9 Interception of Multimedia Broadcast/MultiCast Service (MBMS)
33.1083G Security3GPPHandover interface for Lawful Interception (LI)Release 17TS
9.1 Identifiers
9.1.1 Overview
Specific identifiers are necessary to identify a target for interception uniquely and to correlate between the data, which is conveyed over the different handover interface (HI2). The identifiers are defined in the subsections below.
The MBMS LI solution in this section provides an IRI solution for MBMS only. CC interception is provided by transport bearer level interception functionality e.g. GSNs. The Correlation Number is unique per target MBMS service and MBMS session and is used to correlate different IRI records within one MBMS service and MBMS session.
9.1.2 Lawful interception identifier
For each target identity related to an interception measure, the authorized operator (NO/AN/SP) shall assign a special Lawful Interception Identifier (LIID), which has been agreed between the LEA and the operator (NO/AN/SP).
Using an indirect identification to point to a target identity makes it easier to keep the knowledge about a specific target limited within the authorized operator (NO/AN/SP) and the handling agents at the LEA.
The LIID is a component of the IRI records. It shall be used within any information exchanged at the handover interfaces HI2 for identification and correlation purposes.
The LIID format shall consist of alphanumeric characters. It might for example, among other information, contain a lawful authorization reference number, and the date, when the lawful authorization was issued.
The authorized operator (NO/AN/SP) shall either enter a unique LIID for each target identity of the target or a single LIID for multiple target identities all pertaining to the same target.
If more than one LEA intercepts the same target identity, there shall be unique LIIDs assigned relating to each LEA.
9.1.3 Network identifier
The network identifier (NID) is a mandatory parameter; it should be internationally unique. It consists of the following two identifiers.
1) Operator- (NO/AN/SP) identifier (mandatory):
Unique identification of network operator, access network provider or service provider.
2) Network element identifier NEID (optional):
The purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc.
A network element identifier may be an IP address or other identifier. National regulations may mandate the sending of the NEID.
9.1.4 Correlation number
The Correlation Number is unique per target MBMS service and MBMS session. The correlation number is used for the following purposes:
– Correlate different IRI records within one MBMS service and MBMS session.
NOTE: Correlation only applies to MBMS service usage. Correlation of subscription management events is not required and the ASN.1 subscription event records in Annex B.8 do not provide support for correlation numbers. Such Subscription management report record events are asynchronous, can occur at any time and are likely to occur infrequently.
9.2 Timing and quality
9.2.1 Timing
As a general principle, within a telecommunication system, IRI, if buffered, should be buffered for as short a time as possible.
NOTE: If the transmission of IRI fails, it may be buffered or lost.
Subject to national requirements, the following timing requirements shall be supported:
– Each IRI data record shall be sent by the delivery function to the LEMF over the HI2 within seconds of the detection of the triggering event by the IAP at least 95% of the time.
– Each IRI data record shall contain a time-stamp, based on the intercepting node’s clock that is generated following the detection of the IRI triggering event.
9.2.2 Quality
The quality of service associated with the result of interception should be (at least) equal to the quality of service of the original MBMS service.
9.2.3 Void
(Void).
9.3 Security aspects
Security is defined by national requirements.
9.4 Quantitative aspects
The number of target interceptions supported is a national requirement.
The area of Quantitative Aspects addresses the ability to perform multiple, simultaneous interceptions within a provider’s network and at each of the relevant intercept access points within the network. Specifics related to this topic include:
– The ability to access and monitor all simultaneous communications originated, received, or redirected by the target;
– The ability for multiple LEAs (up to five) to monitor, simultaneously, the same target while maintaining unobtrusiveness, including between agencies;
– The ability of the network to simultaneously support a number of separate (i.e. multiple targets) legally authorized interceptions within its service area(s), including different levels of authorization for each interception, including between agencies (i.e. IRI only, or IRI and communication content).
9.5 IRI for MBMS
9.5.0 General
The IRI will in principle be available in the following phases of a data transmission:
1. At MBMS Service Joining or Leaving.
2. At MBMS Subscription Activation, Modification and Termination.
3. At certain times when relevant information are available.
The IRI may be subdivided into the following categories:
1. Control information for HI2 (e.g. correlation information);
2. Basic data communication information, for standard data transmission between two parties.
The events defined in TS 33.107 [19] are used to generate records for the delivery via HI2.
There are multiple different event types received at DF2 level. According to each event, a Record is sent to the LEMF if this is required. The following table gives the mapping between event type received at DF2 level and record type sent to the LEMF.
