ETSI EN 301 040 V2.0.0 (1999-06)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Prizemni snopovni radio (TETRA) – Varnost – Vmesnik za zakonito prestrezanje (LI)Terrestrial Trunked Radio (TETRA); Security; Lawful Interception (LI) interface33.070.10Prizemni snopovni radio (TETRA)Terrestrial Trunked Radio (TETRA)ICS:Ta slovenski standard je istoveten z:EN 301 040 Version 2.0.0SIST EN 301 040 V2.0.0:2003en01-december-2003SIST EN 301 040 V2.0.0:2003SLOVENSKI
STANDARD



SIST EN 301 040 V2.0.0:2003



EN 301 040 V2.0.0 (1999-06)European Standard (Telecommunications series)Terrestrial Trunked Radio (TETRA);Security;Lawful Interception (LI) interfaceSIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)2ReferenceDEN/TETRA-06027-1 (9mo01000.PDF)KeywordsTETRA, security, voice, dataETSIPostal addressF-06921 Sophia Antipolis Cedex - FRANCEOffice address650 Route des Lucioles - Sophia AntipolisValbonne - FRANCETel.: +33 4 92 94 42 00
Fax: +33 4 93 65 47 16Siret N° 348 623 562 00017 - NAF 742 CAssociation à but non lucratif enregistrée à laSous-Préfecture de Grasse (06) N° 7803/88Internetsecretariat@etsi.frIndividual copies of this ETSI deliverablecan be downloaded fromhttp://www.etsi.orgIf you find errors in the present document, send yourcomment to: editor@etsi.frCopyright NotificationNo part may be reproduced except as authorized by written permission.The copyright and the foregoing restriction extend to reproduction in all media.© European Telecommunications Standards Institute 1999.All rights reserved.SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)3ContentsIntellectual Property Rights.5Foreword.51Scope.62References.73Definitions and abbreviations.83.1Definitions.83.2Abbreviations.104User (LEA) requirements - the administrative interface.104.1Non-disclosure.114.2Identification of the identity to be intercepted.114.3Result of interception.124.3.1Network validity of result of interception.124.3.2Identification of result of interception.124.3.3Format of result of interception.124.3.4Content of result of interception.124.3.5Auditing of result of interception.134.4Location information.134.5Time constraints.134.6Service transparency.144.7LI interface instances.144.8LI interface events.145Description of internal TETRA LI interface.145.1Functional model.145.2Information flow sequences.155.2.1LEA control interactions and information flows.155.2.1.1LI_ACTIVATE_req.165.2.1.2LI_ACTIVATE_conf.165.2.1.3LI_MODIFY_req.165.2.1.4LI_MODIFY_conf.175.2.1.5LI_STATUS_ind.175.2.2Target traffic interactions and information flows.185.2.2.1TARGET_ACTIVITY_MONITOR_ind.185.2.2.2TARGET_COMMS_MONITOR_ind.185.2.2.3T_TRAFFIC_ind.195.2.2.4CT_TRAFFIC_ind.195.3Structural model.195.3.1Block interaction model.195.3.2Process interaction model.216Data provision and encoding.236.1Identification of result of interception.236.2Provision of identities.236.2.1Target.246.2.2Co-target.246.3Provision of details of services used and their associated parameters.246.3.1Circuit mode services (U-plane).246.3.2Data services (C-plane).256.3.2.1Short data (unacknowledged).256.3.2.2Short data (acknowledged).256.3.2.3Specific Connectionless Network Service (SCLNS).266.3.2.4Connection Oriented Network Service (CONS).266.3.2.5Internet Protocol.266.4Provision of those signals emitted by the target invoking additional or modified services.26SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)46.4.1Authentication.266.4.2OTAR.276.4.3Enable/Disable.276.4.4Registration.276.4.5Migration.286.4.6Roaming.286.4.7Supplementary services.286.5Provision of time-stamps for identifying the beginning, end and duration of the connection.286.6Provision of actual destination and intermediate directory numbers if call has been diverted.286.7Provision of the U-plane content of the communication from and to the target.296.8Provision of location information;.296.8.1Mobile users of TETRA.296.8.2Fixed line users of TETRA.306.9System status data.30Annex A (informative):Explanatory diagrams.31A.1General network arrangements.31A.2Service providers.32A.3Service across multiple SwMIs.33A.4Service across international borders.34Annex B (informative):Process behavioural model.35B.1Control process.36B.2Target_monitor process.38B.3Comms_provision process.39B.4SwMI_monitor process.40B.5Inter-Process Communication (IPC).41Annex C (informative):Example encoding of target behaviour.42C.1Call setup from target to TETRA co-target.42C.2Target registration.42Annex D (informative):Interim testing regime.44D.1Overview.44D.2Test Purposes.44Annex E (normative):ASN.1 Data definitions.45E.1Information flows.45E.2Information element definitions.46Bibliography.49History.51SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)5Intellectual Property RightsIPRs essential or potentially essential to the present document may have been declared to ETSI. The informationpertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be foundin SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respectof ETSI standards", which is available free of charge from the ETSI Secretariat. Latest updates are available on theETSI Web server (http://www.etsi.org/ipr).Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guaranteecan be given as to the existence of other IPRs not referenced in SR 000 314 (or the updates on the ETSI Web server)which are, or may be, or may become, essential to the present document.ForewordThis European Standard (Telecommunications series) has been produced by ETSI Project Terrestrial Trunked Radio(TETRA).National transposition datesDate of adoption of this EN:25 June 1999Date of latest announcement of this EN (doa):30 September 1999Date of latest publication of new National Standardor endorsement of this EN (dop/e):31 March 2000Date of withdrawal of any conflicting National Standard (dow):31 March 2000SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)61ScopeThe present document describes the implementation of a Lawful Interception interface in a TETRA system. It providesthe requirements and specification of the interface within a TETRA system for the purpose of providing data to LawEnforcement Agencies (LEAs) in the area of Lawful Interception (LI) of communications.The provision of a Lawful Interception interface for TETRA is a national option, however where it is provided it shallbe provided as described in the present document.The structure of lawful interception in telecommunications is in two parts: The internal interface of a network that isbuilt using a particular technology; and, the external interface (known as the Handover Interface) that links the LEA tothe network. Between these two parts may lie a mediation function to cater for national variances and delivery of theresult of interception.The Handover Interface may be the subject of national regulation and therefore the mediation function may be a matterof national regulation.The subject of the present document is the internal LI interface that lies between the TETRA infrastructure and themediation function.The present document describes the data content of information flows from the TETRA system to the mediationfunction. It does not describe a communications protocol stack but assumes the use of one with entry made at layer 7(application layer). The present document has been written with ROSE as a target layer 7 protocol and with the ASN.1Basic Encoding Rules (BER) as the target layer 6 (presentation) protocol. To facilitate this the data definitions are madewith ASN.1. This method allows configuration of either local or remote mediation functions. The EN does not specifyhow ROSE and BER are used.The present document is structured as follows:· clause 4 outlines the essential requirements for the TETRA LI interface;· clause 5 presents the structural and behavioural models of the LI interface;· clause 6 presents the data model and allocation behaviour in the LI interface.The present document applies to TETRA services where access to the communication of TETRA Subscriber Identities(TSIs) is available in a network (Switching and Management Infrastructure (SwMI) or Radio Packet Data Infrastructure(RPDI)). Whilst this does not prohibit lawful interception of TETRA Direct Mode Operation (DMO) it removes theliability of network operators and service providers to provide a result of interception when communication does notmake use of their networks.The present document describes the normal and exceptional operation in each of the three operational phases of T-LI:1Setup:The actions taken within the TETRA network to establish the monitoring of a target and the communicationspaths to the mediation function.2Monitoring:The monitoring of target activity and its delivery to the mediation function.3Cleardown:The removal of a monitor facility against a target and the cleardown of the communications paths to themediation function.The present document does not describe the means of transporting data from the TETRA network to the LEA, butdescribes only the means of capturing and encoding the activities of a target within the TETRA network and deliveringthis data to the mediation function.The present document does not define the operations or technical requirements of the Handover Interface that takes datafrom the mediation function to the LEMF.SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)7The present document does not define the operations or technical requirements of the Law Enforcement MonitoringFacility (LEMF).NOTE 1:The present document presupposes some familiarity with the operation of TETRA systems and of lawfulinterception.NOTE 2:The present document suggests a barrier to external manipulation of the TETRA infrastructure by meansof a mediation function.NOTE 3:No testpoint is provided in the present document to ensure conformance. This is addressed nationalstandards pending the completion of a common handover interface being developed by ETSI TC SEC-LIin ES 201 671 [8] and to which the present document is provided as input.2ReferencesThe following documents contain provisions which, through reference in this text, constitute provisions of the presentdocument.