Publication Details
Designing Lawful Interception in IPv6 Networks
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT)
Kajan Michal, Ing. (DCSY FIT BUT)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Veselý Vladimír, Ing., Ph.D. (DIFS FIT BUT)
Lawful interception, IPv6, networking user identity, communication tracking.
The aim of this paper is to enumerate major issues in designing a lawful interception system for IPv6 networks. Today, network and content providers are required to cooperate with Law Enforcement Agencies (LEAs) in order to provide a lawful interception (LI) similarly as it is required from telecommunication operators. LI in IP networks is not as easy as in telecommunications. One major challenge is the identification of a tracked person. IPv6 brings new challenges, e.g. a support of temporary IP addresses, privacy extension or default IPv6 tunnels. There are LI implementation recommendations given by US law (Communications Assistance for Law Enforcement Act - CALEA) or EU standards (defined by European Telecommunications Standards Institute - ETSI). Nevertheless, these documents do not cover IPv6 networks. This paper overviews related documents and current state-of-the-art. Then, it identifies issues of IPv6 LI and proposes possible approach to user's identity detection, and other issues related to IPv6 LI deployment - enhancement of privacy of users in small networks, issues of multicast traffic and IPv6 transition mechanisms. Finally, this paper shows an architectural design of the system based on ETSI standard and describes how ETSI functions blocks are designed. It also describes some basic considerations and issues when implementing proposed architecture. Proposed architecture is mapped onto network devices. Suggested deployment of the system allows for the scalability of eavesdropping with respect to identified issues.
@INPROCEEDINGS{FITPUB9620, author = "Libor Pol\v{c}\'{a}k and Mat\v{e}j Gr\'{e}gr and Michal Kajan and Petr Matou\v{s}ek and Vladim\'{i}r Vesel\'{y}", title = "Designing Lawful Interception in IPv6 Networks", pages = "114--126", booktitle = "Security and Protection of Information", year = 2011, location = "Brno, CZ", publisher = "University of Defence in Brno", ISBN = "978-80-7231-777-6", language = "english", url = "https://www.fit.vut.cz/research/publication/9620" }