The Communications Assistance for Law Enforcement Act (CALEA) requires that communications networks provide means to support electronic surveillance of communications traffic. For example, Surveillance is accomplished in a PSTN network because all traffic in a PSTN must flow from a class 5 switch and must flow through the Local Exchange Carrier, with a known origination and destination.
The goals of security services are to provide privacy, packets integrity, authentication, and non-repudiation. Privacy means nobody else is intercepting your packets; packets integrity means the packets have not been modified; authentication means that the person involved in the communication is who claimed to be; and non-repudiation means the message sent and received cannot be denied. Packets can be data, voice, signals, video, image, or in any other format.
CALEA is another term for electronic surveillance. It means that the legal enforcement agent taps into a communication channel to obtain, but not alter, the packets. The FCC enacted CALEA in October 1994. Later in December 1997, the Telecom Industry Association (TIA) developed J-STD-025 (J-Standard) to include wireline, cellular, and broadband Personal Communication Services (PCS) carrier and manufactures. The FCC ruled on Aug. 26, 1999 that packet communications interception is required by Sep. 30, 2001. On Aug. 9, 2004, FCC published a Notice of Proposed Rulemaking (NPRM) wherein wireless, wireline broadband internet access service, and managed VoIP are subject to CALEA. It specifies that wireless, wireline broadband internet access, and managed VoIP are covered within the scope of “Telecommunication Carrier”.
CALEA and security have conflicting objectives. In a secured network, CALEA should not function, and yet, the United States TIA requires service providers for Public Switched Telephone Networks (PSTN) and packet networks to provide means to support CALEA. All PSTNs have been supporting CALEA, but support for CALEA in a Voice over Packet (VoP) network has not been fully implemented because there are still many unresolved issues, discussed below, which exist prior to the present invention.
A security mechanism starts with establishing a Security Association (SA) between two endpoints. Establishment of a SA requires two steps.                (i) The first step is to authenticate both end-points.        (ii) The second step is to exchange security keys for encryption and decryption.        
After an SA is established, both end-points encrypt and decrypt the packets using the security keys. Between the two end-points, there are many other devices in the path. If there is at least one device in the path involved in SA establishment, then the SA is in a “transport” mode. The involved intermediate device is called a Security Gateway (SGW). A SGW has and issues the security keys to encrypt and decrypt packets from both end-points. The end-points do not encrypt or decrypt the packets. Law enforcement has access to the SGW through the service provider's network.
An example of a PSTN CALEA implementation is illustrated in FIGS. 1A and 1B. FIG. 1A is a functional block diagram of a PSTN implemented CALEA architecture. FIG. 1B shows the call flow of the PSTN CALEA model. All call flows are based on SIP. The Law Enforcement Agency (LEA) needs the service provider to provision the network management device and the class 5 switch to cooperate with the Lawful Collection Equipment (LCE). The class 5 switch will direct targeted calls to a specified tandem switch (class 3 or 4 switch) located within the domain of an inter-exchange carrier (IEC). This is true even for the case that both the originator and terminator are on the same class 5 switch. This minimizes the need for modifying every class 5 switch to support CALEA. The tandem switch is the SAP in this circumstance. The PSTN CALEA model is centralized.
The Federal Communications Commission (FCC) also requires that managed Voice Over Packet (VOP), as well as Broadband Internet Access, and Wireless Internet Access, are subject to the Communications Assistance for Law Enforcement Act (CALEA). However, there are no technical guidelines defined by the FCC for implementation of CALEA in these new areas. There is little literature on the implementation of CALEA and many unanswered questions on the feasibility of supporting CALEA in VOP products. CALEA only requires the service provider (SP) to deliver intercepted packets. The SP is not required to provide decryption of the intercepted packets.
Packet network service providers, among others, are required to comply with CALEA and provide means to support electronic surveillance of traffic in their networks. A publication entitled “Packet Cable Electronic Surveillance Specification” has been adopted by the Federal Bureau of Investigation as the governing specification for the required support means.
Compliance with the Packet Cable specification is defined in terms of supporting electronic surveillance via a variety of data interception, delivery and collection functions on networks operating in what is known as “transport mode.” In transport mode, Security Associations (SA) established between at least one type of security gateway (SGW) in a network and either another SGW or an end-user device attached to that network. The SGW is typically a device within a cable modem termination system (CMTS) which performs encryption and decryption of user messages, including creation and storage of the encryption keys facilitating the secure communications between the two points on the network. Compliance with the Cable Packet specification involves enabling the establishment of surveillance links between law enforcement controlled surveillance intercept boxes and the security gateways on the provider's network.
The Packet Cable security specification defines security only in a transport mode, while many broadband VPN's run on a tunnel mode. This presents some new challenges in security for electronic surveillance. Furthermore, the PacketCable Electronic Surveillance Specification defines the security model starting from the Cable Modem Terminal System (CMTS), while many VPN's start encryption at the end devices (PC's or IP phones) that are attached to the Multimedia Terminal Adaptor/Cable Modem (MTA/CM) and tunnel through the CMTS and/or Media Gateway (MG). Only those end devices know the security keys and associated parameters. Secured RTP (SRTP), providing end-to-end encryption for voice, is yet another concern. Not only is encryption/decryption is a challenge, but also it is difficult to intercept the message in some cases, such as in the presence of network address translation NAT.
