OTT VoIP

VoIP – Introduction

Voice traffic has been the main telecom service in OTT VOIP since the inception of mobile telephony. It is still relevant and is increasing as well in this day and age of mobile data and IP-based technology.

VoIP Calls can be captured by a Lawful Interception at an ISP and distributed to authorized Lawful Interception. VoIP Interception is a term used to describe when a provider delivers audio over an IP network (such as the internet), by passing the traditional operator’s network completely.

VoIP providers are a growing factor within telecommunications networks, with advances in technology such as smartphones, high-speed IP networks, and open-source platforms all fueling the increase in adoption rates.

VoIP – Lawful Interception

Lawful Interception of VoIP is a complex process with challenges like :

  • Many parties are typically involved in transporting data over the Internet.
  • Target source & destination identities of the information flow are embedded within the overall flow of data.
  • Target & Non-target data are tightly intermingled in the bit flows at numerous points throughout the Internet.
  • The separation of applications and relevant data from the overall data stream.
  • Lack of standards implementations.
  • There are limited network elements which can provide IRI and CC of the target.

Overcoming the above challenges and complying 100% to international standards PertSol offers non- intrusive passive interception approaches for the interception of VoIP calls. Supporting real time fanout of voice calls for LEA’s over SIP or E1.

Our Solution support various type of interception traffic for OTT platforms used IMS domain (IP Multimedia Subsystem):

  • Voice calls (VoIP)
  • Video calls
  • Video conferencing
  • Call forwarding or multi-participant calls
  • SMS
  • Data Flow

The PertSol’s iNtercepter solution support both Mass and Target centric interception of the traffic depending upon the MNO’s network and requirement:

  •  Interception via SBC
  • Interception via Edge routers
Passive Interception

In Passive Interception, PertSol uses its iNteliProbe which functions as an LI Access Point and investigates the tapped traffic data.

PertSol’s iNteliProbe is the state of the art passive probes providing interception support for vast range of protocols, network type, filtering capabilities, metadata analysis etc.

Advance Features:

  • Support for 100Gbps duplex traffic in single probe.
  • Support L2 to L7 network traffic filtering and Analysis.
  • Deep packet inspection (DPI) for traffic to provide InSite info like Apps detail, URL categorization etc.
  • Support more than 10,000 concurrent VoIP calls.
  • Automated re-provisioning for detecting network changes.
  • Stealthily intercept the traffic without revealing its identity.

It requires passive taps at appropriate point like SBC or Edge routers to mirror the complete traffic. LIM Generic functional architectural solution flow for interception:

VoLTE Lawful Interception

VoLTE – Introduction

VoLTE Lawful Interception has been the main telecom service since the inception of mobile telephony. It is still relevant and is increasing as well in this day and age of mobile data and IP-based telecom technology. In Evolved Packet System (EPS), which is completely IP-based technology, delivering voice service can only be realized using either Circuit-Switched Fallback (CSFB) or Voice over LTE (VoLTE).
While CSFB offers voice services to LTE interception users without utilizing IMS by temporarily moving the user from the LTE network to a legacy network i.e. 2G/3G system which can then serve voice calls over a circuit-switched network. Whereas VoLTE is a digital packet voice service that is delivered over IP via an LTE access network utilizing IMS (IP Multimedia Subsystem) technology.

VoLTE: Lawful Interception

Lawful Interception of VoLTE is a complex process as a VoLTE call invokes two systems, i.e. EPC and IMS. Moreover, there are multiple network elements in these two systems that can provide IRI and CC of the target. PertSol offers two different approaches for the interception of VoLTE calls depending upon the MNO’s network and requirements:

i. By Interception of EPC nodes
ii. By Interception of both EPC and IMS nodes

Lawful Interception through EPC Nodes

MNO’s which already has an existing LI solution for its IMS system can use this approach. In this approach, PertSol will provide its LI solution (iNterceptor) which will intercept the EPC traffic (including VoLTE) by integrating with the EPC nodes (Intercept Access Points) like MME, SGW and PGW. It also facilitates the VoLTE interception for inbound roamers using S8HR interception as explained in below section. 

Lawful Interception through EPC & IMS Nodes

PertSol iNterceptor can also be implemented as a combined LI solution for both IMS and LTE network of an MNO. This approach will involve integration with IMS IAPs in addition with the EPC IAPs explained in the first approach.