· References are either specific (identified by date of publication, edition number, version number, etc.) ornon-specific.· For a specific reference, subsequent revisions do not apply.· For a non-specific reference, the latest version applies.· A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the samenumber.[1]Official Journal of the European Communities, 99/C329/01: "Council Resolution of 17 January1995 on the Lawful Interception of Telecommunications".[2]ETR 331: "Security Techniques Advisory Group (STAG); Definition of user requirements forlawful interception of telecommunications; Requirements of the law enforcement agencies".[3]ETS 300 392-1: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 1: Generalnetwork design".[4]ETS 300 392-2: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 2: AirInterface (AI)".[5]ETS 300 392-7: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security".[6]ISO/IEC 8348 (1996): "Information technology - Open Systems Interconnection - Network ServiceDefinition".[7]ISO/IEC 8878 (1992): "Information technology - Telecommunications and information exchangebetween systems - Use of X.25 to provide the OSI Connection-mode Network Service".[8]ES 201 671: "Telecommunications security; Lawful Interception (LI); Handover interface for thelawful interception of telecommunications traffic".SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)83Definitions and abbreviations3.1DefinitionsFor the purposes of the present document, the following terms and definitions apply:call: any connection (fixed or temporary) capable of transferring information between two or more users of atelecommunication system where at least one of the parties to the call(for the purposes of the present document) is a userof a TETRA system.content of communication: information exchanged between two or more users of a telecommunications service whereat least one of the users is accessing the service in a TETRA network whilst a call is established, excluding interceptrelated information. This includes information which may, as part of some TETRA service, be stored by one user forsubsequent retrieval by another.NOTE 1:The user in the above definition may be any addressable entity in the TETRA domain using either aTSI [3] or some other valid network address (undefined).Coordinated Universal Time (UTC): time scale maintained by the Bureau International de l'Heure (International TimeBureau) that forms the basis of a coordinated dissemination of standard frequencies and time signals.NOTE 2:The source of this definition is Recommendation 460-2 of the Consultative Committee on InternationalRadio (CCIR). CCIR has also defined the acronym for Coordinated Universal Time as UTC.co-target: correspondent of the target (i.e. the individual or group address with whom the target is communicating).identity: technical label which may represent the origin or destination of any TETRA traffic, as a rule clearly identifiedby a physical communication identity number (such as a telephone number) or the logical or virtual communicationidentity number (such as a personal number) which the subscriber can assign to a physical access on a case-by-casebasis.intercept related information: collection of information or data associated with TETRA services involving the target,specifically call associated information or data, service associated information or data (e.g. service profile managementby subscriber) and location information.Interception (OR Lawful Interception): action (based on the law), performed by a network operator/service provider,of making available certain information and providing that information to an LEMF.NOTE 3:In the present document the term interception is not used to describe the action of observingcommunications by an LEA.interception interface: physical and logical locations within the network operator’s/service provider’s TETRAfacilities where access to the content of communication and intercept related information is provided. The interceptioninterface is not necessarily a single, fixed point.interception measure: technical measure which facilitates the interception of TETRA traffic pursuant to the relevantnational laws and regulations.interception subject: person or persons, specified in a lawful authorization, whose communications are to beintercepted.Law Enforcement Agency (LEA): organization authorized by a lawful authorization based on a national law to receivethe results of communication