An example of a VOP packet network is illustrated in FIG. 2. The class 5 switch of a PSTN is roughly equivalent to a Media Gateway (MGW) and a Call Server (CS). There is no central PSTN to provision switching.
Surveillance in VOP can be accomplished in a variety of ways under the specification. For example, as shown in FIG. 3, when the provider is a cable network, the surveillance “delivery function” (DF) of the Packet Cable specification is required to take place within the domain of the service provider's administration (SPA), as an adjunct to the operation of the CMTS, i.e., tapping into the system to create a surveillance access point (SAP) for law enforcement interception of call-identifying information, encrypted packet messages and the provider's encryption keys. This takes place upstream of user-controlled multimedia terminal adaptor and cable modems (MTA/CM) and Media Gateways (MGW).
The surveillance collector function (CF) resides within the domain of the law enforcement agency. The CF collects call transmissions intercepted by the DF and passes them to the law enforcement agency for monitoring and review. The CF is administered and controlled by the Law Enforcement Administrative function within the Law enforcement facility. This model of network provider support for CALEA, among others, is described in detail in the Packet Cable specification. This model works well only when the encryption functions are within the domain of the service provider. Other aspects of the CALEA surveillance model include intercepting call-identifying data through the provider's call management system (CMS) and intercepting call content at the trunk gateway (TGW) for calls redirected to the public switched telephone network (PSTN).
Unfortunately, there is a problem in complying with the specification from the standpoint of evolving technology because transport mode is not the only packet communication mode used in VOP networks. VOP networks also employ “tunnel mode” where messages are encrypted within the end user's domain and simply pass (tunnel) through the provider's gateways and network. This end-to-end tunneling necessitates finding solutions which, while they will not comply exactly with the techniques of the surveillance specification, will comply with the intent of the Act.
Clarifying the packet transmission modes, we have:                (a) TRANSPORT MODE:                    In a transport mode, the SGW can support the CALEA by providing encryption security keys to the CF intercepting box which is operated by the law enforcement agency.                        (b) TUNNEL MODE:                    If no devices, other than the end-user devices, take part in security association establishment, then the SA is running in a tunnel mode. In this case, only the two end-points have the keys for encryption and decryption. The law enforcement agent can still intercept the packets, but they won't be able to decrypt the packets without the security keys. This means that a network operating in a tunnel mode network cannot support CALEA without employing the present invention.                        
Finding solutions for facilitating surveillance of VOP networks operating in tunnel mode presents many challenges. For example, as stated above, in transport mode, the provider-controlled security gateways, which are typically external to the end-user's physically controllable property, typically perform the functions of encryption and decryption for users of the network. These SGW's usually reside within a TGW, facilitating access to the PSTN, or within the CMTS in cable operator networks. The SGWs use provider-controlled encryption keys to encrypt information between connections. Since the security association is established via a service provider's gateways, the provider may configure the gateways such that both the encrypted message and the encryption key may be intercepted at those devices and sent to the law enforcement agency CF boxes whereupon the message may be decrypted and read by the agency.
In contrast however, when a packet network user operates in tunnel mode, encryption and decryption may be performed internal to an end-user's facility, typically at the subscriber's multimedia terminal adaptor or cable modem (MTA/CM), or at a residential enterprise media gateway (MGW) both of which are downstream of the CMTS and reside on customer provided equipment (CPE). Security associations (SA) thus occur external to the service provider's domain. This means that, while the service provider may still enable the law enforcement agency to intercept an encrypted message, it will not have access to the end user's encryption key. Although law enforcement code-breaking may eventually achieve results, a tunnel mode network will not support CALEA in the manner that a transport mode will, as currently provided for in the Packet Cable specification.
In addition to dealing with encryption beginning downstream from a CMTS, when network address translation (NAT) is operating within the end-user's domain, the situation becomes even more complicated. The service provider equipment is not able to determine the particular user within a end-user facility that is sending the packets on the common IP address of the end-user's facility. This is particularly difficult when a large number of users on a LAN are using a common access point to the Internet. This inability to identify an individual user presents an obstacle to law enforcement which may only seek to monitor a single user within an enterprise.
NAT provides a translation of private e-mail addresses (e.g. inside a corporate LAN) into public addresses in situations where an entity's network users outnumber the quantity of public addresses provided to that entity by its service provider (SP). Usually, the NAT function is performed on CPE prior to the message being received by the CMTS. In this case, a law enforcement surveillance access point (SAP) linked to the CMTS would not have the decryption key, and would also not know the internal address of the end-user. In order for the law enforcement agency to be able to decode the entire transmission, it would need not only the encryption key but the algorithm (e-g., SIP, SNTP, FTP, etc.) used to code the translated address.
In summary, Packet Cable Security Specification PKT-SP-SEC-1109-030728 and Packet Cable Electronic Surveillance Specification PKT-SP-ESP4 102-0308 1 5 specify the security model only in a transport mode. These two specifications do not describe how to achieve effective surveillance when the network is operating in tunnel mode.