The IMS access points that will be integrated for VoLTE interception are CSCF, BGF, TAS and MGW.

Lawful Interception: VoLTE Roaming Scenario

VoLTE roaming can be carried out using two ways, as defined in 3GPP specifications:

i. Local Breakout (LBO): Local Breakout mechanism requires the visited network to have an IMS system in its network. In LBO the roaming user is connected to the PDN-GW of the visited network and all the traffic is transported via visited network’s PDN-GW, without using the PDN-GW of home network.

ii. S8 Home Routing (S8HR): S8HR makes use of the home network PDN-GW and does not require the visited network to have an IMS system. The roaming user traffic is to the PDN-GW of home network, via S-GW of visited network, which then forwards it to the IMS network for completing the call.

S8 Home Routing (S8HR) is the preferred VoLTE roaming architecture of most of the mobile network operators as it does not dependent on the IMS system of the visited network. PertSol offers two ways of intercepting VoLTE calls for inbound roamer in S8HR roaming scenario:

i. Active Interception – By using BBIFF functionality of SGW

ii. Passive Interception – By intercepting S8 interface

S8HR Active Interception

PertSol iNterceptor is capable of intercepting the VoLTE calls of inbound roamer by providing LI Mirror IMS State Function (LMISF). For active interception of VoLTE calls, the SGW shall support BBIFF functionality (Bearer Binding Intercept and Forward Function). This approach is as per 3GPP TS 33.107 specifications and the recommendations of GSMA PRD IR.65. It requires implementation of proprietary interfaces Xia / Xib. Moreover this approach can also be extended to 5G with minor changes.

S8HR Active Interception
S8HR Passive Interception

In S8HR Passive Lawful Interception, PertSol uses its iNteliProbe which functions as an LI Access Point and investigates the traffic data tapped from the S8 interface between S-GW of the visited network and PDN-GW of the home network. It requires passive taps at the appropriate point in the VPLMN to duplicate the complete S8 traffic. This approach can also be used for 5G (N9 interface) or 5G Interception.

S8HR Passive Interaction
iNterceptor Benefits

ILD Interception

ILD- Interception
Need of LI for IPLC

ILD Interception is a complete solution that is capable of handling both circuit switch and packet switch traffic from both legacies as well as the latest telecom technologies. Telecom Regulators mandate every service provider to implement a Lawful Interception System to facilitate the interception of all kinds of interfaces over which Leased Line services are provided by the operator based on the criteria defined by Law Enforcement Agencies. Also, as per the License granted to the IPLC provider, it is mandatory for the operator to fulfill the following Lawful Interception: 

The Licensee shall take IPLC from the licensed ILDOs. The interception and monitoring of Resellers circuits shall take place at the Gateway of the ILDO from whom the IPLC has been taken by the Licensee. 

The provisioning for Lawful Interception & Monitoring of the Resellers’ IPLC shall be done by the ILD Operator and the concerned ILDO shall be responsible for Lawful Interception and Monitoring of the traffic passing through the IPLC. The Resellers shall extend all cooperation in respect of interception and monitoring of its IPLC and shall be responsible for the interception results. The Licensee shall be responsible to interact, correspond and liaise with the licensor and security agencies with regard to the security monitoring of the traffic.  

The Licensee shall, before providing an IPLC to the customer, get the details of services/equipment to be connected on both ends of IPLC, including type of terminals, data rate, actual use of circuit, protocols/interface to be used etc. The Resellers shall permit only such type of service/protocol on the IPLC for which the concerned ILDO has capability of interception and monitoring.

Without prejudice to the liability of ILDO, the Licensee shall pass on any direct request placed by security agencies on him for interception of the traffic on their IPLC to the concerned ILDOs within two hours for necessary actions.  

The Licensee shall ensure that necessary provision (hardware/ software) is available in their equipment for doing the Lawful interception and monitoring from a centralized location. 

The Licensee shall provide at its own cost technical facilities for accessing any port of the switching equipment at the HUB for interception of the messages by the designated authorities at a location to be determined by the Licensor.  

iNterceptor: Lawful Interception of IPLC Network

PertSol iNterceptor is a unified Lawful Interception System for network operators and service providers which is fully compliant with international standards and has a proven track record. It is a complete solution that is capable of handling both circuit switch and packet switch traffic from both legacies as well as the latest telecom technologies including PSTN, 2G, 3 G, 4G, 5G, NGN, IMS, IPLC, and others.

