Containing Security Threats
With national security becoming vulnerable and penetrable, the need of the hour is to design a technical architecture that can ensure management and surveillance of massive unregulated data, and also assist in locating the subscribers with all details
Implementing national security requirements cannot be solely dependent on a decision process that emerges as a result of public dialog or operators’ choice/consensus or through directions to implement a felt need (as is currently taking place for filtering of social network contents). What needs to be done for national security, just needs to be done through a diligent technical process.
With the nature of lawful monitoring requirements moving from structured content (signaling, phone records) to un- structured content (web pages, emails, IM conversations), centralized deployment needs to be necessarily supported with massive data storage for analysis. Since most IP based communications involve a mix of talking, chatting, and email, it is important to put together conversation threads with mobile phone locations that provide details of relationships in context.
Regulating the Unregulated Data
In India, mobile users are using social me- dia on regulated communications infrastructure hosting the largely unregulated internet, resulting in a rapid proliferation of mobile data. No traditional database and analysis solutions can cope with either the rate or aggregate size of these data feeds. Consequently, the only option is to adapt technologies from the social networking and web search worlds to the ‘big data’ industry.
With the increasing use in India of mobile phones for net based communications using Wi-fi, 3G, and now 4G—both of voice and data, new security implications have come into play. Hence it has become necessary to monitor social networks as also to locate a mobile user when necessary, a fact that the Indian Government has now shown concern about.
Fixing the Loopholes: Security Concerns
Existing network deployment enables mobile operators to provide location details of their subscriber based on BTS to which the user’s mobile phone is connected. Following 9/11 and the growing use of VOIP, the US Government mandated deployment of accuracy of location solution over their wireless service providers’ network so that in an emergency situation the
caller could be located—what has since come to be known as FCC E911 rules.
After 26/11 happenings at Mumbai, India started a dialogue with all the mobile operators for improving the accuracy of location of the mobile users. From May 31, 2011, Department of Telecom (DOT) has made an amendment to the operators’ licenses, where it has become mandatory for all the operators to deploy an accuracy of location solution on their network. This amendment should enable security agencies to accurately establish location of the targeted mobile users and thereafter of all the mobile users on their network. As per the existing regulations for deploying lawful monitoring solutions, once again DOT has passed the responsibility of deploying such an accuracy of location solution on the mobile operators. Over the last decade, technology has advanced rapidly, and monitoring of voice calls can today be done more cost-effectively and efficiently by using a centralized platform.
Deployment of various location platforms by each operator as desired now by DOT, could lead to the same chaos that is being experienced today by the security agencies for coordination of voice calls from various lawful monitoring platforms deployed by India’s 15 mobile operators based on a practice that began in 2002. Location platform deployment based on an uniform technology working across all the operators’ networks, could lead to ease of establishing a target’s coordinates in real-time for the security agencies and provide commercial benefits to each operator.
Analyzing Location Methods
Although there are various technical options available to establish accuracy of location over any wireless operator’s network (as given in the box), but no one technology is the solution that can fit in all situational needs. GPS and traditional LBS does not scale up to monitor the entire network. In these circumstances, to make the whole exercise fruitful for the security agencies, a combination of technical solutions for location needs to be deployed over each operator’s network.
A technical architecture that is fully secure should not get outdated with time. It should keep pace with the growing demand for storage and advanced forensics across all means of communications in a manner that it would not result in any technology gap/blind spot
LOCATION METHODS
• Basic cell location • Enhanced cell location
(with Timing Advance) • RF profiling/fingerprinting/pattern
matching • Uplink measurement (using LMU) • Downlink measurement • Assisted GPS
In the US, T-mobile and AT&T have deployed U-TODA technology network-wide for E911 at a significant cost estimated to exceed $2 bn with the cost defrayed by a monthly fee born by the subscriber. But TODA has also proven unworkable for mass-location determination applications, given the processing intensity and the time required for a TODA calculation and the impact on the core signaling network. Also, the time-to-fix can be too long for the surveillance applications.
A classic LBS architecture sits on the top of a GMLC/SMLC integrated with core and radio networks. This is known as active subscriber positioning. The location of a phone is only known when a request is sent to the network and the position is calculated from the radio information collected. While this technique gives good accuracy via the extraction of signal strength from the NMR, its draw- back is the amount of traffic generated when a large number of phones are tracked/located.