Table 9.1: Mapping between MBMS Events and HI2 records type
|
Event |
IRI Record Type |
|
MBMS Service Joining |
BEGIN |
|
MBMS Service Leaving |
END |
|
MBMS Subscription Activation |
REPORT |
|
MBMS Subscription Modification |
REPORT |
|
MBMS Subscription Termination |
REPORT |
|
Start of intercept with MBMS Service Active |
BEGIN |
A set of information is used to generate the records. The records used transmit the information from mediation function to LEMF. This set of information can be extended in the ICE or DF2 MF, if this is necessary in a specific country. The following table gives the mapping between information received per event and information sent in records.
NOTE: Support for MBMS over IMS is For Further Study. As a minimum, IMPU and IMPI reporting support will be required.
Table 9.2: Mapping between Events information and IRI information
|
parameter |
Description |
HI2 ASN.1 parameter |
|
observed IMSI |
Target Identifier with the IMSI of the target. |
partyInformation (partyIdentiity) |
|
event type |
Description which type of event is delivered MBMS Service Joining, MBMS Service Leaving, MBMS Subscription Activation, MBMS Subscription Modification, MBMS Subscription Termination, Start of intercept with MBMS Service Active etc. |
mbms-Event |
|
event date |
Date of the event generation in the BM-SC server. |
Timestamp |
|
event time |
Time of the event generation in the BM-SC server. |
Timestamp |
|
BM-SC Identifier |
Name or Identifier of BM-SC |
mbmsInformation ( mBMSNODELIST) |
|
initiator |
This field indicates whether the event being reported is the result of an UE directed action or network initiated/ off-online action when either one can initiate the action. |
Initiator |
|
correlation number |
Unique correlation number for each target MBMS service and MBMS session. It is used for correlating different IRI records. However the correlation number is not used to correlate subscription related events. |
correlationNumber |
|
lawful interception identifier |
Unique number for each lawful authorization. |
lawfulInterceptionIdentifier |
|
MBMS Subscribed Service |
Name or Identifier of the MBMS Service to which the target has subscribed. Must provide explicit identification of service subscribed from all other services (e.g. TV Channel name and name of content to be viewed) |
mbmsInformation (mbmsServiceName) |
|
MBMS Service Joining Time |
MBMS Service Joining Time |
mbmsInformation (mbms-join-time) |
|
MBMS Service Subscription List |
List of all users subscribed to MBMS Service to which target has requested Joining. NOTE:- This list may be very long for some services. |
mbmsInformation (MbmsSerSubscriberList) |
|
Visited PLMN ID |
Identity of the visited PLMN to which the user is registered |
visitedPLMNID |
|
APN |
The Access Point Name contains a logical name on which IP multicast address is defined (see TS 23.060 [42]) |
mbmsInformation (MBMSapn) |
|
Multicast/Broadcast Mode |
MBMS bearer service in broadcast or multicast mode |
mbmsInformation (mbms-Mode) |
|
IP IP/IPv6 multicast address(multicast mode only) |
IP or IPv6 multicast address identifying the MBMS bearer described by this MBMS Bearer Context. |
mbmsInformation (mbmsIPIPv6Address) |
|
List of Downstream Nodes |
List of downstream nodes that have requested the MBMS bearer service and to which notifications and MBMS data have to be forwarded. |
mbmsInformation (mbmsNodeList) |
|
MBMS Service Leaving Reason |
Indicates whether the UE initated/requested leaving, or whether BM-SC/network terminated the Service to the UE (e.g. GSN session dropped or BM-SC subscription expired etc.). Logically if leaving reason is subscription expiry then subscription terminated report record will also be generated. |
mbmsInformation (mbmsLeavingReason) |
|
MBMS Service Subscription Terminated Reason |
Indicates whether the service subscription termination was requested initiated/requested by the user (including via customer services or other off-line means) or whether subscription expired. |
mbmsInformation (mbmsSubsTermReason) |
|
network identifier |
Operator ID plus ICE address. |
networkIdentifier |
NOTE: LIID parameter has to be present in each record sent to the LEMF.
9.5.1 Events and information
9.5.1.1 Overview
This clause describes the information sent from the Delivery Function (DF) to the Law Enforcement Monitoring Facility (LEMF) to support Lawful Interception (LI). The information is described as records and information carried by a record. This focus is on describing the information being transferred to the LEMF.
The IRI events and data are encoded into records as defined in the Table 9.1 Mapping between MBMS Events and HI2 records type and Annex B.8 Intercept related information (HI2). IRI is described in terms of a ‘causing event’ and information associated with that event. Within each IRI record there is a set of events and associated information elements to support the particular service.
The communication events described in Table 9.1: Mapping between MBMS Events and HI2 record type and Table 9.2: Mapping between Events information and IRI information convey the basic information for reporting the disposition of a communication. This clause describes those events and supporting information.