The core purpose of iNterceptor is to intercept the traffic and convert intercepted traffic into a format suitable for delivery to National Authorities or Law Enforcement Agencies, over a secure network. It can also retain the intercepted traffic for future use by the LEAs.

PertSol iNterceptor platform along with iNteliProbes intercepts the IPLC traffic using the probes that capture the data and intercept the required information and transmit it towards the LEA through LI Mediator & Management platform situated at the central monitoring location. The mediator server carries out the reconstruction of entire TCP traffic for various protocols including HTTP, Telnet, FTP, POP3, SMTP, NNTP, and many other unencrypted protocols. SSL decoding is also supported wherein private keys are available. iNterceptor solution is designed to change and adapts as per the latest network upgradation and technologies. It protects investments through its modular setup, accommodating network expansion as well as network changes. It can also integrate with existing Lawful Interception Solution incorporating it into a centrally managed unified solution.
Supported Standards & Regulations:
Supported Standards & Regulations'
IPLC - LIMS Architecture
iplc-ims-architecture
Interception Criteria

iNterceptor is capable of intercepting content using the criteria below:

  • MAC Address
  • ATM Address/X25Address (If in network)
  • L2VPNIdentifier
  • Source IP (IPv4, IPv6)
  • Destination IP (IPv4, IPv6)
  • VOIP Identifier
  • Subnet IP Address
  • LL Circuit Number
  • LL Channel Number
  • L3 VPN Identifier
  • TCP Port number & range
  • UDP Port number & range
  • SCTP range
  • Radius, AAA and DHCP username
  • Chat Nickname – For unencrypted traffic if available
  • Email Address (SMTP, POP3, IMAP4)
  • Web mail (To, From, CC)
  • URL Address
  • IM-ID
  • IM Group
  • Keyword (case Insensitive)
  • User Group (i.e. Yahoo user group)
  • Phone number (including VOIP)
  • SIP (URI/Phone/Email)
  • Leased Line (Circuit/Channel Number)
  • MPLS Tag (RD/RT+IP address)
  • STM Link ID
  • Customer Location
  • STM Channel Number

iNterceptor can intercept content using any combination of the above-mentioned criteria which includes boolean condition (AND, OR, NOT etc.). It is also possible to group targets on the basis of the following rules:

Packets originating from or destined to an IP - Sub-network
Packets between two specific IP–Sub-network
Packets originating from a specific IP address (client or server) and port-range
Packets destined to a specific IP address (client or server) and port-range
Supported Traffic for Interception

Our solution discovers and collects data based on IPv4 or Ipv6 internet access. IP access can be static IPv4/IPv6 addresses or subnets, DHCP assigned via MAC address or RADIUS login.

  • ITU-T H.323, H.248, G.711, G.722.2, G.723.1, G.726, G.728, G.729AB
  • SIP + RTP,
  • SIP + SRTP,
  • SIP over TLS + RTP
  • SIP over TLS and SRTP
  • RTP header Compression systems with and without extensions
  • Packetized GSM and Data Traffic over TDM and IP
  • De-multiplexing of voice sent over IP with and without RTP header
  • De-multiplexing of Bundling of Multiplexed IP traffic which contains TCP, UDP, SCTP etc, traffic over fixed ports

Our solution can discover and collect data based on target’s email activity. It supports email based on SMTP, POP3 and IMAP4. The monitored traffic can be all emails or can be specified as target email id like abc@domainname, local name (at any domain), @domainname (any local name on this domain). Targets can be specified as receiver of emails (including CC & BCC) or sender of email or both. Our system collects the email session, the full email and its attachments.

Our solution can also monitor and collect data from webmail. The webmail session is captured and decoded with the information extracted and delivered in RFC822 format (email text, folders, drafts) and byte stream with metadata (attachments).

Some of the supported email protocols are SMTP, POP3, IMAP4, Windows Live Email, QQ mail, Lotus Notes, Thunderbird mail system and other commonly used systems.