Consequently, due to the immense cost of a hardware radio network overlay at a large percentage of BTS sites, many companies focus on using a software method known as radio fingerprinting. At any point in the network, a handset can ‘see’ a certain number of cell towers and may have a corresponding power measurement from each of these towers. By comparing the received power measurements to a signature database created through drive testing or a purely synthetic data model, an enhanced estimate of the mobile position in time and space could be realized.
Proposed Technical Approach
To handle such a challenging requirement of a centralized monitoring system (CMS), there are only 2 options:
Uniform Probes by the Government: Deploying uniform probes by the government on all communication service providers’ (CSP) networks for gathering the required inputs for lawful monitoring. This nation-wide network of probes will gather and bring all targeted inputs over IP into regional/state-level databases as also a central database for processing and forensics. Such data centers could be established in each state, which in turn will lead towards a National Monitoring Center. If required, technology with source code can be imported for manufacture of such probes in India locally by ITI or C-DOT, thus providing them with business. This again is a very expensive approach.
Private Cloud Technology: A more preferred and recommended option is the setting up of a private cloud technology (in contrast with public services clouds available via the internet such as Amazon). Recent innovations in low-cost mass storage and data warehousing using cloud computing principles have now made it feasible to automatically capture and store this data for near real-time correlation with CDR data. Such web services are now capable of collecting, storing, and managing a large number of data,
which allow for real-time analysis, extracting intelligence, and information from across a vast number of different data types available for every communication service provider in India. Hence allows security agencies to realize the benefits of cloud computing from behind their firewall, owning and operating their own private cloud through the deployment of appliances within their own secure data center. Although private cloud offers the same benefits as the public cloud, however is managed within the government’s own infrastructure, therefore will keep all data secure and private.
Private cloud computing will definitely change the telecom and Law Enforcement Agencies (LEA) infrastructure and may at the same time offer the security agencies with a migration path gradually replacing the legacy platforms currently being used. This requires a parallel approach, where private cloud technology can be introduced to one business area at a time, improving performance on missioncritical data handling and analysis while coexisting with the current infrastructure providing additional redundancy and maintaining operational stability for all surrounding systems.
Data Retention
LEA all over the world have increased their focus on preventing and solving crimes, especially related to, but not limited to, organized crime and terrorist activities. Communication Service Providers (CSPS) are obligated to retain communication data that can help police and other LEAS to resolve a crime.
In the US, the National Security Letter (NSL) is regularly used to obtain retained information from CSPS. EU has imposed the Data Retention Directive (2006/24/EC) to all its member states, and national legislation is currently taking place to implement this directive in all the individual EU member states. At the same time, the technology used by CSPS has also changed. Over the past few years, the very nature of communication has changed, moving from traditional Tdm-structured content (signaling, phone records) to unstructured IP content (VOIP, web pages, emails, IM conversations, etc). As a result, most CSPS in the world have already changed, or are in process of changing, the core network infrastructure towards a pure IP based backbone network, also referred to as Next Generation Network (NGN).
The Shift of Paradigm in the Telecom Industry
Over the last 10 years, due to the political and technological changes, the obligations for the CSPS for both Lawful Intercept (LI) and data retention have significantly increased towards massive amount of subscriber information that has to be retained and much more complex (and expensive) systems have to be implemented due to the explosion of internet based traffic and internal NGN changes.
Today, with the data retention legislation and all communication traffic moving from traditional TDM to IP, there is a radical paradigm shift in the need for a flexible platform that can seamlessly handle the increasing growth in data volumes and the complexity in data collection and correlation from a broad variety of different input sources and may be utilized to perform a fast and reliable analysis.
Traditional call search, subscriber IP dumps, or other telephony LI applications are simply no longer enough for CSPS to comply with the legislation for delivering warranted data to LEAS. Many CSPS are therefore currently still unsure about which technology they should buy to have a secure investment to fulfill their obligations. The CSPS are in general willing to help Law Enforcement, but have constrained budgets for their LI and Data Retention investment, which is basically not a revenue-generating activity.