Each record described in this clause consists of a set of parameters. Each parameter is either:
mandatory (M) – required for the record,
conditional (C) – required in situations where a condition is met (the condition is given in the Description), or
optional (O) – provided at the discretion of the implementation.
The information to be carried by each parameter is identified. Both optional and conditional parameters are considered to be OPTIONAL syntactically in ASN.1 Stage 3 descriptions. The Stage 2 inclusion takes precedence over Stage 3 syntax.
9.5.1.2 REPORT record information
The REPORT record is used to report non-communication related target actions (events) and for reporting unsuccessful packet-mode communication attempts.
The REPORT record shall be triggered when:
– the target’s MBMS UE or target via an off-line means (e.g. via internet or customer service centre) performs MBMS Subscription Activation. See Table 9.3
– the target’s MBMS UE or target via an off-line means (e.g. via internet or customer service centre) performs MBMS Subscription Modification. See Table 9.4
– the target’s MBMS UE or target via an off-line means (e.g. via internet or customer service centre) performs MBMS Subscription Termination. See Table 9.5
Table 9.3 MBMS Subscription Activation REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Observed IMSI |
M |
Shall be provided. |
|
Event Type |
M |
Provide MBMS Service Joining event type |
|
Event Time |
M |
Provide the time the event is detected. |
|
Event Date |
M |
Provide the date the event is detected. |
|
Lawful Interception Identifier |
M |
Shall be provided |
|
MBMS Subscribed Service |
M |
Shall be provided. |
|
Network Identifier |
M |
Shall be provided. |
|
Initiator |
M |
Shall be provided. |
|
IP/IPv6 Address |
C |
Provide IP or IPv6 address of the target if available where target has directly accessed the BM-SC Server to Activate their subscription and not via offline method (e.g. customer services). |
|
Visited PLMN ID |
C |
Provide PLMN ID of a visited network used by the target in the case of non Home network access to BM-SC server. |
|
MBMS Service Subscription List |
O |
Provided for additional information |
Table 9.4: MBMS Subscription Modification REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Observed IMSI |
M |
Shall be provided. |
|
Event Type |
M |
Provide MBMS Service Joining event type |
|
Event Time |
M |
Provide the time the event is detected. |
|
Event Date |
M |
Provide the date the event is detected. |
|
Lawful Interception Identifier |
M |
Shall be provided |
|
MBMS Subscribed Service |
M |
Shall be provided. |
|
Network Identifier |
M |
Shall be provided. |
|
Initiator |
M |
Shall be provided. |
|
IP/IPv6 Address |
C |
Provide IP or IPv6 address of the target if available where target has directly accessed the BM-SC Server to Activate their subscription and not via offline method (e.g. customer services). |
|
Visited PLMN ID |
C |
Provide PLMN ID of a visited network used by the target in the case of non Home network access to BM-SC server. |
|
MBMS Service Subscription List |
O |
Provided for additional information |
Table 9.5: MBMS Subscription Termination REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Observed IMSI |
M |
Shall be provided. |
|
Event Type |
M |
Provide MBMS Service Joining event type |
|
Event Time |
M |
Provide the time the event is detected. |
|
Event Date |
M |
Provide the date the event is detected. |
|
Lawful Interception Identifier |
M |
Shall be provided |
|
MBMS Subscribed Service |
M |
Shall be provided. |
|
Network Identifier |
M |
Shall be provided. |
|
Initiator |
M |
Shall be provided. |
|
IP/IPv6 Address |
C |
Provide IP or IPv6 address of the target if available where target has directly accessed the BM-SC Server to Activate their subscription and not via offline method (e.g. customer services). |
|
Visited PLMN ID |
C |
Provide PLMN ID of a visited network used by the target in the case of non Home network access to BM-SC server. |
|
MBMS Service Subscription List |
O |
Provided for additional information |
|
MBMS Service Subscription Terminated Reason |
M |
Shall be provided. |
9.5.1.3 BEGIN record information
The BEGIN record is used to convey the first event of MBMS service interception.