Our solution is capable of collecting data for all IM/Chat activity. Options for delivered traffic includes key IM/Chat events, or the full IM/Chat session, including (when possible) advanced features such as audio, video, and file sharing, formatted using RFC 3920/3921 XMPP for IM/Chat text and presence information, video files, summary information, and events.

Our solution can detect and collect based on DNS domain lookups and HTTP/HTTPS traffic based on URL, HTTP header and SSL handshakes. Traffic can be discovered and collected for all web activity or can be specified with targeting information including the client, a website or a specific type of traffic.

Our solution can detect and collect data based on file transfer activity such as FTP, BitTorrent, Gnutella, SMB V1/V2 and others.

Supports fax over IP that use ITU-T T.37, T.38

Our solution can detect and collect encrypted information such as certificates, Public Key, Encryption, Authentication and integrity algorithms, Server Key and Session key information. Some of the encrypted algorithms supported by our system are DES, 3DES, AES-128, AES-256. It also supports SIP over SSL, POP3 over SSL, HTTPS, OpenSSL, Openswan and other encrypted traffic provided their keys are available.

iNterceptor Benefits
  • High Performance Mediation: iNterceptor is capable of handling network with very high throughput requirements. It can handle multiple 100 Gbps links and is capable of selecting required traffic from these links.

  • Integrity Check Mechanism: The integrity check mechanism periodically checks the network elements and if required correct the erroneous states. It will query the network element for the placed intercepts and add missing intercepts, remove invalid intercepts, etc. This mechanism is used to detect and correct both network flaws as well as tampering with the interception solution. In case of correction of an erroneous state, this will be notified to the operator.

  • Extensive Interface Adapters: iNterceptor has a vast range of Input/Output adapters which makes it compatible with all the available access technologies and network equipment of all the major equipment providers.

    By allowing multiple Input and Output Adapters to be combined in one system, iNterceptor can be configured to support any situation, even mixing circuit switched and packet switched technologies in the same system. If required, customerspecific Input or Output adapters can be developed. Because of the true modularity of the iNterceptor, these specifically developed adapters can generally be offered at the same price as a standard license.

    Due to its design philosophy, iNterceptor can support hybrid networks with equipment from different vendors on same server. When networks grow or change, iNterceptor can easily be extended to cater for the growth in traffic volumes or new types of network elements.

  • Compliance: Unified solution for all interception requirements of a service provider which is compliant to international standards like 3GPP, ETSI, ATSI, ANSI, CALEA and others. It also complies with local LI regulations of many countries across the world.

  • Proven Field Record: PertSol’s LI is a proven and mature solution that continues to benefit from functional enhancement and feature evolution. It has been deployed in varied networks, enabling TSPs / Law Enforcement Agencies to benefit.

Lawful Interception

Lawful Interception System

PertSol iNterceptor is a Lawful Interception system unified for network operators and telecom service providers which is fully compliant with international standards and has a proven track record. It is a complete solution that is capable of handling both circuit switch and packet switch traffic from both legacies as well as the latest telecom technologies including 2G,OTT Interception,3G, 4G, 5G, IMS,5G Interception, NGN, PSTN, IPLC, IFMS, PS Interception, DPI Interception etc.

The core purpose of iNterceptor is to intercept the traffic and convert intercepted traffic into a format suitable for delivery to National Authorities or Law Enforcement agencies, over a secure network. It can also retain the intercepted traffic for future use by the LEAs compliant with international standards and has a proven track record.

iNterceptor along with PertSol iNteliProbe forms one of the most comprehensive interception solutions available in the market. PertSol iNteliProbe supports capturing 100% of traffic, decoding the traffic from layer 2 to layer 7, and then either transmittal of interception of data and decoded data to the LEAs or its storage for future use. The probes actively support the capture and reconstruction of all non-encrypted IP, and voice traffic this includes reconstruction and capture of VoIP calls, TDM calls, and IP traffic reconstruction.

iNterceptor Lawful Interception is designed to change and adapts as per the latest network upgradation and technologies. It protects investments through its modular setup, accommodating network expansion as well as network changes. It can also integrate with existing Lawful Interception vendors incorporating it into a centrally managed unified solution.

5G Ready Solutions

PertSol works closely with the leading telecom company, MNOs, network equipment providers, and regulators to evolve its products as per the technology and market trends. In its bid to keep track of the market and latest technology, PertSol has upgraded its product as per the 5G standards released by 3GPP in its Release 15. PertSol iNterceptor has also been upgraded to fulfill lawful interception system requirements for both standalone and non-standalone 5G networks.

