More
    HomeAccessLawful interception for IoT at the network edge

    Lawful interception for IoT at the network edge

    -

    Partner content: The massive diversity of devices connecting to the internet and today’s complex networks present unique challenges to investigators

    The increasing popularity of Internet of Things (IoT) applications and smart devices has led to the coexistence of 4G and 5G networks. Mobile network operators (MNOs) have achieved efficiencies and cost savings by consolidating lawful intercept solutions for each of them.

    These solutions are one of many sources for the increasingly complex task of law enforcement, along with the massive diversity of devices connecting to the internet. The scope of potential information sources for investigations presents unique challenges for lawful intelligence gathering.

    Multiple sectors

    There are consumer, commercial, and industrial usages, among others, for IoT devices, each of which present varied opportunities for useful interception. Even within the consumer sector, IoT applications range from AI assistants and smart-home appliances to safety-critical systems for autonomous driving.

    To provide fast responsiveness across these usages, MNOs place computer processing capabilities close to the point where the data is generated, at the network edge. This is the basis of multi-access edge computing (MEC), a core enabler for IoT.

    In a cloud-enabled network topology, edge network services are dynamically created and eliminated as needed, which complicates interception compared to older, static networks with predictable structures. In addition, data that is created and consumed at the edge is not backhauled to the network core.

    Therefore, interception of this traffic must be accomplished at the edge, which requires responsiveness to the changing network topology on a minute-to-minute basis. SS8 is advancing lawful intelligence tools and capabilities to adapt to these dynamic architectures and their related challenges.

    Self-redefining networks

    The services that perform the workloads of 5G networks – —such as the User Plane Function (UPF) and Virtual Radio Access Network (vRAN) – are based on Virtualized Network Functions (VNFs) that duplicate core network elements in the network edge.

    These virtual functions, which are built to be linked together for more complex functionality, can be instantiated and terminated on demand, at any edge location on the network. SS8 has invested significantly to provide a fully cloud-ready mediation platform based on containerized VNFs (also known as CNFs). This architecture enables the agility to deploy points of interception as needed, with minimal latency.

    When a UPF instance is spun up for packet delivery at a network edge location, for example, the SS8 platform spins up a Communication Content Packet Aggregator (CCPAG). That function provides the X3 interface used to transmit the locally intercepted traffic to a centralized mediation entity, or directly to the requesting agency.

    These dynamic architectures tend to be complex and fast-changing, making software-defined networking, including high-speed discovery and routing-table updates to maintain network performance, instrumental to their functioning.

    Information-centricity

    Information-centric Networking (ICN) can automate network discovery and visibility in dynamically defined networks. For example, if a local breakout with the UPF has been established for interception at the edge and a file cache is created there, ICN services can identify that change to the lawful intelligence apparatus, providing an updated understanding of the local network environment. The SS8 platform draws on this network visibility to deploy cloud-native interception instances as needed, across the dynamic edge.

    Network slicing, another key technology of 5G networks, is the ability to provide differentiated levels of service within a common network. From the network traffic point of view, slicing is a logical network overlay that allows prioritization of traffic by class of service.

    This allows critical flows with low-latency and safety requirements, such as emergency calls, to have high priority. These characteristics of network traffic flows are part of the complete picture needed by the mediation platform.

    Unifying interception for 4G and 5G

    The transition from 4G to 5G networks tends to be gradual and uneven. On one hand, many carriers are delivering 5G services over their 4G cores. On the other hand, many are deploying 4G services using the same distributed, cloud-native architecture used for 5G. ETSI defines CCPAG as a 5G technology, however, which is a significant limitation in a world where MNO networks consist of various combinations of 4G and 5G technologies, including at the network edge.

    SS8 offers our proprietary Xcipio® Content Packet Aggregator (XCPAG) to uniquely extend CCPAG functionality beyond 5G networks to include 4G traffic as well. XCPAG supports interception of both 5G and 4G data while maintaining fidelity with industry standards for CCPAG, allowing it to interoperate with existing CCPAG implementations, across vendors, with a cloud-ready architecture. XCPAG provides the ability to respond to changes in the network topology, including the instantiation of new VNFs, with low latency.

    Spikes in network demand, such as major sporting events, may cause many VNFs to be spun up at a specific network edge site. In addition to discovery and co-placement of XCPAG instances where they are needed, the SS8 platform maintains the security functions and certificates to quickly establish and maintain secure connections with each of these on-demand 4G and 5G network elements, allowing first responders to respond efficiently.

    As more and more IoT devices connect to 4G and 5G networks, Xcipio’s ability to unify basic lawful intelligence capabilities across network generations is essential for public safety.

    About the author, David Anstiss

    David Anstiss is Director of Solution Engineering at SS8 Networks. He has been with SS8 since 2015 and has significant experience in critical network architecture technology and advanced data analytics. He currently works as part of the Technical CTO Group under the leadership of Dr. Cemal Dikmen and is responsible for leading engagement with both intelligence agencies and Communication Service Providers (CSPs) around the world.

    He has been instrumental in helping them transition to 5G, defining system requirements to meet regulatory compliance. As a member of ETSI, he represents SS8 to ensure the adoption of cloud-native infrastructure is met with industry best practices and to guarantee that compliance of lawful interception is maintained. Learn more about David here on his LinkedIn profile.