The BEGIN record shall be triggered when:
– the target’s MBMS UE successfully joins an MBMS service (MBMS Service Joining). See Table 9.6
– interception is activated for the target but the MBMS UE has successfully joined an MBMS service prior to the start of interception (Start of intercept with MBMS Service Active). See Table 9.7
Table 9.6: MBMS Service Joining BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Observed IMSI |
M |
Shall be provided. |
|
Event Type |
M |
Provide MBMS Service Joining event type |
|
Event Time |
M |
Provide the time the event is detected. |
|
Event Date |
M |
Provide the date the event is detected. |
|
Correlation Number |
M |
Shall be provided. |
|
Lawful Interception Identifier |
M |
Shall be provided |
|
MBMS Subscribed Service |
M |
Shall be provided. |
|
MBMS Service Joining Time |
M |
Provide time at which target joined the MBMS service, or will join the service. |
|
Network Identifier |
M |
Shall be provided. |
|
Initiator |
M |
Shall be provided. |
|
IP/IPv6 Multicast Address |
C |
Provide IP or IPv6 address of the target if available for multicast services only. |
|
Visited PLMN ID |
C |
Provide PLMN ID of a visited network used by the target in the case of non Home network access to MBMS service. |
|
Multicast/Broadcast Mode |
M |
Shall be provided. |
|
APN |
C |
Provide for PS domain access to MBMS. |
|
List of Downstream Nodes |
C |
Provide in the case of a multicast service, if available. |
|
MBMS Service Subscription List |
O |
Provided for additional information |
Table 9.7: Start of intercept with MBMS Service Active BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Observed IMSI |
M |
Shall be provided. |
|
Event Type |
M |
Provide MBMS Service Joining event type |
|
Event Time |
M |
Provide the time the event is detected. |
|
Event Date |
M |
Provide the date the event is detected. |
|
Correlation Number |
M |
Shall be provided. |
|
Lawful Interception Identifier |
M |
Shall be provided |
|
MBMS Subscribed Service |
M |
Shall be provided. |
|
MBMS Service Joining Time |
M |
Provide time at which target joined the MBMS service. |
|
Network Identifier |
M |
Shall be provided. |
|
Initiator |
M |
Shall be provided. |
|
IP/IPv6 Multicast Address |
C |
Provide IP or IPv6 address of the target if available for multicast services only. |
|
Visited PLMN ID |
C |
Provide PLMN ID of a visited network used by the target in the case of non Home network access to MBMS service. |
|
Multicast/Broadcast Mode |
M |
Shall be provided. |
|
APN |
C |
Provide for PS domain access to MBMS. |
|
List of Downstream Nodes |
C |
Provide in the case of a multicast service, if available. |
|
MBMS Service Subscription List |
O |
Provided for additional information |
When the ICE (i.e. BM-SC) is not aware of the activation of multiple lawfully authorized intercepts on a target that is already in an MBMS service, the MF/DF shall generate the Start of Intercept with MBMS Service Active BEGIN record on its own using information that it has retained.
The DF2 shall not send the Start of Intercept with MBMS Service Active BEGIN record to the LEMFs that were already intercepting the MBMS UE (i.e. target) due previous LI activation on the same MBMS UE (i.e. target).
9.5.1.4 END record information
The END record is used to convey the last event of packet-data communication.
The END record shall be triggered when:
– the target’s MBMS UE successfully leaves an MBMS service or the MBMS service is terminated by the BM_SC (MBMS Service Leaving). See Table 9.8
Table 9.8: MBMS Service Leaving END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Observed IMSI |
M |
Shall be provided. |
|
Event Type |
M |
Provide MBMS Service Joining event type |
|
Event Time |
M |
Provide the time the event is detected. |
|
Event Date |
M |
Provide the date the event is detected. |
|
Correlation Number |
M |
Shall be provided. |
|
Lawful Interception Identifier |
M |
Shall be provided |
|
MBMS Subscribed Service |
M |
Shall be provided. |
|
Network Identifier |
M |
Shall be provided. |
|
Initiator |
M |
Shall be provided. |
|
IP/IPv6 Multicast Address |
C |
Shall be provided. |
|
Visited PLMN ID |
C |
Provide PLMN ID of a visited network used by the target in the case of non Home network access to MBMS service. |
|
MBMS Service Subscription List |
O |
Provided for additional information |
|
MBMS Service Leaving Reason |
M |
Shall be provided. |
9.6 CC for MBMS
The MBMS LI solution specified in this version of this specification does not specifically provide a CC interception solution. Only IRI generated by the BM-SC is specifically supported.
CC interception of MBMS services is provided by the underlying transport bearer LI functionality eg GSNs for GPRS. Only MBMS Multicast service CC interception is supported. However, in many MBMS scenarios, the MBMS content stream is routed to the UE using multicast streams, rather than BM-SC to UE point to point bearers. In the case of multicast stream routing to the serving basestations/NodeB, the GSNs may not be able to intercept the MBMS stream as no IP address or other target related identities may be associated with the stream at the GSN. In this case, since no target identity is available for interception in the CC stream, the LEA will not receive MBMS CC.
No MBMS CC capability is provided by this specification for MBMS broadcast services, as the UE will receive such services in IDLE mode without an active network connection.
NOTE: Provision of MBMS CC decryption keys is for further study.