interceptions.Law Enforcement Monitoring Facility (LEMF): law enforcement facility designated as the transmission destinationfor the results of interception relating to a particular interception subject.lawful authorization: permission granted to an LEA under certain conditions to intercept specified communication andrequiring co-operation from a network operator/service provider. Typically this refers to a warrant or order issued by alawfully authorized body.SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)9LI interface: physical and logical interface across which the results of interception are delivered from a networkoperator/service provider to a LEMF.NOTE 4:In ETR 331 [2] this interface is termed the handover interface. The term handover is used in TETRAsystems to describe the maintenance of a call when the mobile party moves between cells.location information: information relating to the geographic, physical or logical location of an identity relating to aninterception subject.mediation function: function that lies between the LEA and the TETRA SwMI that translates data from the SwMI foruse by the collection function of the LEA. The mediation function may be resident in the TETRA SwMI and is specifiedby the protocols and data on the interface to the TETRA SwMI (as defined in the present document) and to thecollection function (as defined by the LEA).multi-user gateway: reserved address given to a gateway port that is used only for intermediate call support, e.g. ISDNgateway.Private Mobile Radio (PMR): radio system designed for a closed user group.Public Access Mobile Radio (PAMR): radio system available to members of the general public generally bysubscription. The owner and operator are unlikely to be the same as the user.Public Network Operator (PNO): operator of a public infrastructure which permits the conveyance of signals betweendefined network termination points by wire, by microwave, by optical means or by other electromagnetic means.Quality of Service (QoS): quality specification of a TETRA channel, system, virtual channel, computer-TETRAsession, etc. Quality of service may be measured, for example, in terms of signal-to-noise ratio, bit error rate, messagethroughput rate or call blocking probability.reliability: probability that a system or service will perform in a satisfactory manner for a given period of time whenused under specific operating conditions.result of interception: information relating to a target service, including the content of communication and interceptrelated information, which is passed by a network operator or service provider to an LEA. Intercept related informationmay be provided whether or not call activity is taking place.served user: user receiving the intercepted traffic.service provider: natural or legal person providing one or more public communication services whose provisionconsists wholly or partly in the transmission and routing of signals on a network. A service provider need not necessarilyrun his own network.NOTE 5:To avoid confusion the term TETRA service provider may be used to distinguish the operator of aTETRA system from the service provider in traditional public networks.target: identity associated with a target service (see below) used by the interception subject.Target Group TETRA Subscriber Identity (GTSI): identity associated with a target service (see below) used by theinterception subject where the interception subject is a group.target service: communication service associated with an interception subject and usually specified in a lawfulauthorization for interception.NOTE 6:There may be more than one target service associated with a single interception subject.Target Terminal Equipment Identity (TEI): identity associated with a target service (see above) used by theinterception subject where the interception target is an equipment.telecommunication: any transfer of signs, signals, writing, images, sounds, data or intelligence of any naturetransmitted in whole or in part by a wire, radio, electromagnetic, photo-electronic or photo-optical system.SIST EN 301 040 V2.0.0:2003



ETSIETSI EN 301 040 V2.0.0 (1999-06)103.2AbbreviationsFor the purposes of the present document, the following abbreviations apply:ASSIAssigned Short Subscriber IdentityBERBasic Encoding RulesCCIRConsultative Committee on International RadioCGICell Global IdentificationCONSConnection Oriented Network ServiceDMODirect Mode OperationDSS1Digital Subscriber Signalling System No. oneGTSIGroup TETRA Subscriber IdentityIPInternet ProtocolISDNIntegrated Services Digital NetworkITSIIndividual TETRA Subscriber IdentityLALocation AreaLEALaw Enforcement AgencyLEMFLaw Enforcement Monitoring FacilityLILawful InterceptionLIILawful Interception InterfaceMFMediation FunctionMNIMobile Network IdentityMSMobile StationPAMRPublic Access Mobile RadioPISNPublic I
...