Lawful Interception (LI); Part 1: Internal Network Interface X1 for Lawful Interception

RTS/LI-00176-1

General Information

Status
Published
Publication Date
29-Jul-2019
Technical Committee
Current Stage
12 - Completion
Due Date
08-Aug-2019
Completion Date
30-Jul-2019
Ref Project

Buy Standard

Standard
ETSI TS 103 221-1 V1.5.1 (2019-07) - Lawful Interception (LI); Part 1: Internal Network Interface X1 for Lawful Interception
English language
43 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

ETSI TS 103 221-1 V1.5.1 (2019-07)






TECHNICAL SPECIFICATION
Lawful Interception (LI);
Part 1: Internal Network Interface X1 for Lawful Interception



---------------------- Page: 1 ----------------------
2 ETSI TS 103 221-1 V1.5.1 (2019-07)



Reference
RTS/LI-00176-1
Keywords
interface, lawful interception
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2019.
All rights reserved.

DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 103 221-1 V1.5.1 (2019-07)
Contents
Intellectual Property Rights . 6
Foreword . 6
Modal verbs terminology . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 7
2.2 Informative references . 8
3 Definition of terms, symbols and abbreviations . 8
3.1 Terms . 8
3.2 Symbols . 9
3.3 Abbreviations . 9
4 Overview . 10
4.1 Reference model . 10
4.1.1 Introduction. 10
4.1.2 ADMF deployment model . 10
4.1.3 Triggering deployment model. 11
4.1.4 Mediation function deployment model . 11
4.2 Reference model for X1: requesting and responding . 11
4.3 Overview of security . 12
4.4 Relationship to other standards . 12
4.5 Release management . 13
5 Basic concepts . 13
5.1 The lifecycle of a Task . 13
5.1.1 Start and end of a Task . 13
5.1.2 Identification of a Task . 13
5.1.3 Destinations . 13
5.2 The lifecycle of an X1 request/response . 14
5.2.1 Identification of X1 request/response . 14
5.2.2 Responding to the request . 14
5.2.3 Behaviour if a response is not received . 14
5.3 Warnings and Faults . 14
6 Message Structure and Data Definitions . 15
6.1 X1 Message details . 15
6.2 Message definitions: starting, modifying and stopping tasks . 16
6.2.1 ActivateTask . 16
6.2.1.1 Summary . 16
6.2.1.2 TaskDetails. 16
6.2.2 ModifyTask. 19
6.2.3 DeactivateTask . 19
6.2.4 DeactivateAllTasks . 19
6.3 Message definitions: creating, modifying and removing Destinations . 20
6.3.1 CreateDestination . 20
6.3.1.1 Summary . 20
6.3.1.2 DestinationDetails . 20
6.3.2 ModifyDestination . 21
6.3.3 RemoveDestination . 21
6.3.4 RemoveAllDestinations . 22
6.4 Message details: Getting information from NE . 22
6.4.1 Introduction. 22
6.4.2 GetTaskDetails . 22
6.4.2.1 Summary . 22
6.4.2.2 TaskStatus . 23
6.4.3 GetDestinationDetails . 24
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 103 221-1 V1.5.1 (2019-07)
6.4.3.1 Summary . 24
6.4.3.2 DestinationStatus . 24
6.4.4 GetNEStatus . 24
6.4.4.1 Summary . 24
6.4.5 GetAllDetails . 25
6.4.5.1 Summary . 25
6.4.6 ListAllDetails . 25
6.4.6.1 Summary . 25
6.5 Message details: Reporting issues from the NE . 26
6.5.1 Introduction. 26
6.5.2 ReportTaskIssue on given XID . 26
6.5.2.1 Summary . 26
6.5.2.2 Task report types . 27
6.5.3 ReportDestinationIssue on given DID . 27
6.5.3.1 Summary . 27
6.5.4 ReportNEIssue . 27
6.6 Message details: Pings and Keepalives . 28
6.6.1 Ping . 28
6.6.2 Keepalive . 28
6.7 Protocol error details . 29
7 Transport and Encoding . 30
7.1 Introduction . 30
7.2 Profile A . 31
7.2.1 Encoding . 31
7.2.2 Transport layer . 31
7.2.2.1 HTTPS and HTTP . 31
7.2.2.2 How HTTP is used . 31
7.2.2.3 Profile . 31
8 Security. 32
8.1 Introduction . 32
8.2 Transport Security . 32
8.2.1 Summary . 32
8.2.2 Profile . 32
8.2.3 Key generation, deployment and storage . 32
8.2.4 Authentication . 32
8.3 Additional security measures (beyond transport layer) . 33
Annex A (normative): Requirements . 34
A.1 Basic requirements . 34
A.1.1 Existing standards. 34
A.2 Protocol & Architecture requirements. 34
A.3 Security requirements . 35
A.4 Other requirements . 36
A.4.1 Performance statistics (For Further Study) . 36
A.4.2 Capability detection . 37
A.4.3 Remote triggering . 37
A.4.4 Requirements to be handled by the transport layer . 37
Annex B (normative): Use of extensions . 38
B.1 Introduction . 38
B.2 Extension definitions . 38
Annex C (normative): Using Task Object at Mediation Functions . 39
C.1 Introduction . 39
C.2 TaskDetails . 39
C.2.1 General . 39
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 103 221-1 V1.5.1 (2019-07)
C.2.2 MediationDetails structure . 39
Annex D (informative): Change history . 42
History . 43


ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 103 221-1 V1.5.1 (2019-07)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI).
The present document is part 1 of a multi-part deliverable covering the internal network interfaces for Lawful
Interception, as identified below:
Part 1: "Internal Network interface X1 for Lawful Interception";
Part 2: "Internal Network Interface X2/X3 for Lawful Interception".
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.

ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 103 221-1 V1.5.1 (2019-07)
1 Scope
The present document defines an electronic interface for the exchange of information relating to the establishment and
management of Lawful Interception. Typically, this interface would be used between a central LI administration
function and the network internal interception points.
Typical reference models for LI define an interface between Law Enforcement Agencies (LEAs) and Communication
Service Providers (CSPs), called the handover interface. They also define an internal network interface within the CSP
domain between administration and mediation functions for lawful interception and network internal functions, which
facilitates the interception of communication. This internal network interface typically consists of three sub-interfaces;
administration (called X1), transmission of intercept related information (X2) and transmission of content of
communication (X3). The present document specifies the administration interface X1.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 133 107: "Universal Mobile Telecommunications System (UMTS); LTE; Digital cellular
telecommunications system (Phase 2+) (GSM); 3G security; Lawful interception architecture and
functions (3GPP TS 33.107)".
[2] IETF RFC 4122: "A Universally Unique Identifier (UUID) URN Namespace".
[3] W3C Recommendation 28 October 2004: "XML Schema Part 2: Datatypes Second Edition".
[4] ETSI TS 103 280: "Lawful Interception (LI); Dictionary for common parameters".
[5] Recommendation ITU-T E.212: "The international identification plan for public networks and
subscriptions".
[6] ETSI TS 123 003: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); Numbering, addressing and identification (3GPP
TS 23.003)".
[7] IETF RFC 3261: "SIP: Session Initiation Protocol".
[8] IETF RFC 3966: "The tel URI for Telephone Numbers".
[9] IETF RFC 3508: "H.323 Uniform Resource Locator (URL) Scheme Registration".
[10] IETF RFC 7542: "The Network Access Identifier".
[11] IETF RFC 2865: "Remote Authentication Dial In User Service (RADIUS)".
[12] IETF RFC 2818: "HTTP over TLS".
[13] IETF RFC 7230: "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing".
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TS 103 221-1 V1.5.1 (2019-07)
[14] IETF RFC 5246: "The Transport Layer Security (TLS) Protocol Version 1.2".
NOTE: Obsoleted by IETF RFC 8446.
[15] IETF RFC 6176: "Prohibiting Secure Sockets Layer (SSL) Version 2.0".
[16] IETF RFC 7525: "Recommendations for Secure Use of Transport Layer Security (TLS) and
Datagram Transport Layer Security (DTLS)".
[17] IETF RFC 6125: "Representation and Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of
Transport Layer Security (TLS)".
[18] IETF RFC 4519: "Lightweight Directory Access Protocol (LDAP): Schema for User
Applications".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] OWASP TLS Cheat Sheet.
NOTE: Available at https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet.
[i.2] ETSI TR 103 308: "CYBER; Security baseline regarding LI and RD for NFV and related
platforms".
[i.3] ETSI GS NFV-SEC 009: "Network Functions Virtualisation (NFV); NFV Security; Report on use
cases and technical approaches for multi-layer host administration".
[i.4] ETSI GS NFV-SEC 012: "Network Functions Virtualisation (NFV) Release 3; Security; System
architecture specification for execution of sensitive NFV components".
[i.5] OWASP XML Security Cheat Sheet.
NOTE: Available at https://www.owasp.org/index.php/XML_Security_Cheat_Sheet.
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
destination: point to which IRI and/or CC is delivered by the NE
Destination IDentifier (DID): identifier to uniquely identify a Destination internally to the X1 interface
protocol error: error at the X1 protocol level (rather than any fault with ADMF or NE)
NOTE: In the present document, the term "error" in general refers to a protocol error, whereas issues with
systems not behaving correctly are called "faults".
task: continuous instance of interception at a single NE carried out against a set of target identifiers, identified by an X1
Identifier, starting from an activate command and ending with a deactivate command or terminating fault
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TS 103 221-1 V1.5.1 (2019-07)
terminating fault: fault signalled from NE to ADMF which terminates the specific Task
X1: LI interfaces internal to the CSP for management tasking
X2: LI interfaces internal to the CSP for IRI delivery
X3: LI interfaces internal to the CSP for CC delivery
X1 Identifier (XID): identifier to uniquely identify a Task internally to the X1 interface as well as across related X2
and X3 interfaces
NOTE: The XID is also either associated to only one LIID or can be allowed to be associated to multiple LIIDs.
X1 Transaction ID: identifier used to identify a specific request/response pair
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
ADMF ADMinistration Function
AVP Attribute-Value Pair
CC Content of Communication
CIDR Classless Inter Domain Routing
CSP Communication Service Provider
DID Destination IDentifier
FQDN Full Qualified Domain Name
FTP File Transfer Protocol
GTP-C GPRS Tunnel Protocol (Control plane)
GTP-U GPRS Tunnel Protocol (User plane)
HI Handover Interface
HTML HyperText Markup Language
HTTP HyperText Transfer Protocol
HTTPS HTTP over TLS
IMEI International Mobile Equipment Identity
IMPI IP Multimedia Private Identity
IMPU IP Multimedia PUblic identity
IMSI International Mobile Station Identity
IP Internet Protocol
IRI Intercept Related Information
LEA Law Enforcement Agency
LEMF Law Enforcement Monitoring Facility
LI Lawful Interception
MAC Media Access Control
NAI Network Access Identifier
NAT Network Address Transl
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.