Security Business Requirements
The data retention solution should comply with the following business requirements. These requirements are a result of the existing government legislations for data retention combined with CSP domain knowledge:
All communication data subject to national legislation for data retention must be collected from input sources within the CSP infrastructure.
The data must be filtered, so only data mandated by the national legislation will be retained. Raw data must always be kept as an evidence.
Data correlation must be handled so that communications and equipment used are associated with the correct subscriber information to comply with
the government legislation. Data must be stored, retained, and automatically managed according to the national legislation for data retention period.
The system must ensure timely delivery of the requested information in response to and strictly according to warrants.
Data must be formatted and delivered into agreed formats by the requesting authority (LEA).
The data retention system should be hosted as a private cloud within the CSP infrastructure and only accessed internally by the CSP administrators. The cloud should contain all equipment used for data collection, warrant handling, processing, storage, distribution, and administration.
Customizations
The data retention system should be able to deliver HI-2 information strictly according to warrants issued on behalf of: National Security Letters (NSL) EU data retention directive (2006/ 24/EC).
Nationally implemented legislation on behalf of any data retention directive As customizations, the following should be provided optionally:
Special Court Orders or warrants designed and used by CSPS in countries not having formal legislation established yet.
Reports on individual LEA deliveries can be exported and delivered to an internal CSP billing system for LEA invoicing.
Custom plug-ins that can be programmed by the CSP, are offered for data processing to ensure fast adoption to protocol changes, data format changes, or new data-retention regulations.
Specialized data collection directly from the network elements
Non-standard correlation issues addressing specific CSP needs
Steps to Ensure Security
Due to the discreet nature of lawful interception and the supporting legislation, data and system access is protected in a number of ways ensuring that no data is disclosed to unauthorized persons. Built-
Location platform deployment based on a uniform technology, working across all operators’ networks, could lead to ease of establishing a target’s coordinates in real-time for the security agencies, and provide commercial benefits to each operator
in security features ensure that collected data is correlated with the correct warrant by the use of a unique LI-ID, which is being stamped on the warrant and will follow all collected data associated with the warrant.
The separation of system administration and data administration into 2 different profiles is also a security measure to ensure that technical personnel will not have access to the actual warrant and data collected. All user access to the cloud should be done through the cloud administrator GUI browser application. User log ins are handled over https (secure encrypted sockets protocol) and restricted application access by use of digital signature certificates can optionally be applied.
User access to data can only be done by the data administrators through the Cloud Data API, which is also internally used by the cloud distributors (PCD) when sending data automatically to LEA in response to warrants.
Today a combined storage-compute cluster running on open-source based cloud computing framework running at very low capex and opex can deliver
For more related articles go to voicendata.com
petabyte-scale computing on an open platform to clients whose business rely upon data analysis.this approach is similar to Google, since in that you can search anything that is under the purview of the data captured by the system. It will allow for a free form analysis of the monitored content. It can also be viewed as the LEA’S own personal search engine, with each agency having access to data as per their legal mandate.
Using data gathered from the different sources, such a platform will allow free-text search and relationship analysis based on the processing of 100s of terabytes of data where the indexing is done on a batch processing basis but the results are delivered in near real-time, thus offering a substantial improvement in performance compared to the traditional database solutions. Not only would it cost less but being based on open-source license, the clients will have 100% control over their data.
Such a platform will allow the CSPS to meet the DOT requirements in a timely and cost-efficient manner; it will allow the CSPS to work with the telecom equipment vendors so as to incorporate such output capabilities in their equipment. Also, it will allow the LEAS to pursue their respective legal capabilities to either access raw data or rely upon the operators for intelligence reports in an efficient and timely manner, without a massive duplication of effort for an entire system at each LEA. This type of platform can provide any intelligence at any scale on a real-time or historical batch basis, at the lowest possible cost with ultimate security and accountability through an entirely open-source platform.
A technical architecture that is designed on the above lines will be fully secure, not get outdated with time, and keep pace with the growing demand for storage and advanced forensics across all means of communications in a manner such that it would not result in any technology gap/blind spot for the LEAS’ work in time to come. The authors are CEO, Privail and president, Span Technologies, respectively
vadmail@cybermedia.co.in