6.2.7 External data storage

33.1273GPPLawful Interception (LI) architecture and functionsRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

6.2.7.1 UDSF or UDR

The UDSF or UDR as defined in TS 23.501 [2] are used to externally store data relating to one or more NFs, separating the compute and storage elements of an NF. Where the NF contains a POI the following restrictions on the use of the UDSF/UDR shall apply:

– The UDSF/UDR shall be subject to the same location, geographic, security and other physical environment constraints as the NF POI for which it is storing data.

– No LI specific POI data (e.g. target list) shall be stored in the UDSF/UDR unless storage is directly under the control of the POI within the NF.

– LI data stored in a UDSF/UDR shall only be accessible by the specific individual POI for which the UDSF/UDR is storing data and that data shall not be shared between POIs unless specifically authorised by the LICF within the ADMF.

– By default, LI data shall not be stored in a UDSF/UDR which is shared by multiple NFs unless specifically authorised by the LICF.

– Any storage of LI data outside of the POI in the UDSF/UDR shall be auditable by the LICF.

– The interface between the POI/NF and the UDSF/UDR shall be protected such that an attacker cannot identify targeted users based on observation of this interface. (i.e. access to the UDSF/UDR shall be identical for both intercepted and non-intercepted user communications).

– The use and placement of a UDSF/UDR within an NF/POI design shall not introduce additional interception delay compared with non-separated compute and storage.

– Where the POI requires access to NF data that is stored in the UDSF/UDR, non-LI network functions and processes or non-LI authorised personnel shall not be able to detect POI access to that data in the UDSF/UDR.

– The POI and LICF/MDF shall be responsible for managing encryption of LI data stored in the UDSF/UDR for the POI in addition to any default encryption applied by the NF.

The above requirements shall apply when the UDSF/UDR provide data storage for TF/NF.

6.2.7.2 LI State Storage Function (LISSF)

The LISSF is a function that makes it possible for other LI functions to share information with each other. There can be multiple instances of the LISSF in the network being handled by the same ADMF. The LISSF can be implemented as a separate function or within the ADMF. The LISSF may be used to transfer LI state information between LI functions. The following restrictions on the use of the LISSF shall apply:

– The LISSF shall be subject to the same location, geographic, security and other physical environment constraints as the LI functions for which it is storing data.

– LI state information stored in an LISSF shall only be accessible by the LI functions specifically authorised by the LICF.

– Other than the time required to acquire the LI state information, the use and placement of an LISSF within the LI architecture shall not introduce additional delay.

– The LISSF shall be directly under the control of the ADMF, and it shall be directly accessible and auditable by the LICF.