C.1 UMTS LI correlation header
33.1083G Security3GPPHandover interface for Lawful Interception (LI)Release 17TS
C.1.1 Introduction
The header and the payload of the communication between the target and the other party (later called: Payload Information Element) is duplicated. A new header (later called: ULIC-Header) is added before it is sent to LEMF.
Data packets with the ULIC header shall be sent to the LEA via UDP/IP or TCP/IP.
C.1.2 Definition of ULIC header version 0
ULIC header contains the following attributes:
– Correlation Number.
– Message Type (a value of 255 is used for HI3-PDUs).
– Direction.
– Sequence Number.
– Length.
– Intercepting Control Element (ICE) type.
T-PDU contains the intercepted information.
|
Bits |
||||||||||
|
Octets |
8 |
7 |
6 |
5 |
4 |
3 |
2 |
1 |
||
|
1 |
Version (‘0 0 0’) |
‘1’ |
Spare ‘1’ |
ICE type |
DIR |
‘0’ |
||||
|
2 |
Message Type (value 255) |
|||||||||
|
3-4 |
Length |
|||||||||
|
5-6 |
Sequence Number |
|||||||||
|
7-8 |
not used (value 0) |
|||||||||
|
9 |
not used (value 255) |
|||||||||
|
10 |
not used (value 255) |
|||||||||
|
11 |
not used (value 255) |
|||||||||
|
12 |
not used (value 255) |
|||||||||
|
13-20 |
correlation number |
|||||||||
Figure C.1: Outline of ULIC header
For interception tunneling the ULIC header shall be used as follows:
– Version shall be set to 0 to indicate the first version of ULIC header.
– DIR indicates the direction of the T-PDU:
"1" indicating uplink (from observed mobile user); and
"0" indicating downlink (to observed mobile user).
– Message Type shall be set to 255 (the unique value that is used for T-PDU within GTP TS 29.060 [17]).
– Length shall be the length, in octets, of the signalling message excluding the ULIC header. Bit 8 of octet 3 is the most significant bit and bit 1 of octet 4 is the least significant bit of the length field.
– Sequence Number is an increasing sequence number for tunneled T-PDUs. Bit 8 of octet 5 is the most significant bit and bit 1 of octet 6 is the least significant bit of the sequence number field.
NOTE: When a handoff occurs between SGSNs, the DF3 serving the LEA may change. If the DF3 serving an LEA changes as a result of an handoff between SGSNs, contiguous sequencing may not occur as new sequencing may be initiated at the new DF3. Accordingly, the LEA should not assume that sequencing shall be contiguous when handoff occurs between SGSNs and the DF3 serving the LEA changes.
– Correlation Number consists of two parts: GGSN-ID identifies the GGSN which creates the Charging-ID.
Charging-ID is defined in TS 29.060 [17] and assigned uniquely to each PDP context activation on that GGSN (4 octets).
The correlation number consist of 8 octets. The requirements for this correlation number are similar to that defined for charging in TS 29.060 [17]. Therefore it is proposed to use the Charging-ID, defined in TS 29.060 [17] as part of correlation number. The Charging-ID is signalled to the new SGSN in case of SGSN-change so the tunnel identifier could be used "seamlessly" for the HI3 interface.
|
0 |
1 |
2 |
3 |
|||||||||||||||||||||||||||||
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
0 |
1 |
|
|
Charging -ID |
Charging -ID |
Charging -ID |
Charging -ID |
Octet 13-16 |
||||||||||||||||||||||||||||
|
GGSN-ID |
Octet 17-20 |
|||||||||||||||||||||||||||||||
Figure C.2: Outline of correlation number
– Intercepting Control Element (ICE, see TS 33.107 [19]) type. Indicates whether the T-PDU was intercepted in the GGSN or in the SGSN:
"0" indicating GGSN; and
"1" indicating SGSN.
This parameter is needed only in case the GGSN and the SGSN use the same Delivery Function/Mediation Function for the delivery of Content of Communication.
The ULIC header is followed by a subsequent payload information element. Only one payload information element is allowed in a single ULIC message.
|
Bits |
||||||||
|
Octets |
8 |
7 |
6 |
5 |
4 |
3 |
2 |
1 |
|
1 – 20 |
ULIC‑Header |
|||||||
|
21 -n |
Payload Information Element |
|||||||
Figure C.3: ULIC header followed by the subsequent payload Information Element
The payload information element contains the header and the payload of the communication between the target and the other party.
C.1.3 Definition of ULIC header version 1
ULIC-header version 1 is defined in ASN.1 [5] (see annex B.4 for UMTS PS interception and annex B.10 for EPS interception) and is encoded according to BER [6]. It contains the following attributes:
– Object Identifier (hi3DomainId)
– ULIC header ASN.1 version (version).
NOTE: ULIC header ASN.1 version (version) is not used for EPS interception.
– lawful interception identifier (lIID, optional)
sending of lawful interception identifier is application dependant; it is done according to national requirements.
– correlation number (correlation-Number). As defined in clause 6.1.3 for UMTS PS and clause 10.1.3 for EPS.
– time stamp (timeStamp, optional),
sending of time stamp is application dependant; it is done according to national requirements.
– sequence number (sequence-number). Sequence Number is an increasing sequence number for tunneled T-PDUs. Handling of sequence number is application dependent; it is done according to national requirements (e.g. unique sequence number per PDP-context).
NOTE: When a handoff occurs between SGSNs or other Core Network nodes, the DF3 serving the LEA may change. If the DF3 serving an LEA changes as a result of an handoff between SGSNs or other Core Network nodes, contiguous sequencing may not occur as new sequencing may be initiated at the new DF3. Accordingly, the LEA should not assume that sequencing shall be contiguous when handoff occurs between SGSNs or other Core Network nodes and the DF3 serving the LEA changes.
– TPDU direction (t-PDU-direction)
indicates the direction of the T-PDU (from the target or to the target).
– National parameters (nationalParameters, optional)
this parameter is encoded according to national requirements
– ICE type (ice-type, optional)
indicates in which node the T-PDU was intercepted. This parameter is needed only in case several Core Network nodes use the same Delivery Function/Mediation Function for the delivery of Content of Communication.
The ULIC header is followed by a subsequent payload information element. Only one payload information element is allowed in a single ULIC message (see annex B.4 for UMTS PS interception and annex B.10 for EPS interception).
The payload information element contains the header and the payload of the communication between the target and the other party.
C.1.4 Exceptional procedure
With ULIC over UDP: the delivering node doesn’t take care about any problems at LEMF.
With ULIC over TCP: TCP tries to establish a connection to LEMF and resending (buffering in the sending node) of packets is also supported by TCP.
In both cases it might happen that content of communication gets lost (in case the LEMF or the transit network between MF and LEMF is down for a long time).
C.1.5 Other considerations
The use of IPsec for this interface is recommended.
The required functions in LEMF are:
– Collecting and storing of the incoming packets inline with the sequence numbers.
– Correlating of CC to IRI with the use of the correlation number in the ULIC header.