulInterceptionIdentifer |
|
Length of TMGI reservation |
Identifies the duration of the TMGI reservation as allocated by the BM-SC to the GCS AS. |
tMGIReservationDuration |
|
Location information |
When authorized, this field provides the location information of the target that is present at the GCS AS at the time of event record production. |
gcseLocationOfTheTarget |
|
Time of Location |
Date/Time of location. The time when location was obtained by the location source node. |
gcseLocationOfTheTarget |
|
Modified Target Connection Method |
Identifies the modified target’s connection to the GCS AS to send and receive communications. |
targetConnectionMethod |
|
Network Identifier |
Operator ID plus unique identifier for the GCS AS. |
networkIdentifer |
|
Observed Communications Group ID |
Identity of the GCSE Communications Group |
gcseGroupID |
|
Observed IMEI |
Target Identifier with the IMEI of the target. |
partyInformation (GcsePartyIdentity) |
|
Observed IMSI |
Target Identifier with the IMSI of the target. |
partyInformation (GcsePartyIdentity) |
|
Observed Other Identity |
Target identifier with the NAI of the target. |
partyInformation (GcsePartyIdentity) |
|
Reason for GCSE Group Comms End |
Provides a reason for why the GCSE Group Communications Ended. |
reasonForCommsEnd |
|
Reserved TMGI |
Identifies the TMGI assigned for downstream, multicast delivery of communications to the target. |
reservedTMGI |
|
Target Connection Method |
Identifies the target’s connection to the GCS AS to send and receive communications. |
targetConnectionMethod |
NOTE 1: LIID parameter has to be present in each record sent to the LEMF.
14.2.6.2 Events and Event Information
14.2.6.2.1 Overview
This clause describes the information sent from the Delivery Function (DF) to the Law Enforcement Monitoring Facility (LEMF) to support Lawful Interception (LI). The information is described as records and information carried by a record. This focus is on describing the information being transferred to the LEMF.
The IRI events and data are encoded into records as defined in the Table 14.1 Mapping between GCS AS Service Events and HI2 records type and Annex B.14 Intercept related information (HI2). IRI is described in terms of a ‘causing event’ and information associated with that event. Within each IRI record there is a set of events and associated information elements to support the particular service.
The communication events described in Table 14.1: Mapping between GCS AS Service Events and HI2 record type and Table 14.2: Mapping between Events information and IRI information convey the basic information for reporting the disposition of a communication. This clause describes those events and supporting information.
Each record described in this clause consists of a set of parameters. Each parameter is either:
mandatory (M) – required for the record,
conditional (C) – required in situations where a condition is met (the condition is given in the Description), or
optional (O) – provided at the discretion of the implementation.
The information to be carried by each parameter is identified. Both optional and conditional parameters are considered to be OPTIONAL syntactically in ASN.1 Stage 3 descriptions. The Stage 2 inclusion takes precedence over Stage 3 syntax.
14.2.6.2.2 BEGIN record information
The BEGIN record is used to convey the first event of GCSE group communications service interception.
The BEGIN record shall be triggered when:
– a GCSE communications group that includes the target is activated;
– the target of a interception is successfully added to an active GCSE communications group;
– interception is activated for a target who is already a member of an active GCSE communications group.
Table 14.3: Activation of GCSE Communications Group (Successful) BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed IMEI |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ProSe UE ID |
||
|
observed other identity |
||
|
event type |
M |
Provide GCSE group communications event type (i.e., Activation of GCSE Communications Group). |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
M |
Provide to allow correlation of CC and IRI and correlation of IRI records. |
|
target connection method |
C |
Provide, when available, the target connection method to the GCS AS. |
|
GCSE communications group membership list |
M |
Shall be provided. |
|
Group communications characteristics |
M |
Shall be provided. |
|
observed communications group id |
M |
Shall be provided. |
|
GCSE group communications participants |
C |
Provide, if any members of the group are participating in the active group communications. |
|
reserved TMGI |
C |
Provide, when known, the TMGI via which the target is receiving downstream communications. |
|
length of TMGI reservation |
C |
Provide, when a TMGI is reserved/renewed and known to be the TMGI via which the target is receiving downstream communications, the validity time of the TMGI. |
|
Identity of visited network |
C |
Provide, when available, the identity of the visited network through which the target connection is established. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE |
|
Time of Location |
C |
Date/Time of UE Location (if target location provided). |
Table 14.4: Start of Intercept with an Active GCSE Communications Group BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed IMEI |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ProSe UE ID |
||
|
observed other identity |
||
|
event type |
M |
Provide GCSE group communications event type (i.e., Activation of GCSE Communications Group). |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
M |
Provide to allow correlation of CC and IRI and correlation of IRI records. |
|
target connection method |
C |
Provide, when available, the target connection method to the GCS AS. |
|
GCSE communications group membership list |
M |
Shall be provided. |
|
Group communications characteristics |
M |
Shall be provided. |
|
observed communications group id |
M |
Shall be provided. |
|
GCSE group communications participants |
M |
Shall be provided. |
|
reserved TMGI |
C |
Provide, when known, the TMGI via which the target is receiving downstream communications. |
|
length of TMGI reservation |
C |
Provide, when a TMGI is reserved/renewed and known to be the TMGI via which the target is receiving downstream communications, the validity time of the TMGI. |
|
Identity of visited network |
C |
Provide, when available, the identity of the visited network through which the target connection is established. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of UE Location (if target location provided). |
When the ICE (i.e. GCSE AS) is not aware of the activation of multiple lawfully authorized intercepts on a target that is already in a GCSE communication group, the MF/DF shall generate the Start of Intercept with Active GCSE Communication Group BEGIN record on its own using information that it has retained.