Technical Specification:

  • Supported Telecom Network & Services:
    • PSTN, GSM, GPRS, UMTS, CDMA, LTE, VoLTE, 5G
    • XDSL, Cable, IPLC
    • Email (POP3, SMTP, IMAP, Webmail)
    • IPv4 & IPv6
    • VoIP (SIP, RTP, H.323, SCCP)
    • PoC (Push-to-talk over Cellular)
    • SMS, MMS, Voicemail
    • WLAN
    • IoT, M2M

Services Data Voice Video Call
Messenger Chat SMS VoIP Email Social MediaNetworkPSTN4GIMSIMS2G/3G5GNGNBroadband

Multi-Vendor Support

iNterceptor has an extensive list of modules to support direct integration with major versions of network elements. These modules have proven their worth and stability in the field. PertSol maintains an active relationship with these vendors to keep up to date with new versions of the network equipment, verified with an IOT (Interoperability Test) in the vendor lab where possible. iNterceptor supports all the major NEPs of the world like Nokia, Ericsson, Cisco, Brocade, Alcatel Lucent, ZTE, Huawei, Samsung, Juniper, Genband, Comverse, Arris, Nortel, Open wave, Qualcomm, and many more.

Supported Network Interface

    • Ethernet (1GE, 10GE, 40GE)
    • SDH (STM-1)
    • TDM (E1/T1/J1)
    • ATM
    • ISDN
    • SS7 Interfaces

Output & Delivery Format

iNterceptor supports the following output and delivery formats.

Technical Standards
Some of the main LI standards that iNterceptor complies with are mentioned below:

ETSI

    • TS 101 671 (Voice)
    • TS 101 331 (Generic)
    • TS 102 232-1, TS 102 232-2, TS 102 232-3, TS 102 232-4, TS 102 232-5, TS 102 232-6
    • TS 103 120
    • TR 103 690 (e-Warrant)

CALEA

    • J-STD-025A & J-STD-025B
    • T1.724
    • T1.IAS
    • TIA-1066
    • ATIS-10021

3GPP (UMTS/EDGE/GPRS/GSM)

    • TS 33.106
    • TS 33.107
    • TS 33.108
    • TS 33.126
    • TS 33.127
    • TS 33.128

Packet Cable 1.5 & 2.0

    • PKT-SP-EM-I08
    • TS 33.107
    • PKT-SP-ESP1.5
    • PKT-SP-ES-DCI-I01
    • PKT-SP-ES-INF-I02
    • CBIS

iNterceptor: Benefits

iNterceptor is capable of handling networks with very high throughput requirements. It can handle multiple 100 Gbps links and is capable of selecting required traffic from these links. PertSol iNteliProbe has been tested and implemented for traffic up to 40 Gbps per probe. The integrity check mechanism periodically checks the network elements and if required corrects the erroneous states. It will query the network element for the placed intercepts and add missing intercepts, remove invalid intercepts, etc. This mechanism is used to detect and correct both network flaws as well as tampering with the interception solution. In case of correction of an erroneous state, this will be notified to the operator.

iNterceptor has a vast range of Input/Output adapters which makes it compatible with all the available access technologies and network equipment of all the major equipment providers. If required, customer-specific Input or Output adapters can be developed.
iNterceptor allows configuration of multiple Input and Output Adapters to be combined in one system and support any situation like inter-working between different technologies or scaling up to include latest technology. Due to iNterceptor’s modularity, telecom operators can leverage their investment for a longer duration and scale up their network with more flexibility.

Due to its design philosophy, iNterceptor can support hybrid networks with equipment from different vendors on same server. When networks grow or change, iNterceptor can easily be extended to cater for the growth in traffic volumes or new types of network elements. Unified solution for all interception requirements of a service provider which is compliant to international standards like 3GPP, ETSI, ATSI, ANSI, CALEA and others. It also complies with local LI regulations of many countries across the world.

Lawful Interception vendors provide a proven and mature solution that continues to benefit from functional enhancement and feature evolution. It has been deployed in varied networks, enabling TSPs / Law Enforcement Agencies to benefit.

Download Brochure