A.4 Non-3GPP access in a non-roaming scenario

33.1273GPPLawful Interception (LI) architecture and functionsRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

A.4.1 General

When the target UE is connected to the 5G core network via non-3GPP access, the POIs present in the following NFs of the PLMN where the N3A Entity resides provide the LI functions:

– AMF.

– SMF.

– UPF.

– SMSF.

When the PLMN that has the N3A Entity is the HPLMN, as illustrated in clause A.1, the IRI-POI present in the UDM also provide the LI functions.

When the PLMN that has N3A Entity is different from the PLMN that provides the 3GPP access to the target UE, two different AMFs are involved in handling the target UE’s registration accepts (this is not illustrated in this clause). In this case, depending on the operator policy, the SMSF present in either of the two networks may perform the routing of SMS messages to and from the target UE.

The PLMN that provides the 3GPP access can be a VPLMN and PLMN where the N3A Entity resides can be the HPLMN. In this case, the AMF in the HPLMN provides the IRI-POI functions for non-3GPP access related registration events when the target UE is roaming. The SMSF present in the HPLMN may have to provide the IRI-POI functions for the SMS related messages routed via non-3GPP access network.

A.4.2 Topology view

The overall network configuration for non-3GPP access in a non-roaming scenario with the LI aspects is shown in figures A.4-1, A.4-2 and A.4-3. In these views, the target UE is not connected to a 3GPP access network.

The 5G core system is shown in the following figures the service-based representation (as shown in TS 23.501 [2]) with the use of point-to-point LI system.

Figure A.4-1: Network topology showing LI for non-3GPP access to 5G via N3IWF

Figure A.4-2: Network topology showing LI for non-3GPP access to 5G via TNGF

Figure A.4-3: Network topology showing LI for non-3GPP access to 5G via TWIF

The IRI-POIs present in the AMF, UDM, SMSF and SMF deliver the xIRI to the MDF2 and CC-POI present in the UPF delivers the xCC to the MDF3. The MDF3 address to CC-POI present in UPF is provided by the CC-TF present in the SMF over LI_T3 reference point.

The LIPF present in the ADMF provisions the IRI-POIs and the CC-TF present in the NFs with the intercept related data. The LI_X1 interfaces between the LIPF and the UPF is to monitor the user plane data.

Annex B (normative):
ADMF functionality

The Administration Function (ADMF) provides the CSP’s administrative and management functions for the LI capability.

The ADMF’s primary roles and responsibilities include:

– The logical point of contact from the LEA to the CSP via LI_HI1 for Lawfully authorised requests (e.g. warrant).

– Maintaining the CSP / LEA mutually agreed unique Lawful Interception IDentifier (LIID) for the warrant which is used for all corresponding LI_HI2, LI_HI3, and LI_HI4 communications for warrant correlation.

– CSP administration and local management of the warrant including start/stop times, filter criteria, LEA policy toggles, etc.

– Deriving internal information (ID mappings, potential POIs, etc.) from the warrant.

– For virtualised instances, verifying the authenticity/integrity of CSP LI functions (e.g. LI function’s software image) prior to instantiation, see e.g. ETSI NFV-SEC 011 [10] or equivalent.

– When required, providing keys to newly instantiated LI functions to enable decryption of LI specific software.

– LI functions physical location policy control ensuring LI functions are within the legal location policy of the warrant.

– LI Certificate Authority (LI CA, sub-CA of the CSP root CA) for issuing certificates to LI functions as part of their LI provisioning via LI_X0 interface, see clause 5.6.3.2.

– Provisioning of all required and valid LI functions instantiated by the CSP network.

– Maintaining the master list of all authorised and provisioned LI functions.

– Managing the termination of LI instances across all impacted LI functions when the warrant expires or the LEA specifically requests termination of a LI instance.

– Certificate revoking when the LI function is terminated or the LI function is de-instantiated.

– Maintaining the status of the warrant execution within the CSP (e.g. accepted, pending/provisioning, active, suspended, de-provisioned, etc.).

– As agreed between the LEA and CSP, reporting warrant execution status changes to the LEA as well as responds to warrant audit requests from the LEA.

– Keeping records of the CSP’s management of LI related activities (e.g. log files).

Refer to clause 5.4 LI interfaces, and figures 5.4-1 and 5.6-1 for details on specific interfaces between the ADMF and other network functions.

Annex C (informative):
LEA initiated suspend and resume

This annex presents a means within current ETSI and 3GPP specifications to support the temporary suspension (suspend) and subsequent resuming (resume) of a Lawful Intercept. Temporary suspension of LI is either directly initiated by the LEA or automatically initiated based on predefined criteria/policy between the LEA and CSP as part of the warrant. This clause only addresses the case of LEA initiated temporary suspension of the delivery of LI product to the LEA.

The underlying baseline is that a Lawful Intercept has been fully authorised and established between the LEA and the CSP via LI_HI with an agreed LIID to map the warrant to the CSP provided LI product via LI_HI2, LI_HI3 and LI_HI4.

The LEA may request that this active LI instance be temporarily suspended. This means, at a minimum, that the CSP no longer delivers (or buffers) LI product to the LEA.

LEA initiated LI suspension may involve the following steps:

– The LEA, via LI_HI1, sends an Update Request, referencing the intercept, with the DesiredStatus of Suspended; reference ETSI TS 103 120 [7].

– The ADMF, via LI_X1, deactivates/deprovisions the required LI Functions, reference ETSI TS 103 221-1 [8]. These LI Functions then locally fully delete the active intercept as required and hence stops any subsequent LI_HI2/3 delivery.

– The ADMF should maintain all the intercept warrant information of the original intercept, with the status advanced to Suspended.

– The MDFs for which the intercept instance has been de-activated send an LI_HI4 deactivation notification to the LEMF.

– The ADMF sends an Update Response message to the LEA, via LI_HI1, with a status of Suspended.

To resume the LI product delivery, this may involve the following steps:

– The LEA sends the CSP, via LI_H1, an Update Request, referencing the original intercept, with the DesiredStatus of Active. This is equivalent to the initial LI activation but without having to repeat all the warrant information in the original intercept request, and the existing LIID is maintained. Sessions that were active before the intercept suspension that are still active when resumed, or new sessions initiated while the intercept is resumed, are handled as per mid-call intercept activation.

– The ADMF, via LI_X1, re-provisions the de-activated LI Functions just as for a new intercept to re-instantiate the intercept.

NOTE: This implies all LI Product deliveries will restart just as for a new intercept; e.g. PDU sequence numbers will restart at zero, etc.

– The re-provisioned MDFs send an LI_HI4 activation notification to the LEMF.

– The ADMF sends an Update Response message to the LEA, via LI_HI1, with a status of Active.

If the intercept (warrant) timespan expires or the LEA directly requests intercept deactivation while the intercept is in a suspended state, all remaining LI Functions are deactivated/deprovisioned and the rest of LI instance is taken down as per usual warrant deactivation.

Annex D (informative):
Additional RCS specific LI details