The DF2 shall not send the Start of Intercept with Active GCSE Communication Group BEGIN record to the LEMFs that were already intercepting the target due previous LI activation on the same target.
14.2.6.2.3 CONTINUE record information
The CONTINUE record is used to convey the events of during a GCSE group communications service interception.
The CONTINUE record shall be triggered when:
– a user is added as a participant to an active GCSE communications group;
– a user is dropped from an active GCSE communications group and is no longer a participant;
– a user is added to the membership list of the GCSE communications group;
– a user is removed from the membership list of the GCSE communications group;
– target connection to the GCSE communications group is modified.
Table 14.5: User Added to an Active GCSE Communications Group CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed IMEI |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ProSe UE ID |
||
|
observed other identity |
||
|
event type |
M |
Provide GCSE group communications event type (i.e., Activation of GCSE Communications Group). |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
M |
Provide to allow correlation of CC and IRI and correlation of IRI records. |
|
Added user id |
M |
Shall be provided. |
|
GCSE communications group membership list |
M |
Shall be provided. |
|
observed communications group id |
M |
Shall be provided. |
|
GCSE group communications participants |
M |
Shall be provided. |
|
reserved TMGI |
C |
Provide, when known, the TMGI via which the target is receiving downstream communications. |
|
Identity of visited network |
C |
Provide, when available, the identity of the visited network through which the target connection is established. |
Table 14.6: User Dropped from an Active GCSE Communications Group CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed IMEI |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ProSe UE ID |
||
|
observed other identity |
||
|
event type |
M |
Provide GCSE group communications event type (i.e., Activation of GCSE Communications Group). |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
M |
Provide to allow correlation of CC and IRI and correlation of IRI records. |
|
Dropped user id |
M |
Shall be provided. |
|
GCSE communications group membership list |
M |
Shall be provided. |
|
observed communications group id |
M |
Shall be provided. |
|
GCSE group communications participants |
M |
Shall be provided. |
|
reserved TMGI |
C |
Provide, when known, the TMGI via which the target is receiving downstream communications. |
|
Identity of visited network |
C |
Provide, when available, the identity of the visited network through which the target connection is established. |
Table 14.7: Modification of Target Connection to the GCS AS CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed IMEI |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ProSe UE ID |
||
|
observed other identity |
||
|
event type |
M |
Provide GCSE group communications event type (i.e., Activation of GCSE Communications Group). |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
M |
Provide to allow correlation of CC and IRI and correlation of IRI records. |
|
Modified target connection method |
M |
Shall be provided. |
|
GCSE communications group membership list |
M |
Shall be provided. |
|
Group communications characteristics |
M |
Shall be provided. |
|
observed communications group id |
M |
Shall be provided. |
|
GCSE group communications participants |
M |
Shall be provided. |
|
reserved TMGI |
C |
Provide, when known, the TMGI via which the target is receiving downstream communications. |
|
length of TMGI reservation |
C |
Provide, when a TMGI is reserved/renewed and known to be the TMGI via which the target is receiving downstream communications, the validity time of the TMGI. |
|
Identity of visited network |
C |
Provide, when available, the identity of the visited network through which the target connection is established. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of UE Location (if target location provided). |
14.2.6.2.4 END record information
The END record is used to convey the end of interception of a GCSE group communications service.
The END record shall be triggered when:
– the target of a interception is successfully dropped/removed from an active GCSE communications group;
– interception is deactivated for a target who is already a member of an active GCSE communications group.
Table 14.8: GCSE Communications Group END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed IMEI |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ProSe UE ID |
||
|
observed other identity |
||
|
event type |
M |
Provide GCSE group communications event type (i.e., Activation of GCSE Communications Group). |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
M |
Provide to allow correlation of CC and IRI and correlation of IRI records. |
|
target connection method |
C |
Provide, when available, the target connection method to the GCS AS. |
|
GCSE communications group membership list |
M |
Shall be provided. |
|
Group communications characteristics |
M |
Shall be provided. |
|
observed communications group id |
M |
Shall be provided. |
|
GCSE group communications participants |
M |
Shall be provided. |
|
reserved TMGI |
C |
Provide, when known, the TMGI via which the target is receiving downstream communications. |
|
length of TMGI reservation |
C |
Provide, when a TMGI is reserved/renewed and known to be the TMGI via which the target is receiving downstream communications, the validity time of the TMGI. |
|
Identity of visited network |
C |
Provide, when available, the identity of the visited network through which the target connection is established. |
|
Reason for GCSE Group Comms End |
C |
Provide, when available, the reason for the end of the GCSE Communications Group End (e.g. target dropped from GCSE Communications group). |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of UE Location (if target location provided). |
14.2.7 CC for GCSE based Communications
14.2.7.1 General
The interface protocols and data structures defined in Annex B.14.2 contain the ASN.1 for CC for GCSE. The data structure also allows for the reporting of separate media streams for each user in the group communications.
14.3 GCS AS Outside Intercepting Operator Network
14.3.1 General
In the case where the GCS AS is outside the intercepting operator’s network, packet data interception capabilities can be used to intercept and report a target’s communication. Such interception is dependent on the network’s ability to identify the target. In general, for a target accessing the network via LTE based unicast bearer as defined in TS 23.468 [84], the interception at a S-GW and PDN-GW as defined in Clause 10 shall apply. This covers all upstream communications from the target as well as any downstream communications received in unicast mode. For a target that is receiving downstream communications via the BM-SC in multicast mode, a solution is for further study.