This session is being led by Manohar Mahavadi, VP of Software Engineering with Centillium Networks. The first observation is that we got handouts of all the slides with note taking space. It makes it a lot easier for me.

Lawful interception is a vey hot topic, Began with the framework of a packet-switched network. Not really addressing new technologies like Ethernet to the home. This is simpl broadband to the Internet (DSL or cable). Skype and GTalk mentioned as examples of VoIP over broadband from the home.

We covered all the equipment involved,from the home router and VoIP phone to the media servers, media gateways and session border controllers. Good setting the stage for what's relly involved in the total traffic flow.

It's probably important to note that the media gateways provide the interfaces between the packet and crcuit networks (Internet and PSTN). They do things like covert VoIP to analog, H323 to ISDN, or IP to ATM or some TDM protocol, then back to IP on the far end.

Both Intrusion Detection Systems and Intrusion Prevention Systems were noted along with firewalls and VPN gateways as security mechanisms.

I've noted a real theme that perception remains H.323 is the common protocol for signaling. It's complex to implment and maintain. SIP is coming on strong and is much simpler to implment, maintain and manage, but it's still gaining momentum. This is the first mention of Media Gateway Control Protocol (MGCP) and MEGACO. Manohar also reviewed RTP and RTCP briefly as data protocols. Having taught these protocols, I was impressed with the quick flyby overview he gave. Kudos for a nice job. He even explained RTP's UDP functionality and how it's used to exchange control information.

While he described his explanation as a very high level, the overview of SIP components, SIP proxies, and the functionality they provide was quite good.

To give a sense of the kind of quality and depth the speakers are bringing here, Manohar also touched on DNS, TFTP, SNMP, DHCP, RSVP, SDP, STUN and TURN as integral VoIP supporting protocols.

Basic security requirements are privacy (more commonly called confidentiality), integrity and authentication.

The threats are famliar ones we see all the time, but Manohar took a great appoach to VoIP service. In VoIP services we're really concerned with some variations on the security theme. CPU resource starvation is a real issue in unified communications services. DoS attacks can have unusual impacts on VoIP, and this is one. Unauthorized access to resources, call interception and hijacking might be accomplished DNS cache poisoning to locate SIP services. ARP sppofing can create problems. Session interception is one problem, but rerouting of calls or message tampering might lso be concerns. Encrypting voice might be a viable strategy for mitigation.

----- OBSERVATION - I spent a number of years teaching telecommunications technologies at the bit level. IP, ATM, Frame Relay, the whole gamut. A good hour talk probably shuoldn';t have more than about 12 slides. 65-80 slides is about all that works for a full day. Manohar's handout has 51 slides. He's doing a great job covering the material, but there is no way to do justice to all this material in the one hour session he's allocated.

I personally would like to have seen the first 32 pulled. The topic of the session didn't really show up until the 33rd slide. I felt we spent too much time reviewing the basics. That could just be me. Since I focus on both security and unified communications, I've got a pretty strong background. The audience was pretty riveted by firewall basics and IDS/IPS overviews. I quit taking notes for a while because I really want the CALEA related sort of information ----- At 2:10 one of the attendees interrupted a deviation off into the viability of VPN scalability and asked if we could get to lawful interception. Skipped a bunch of slides to get to the point.


Set the stage 1968 - Omnibus Crime and Safe Streets Act 1978 - Foreign Intelligence Surveillance Act (FISA) 1986 - Electronic Communications Privacy Act 1994 - Communications Assistance for Law Enforcement (CALEA) 2001 - H.R.3162 - Patriot Act

CALA defines obligations of telecom service providers to assist law enforcement. It regulated the carriers to design and modify systems for electronic surveillance. It's strongly backed by law enforcement and has been broadened to include pussh-to-talk, SMS, chat sessions etc.

PSTN wiretapping is done on a dedicated connection Packet wiretapping is on shared media. Packet routing, addressingm and decentralized services make wiretapping difficult.

We got into lawful information terminology, the LI model for surveillnce, and the functional architecture. Unfortunately, we lost so much time we're flying at Mach 3 now and I can't relly keep up with notes very well.

Nice overview material on intercept access points and how intercept might be achieved, but it's a major development effort.

In VoIP, the likely intercept points for lawful intercept are:
- Media Gateways
- Session Border Controllers
- Access Routers
- Signaling Proxies

I agree with a post from Jon Arnold recently about the light used of SBC's. They don't seem to be gaining traciton like expected. My sense is that media gateways abd signaling proxies are going to wind up as the intercept points for VoIP service providers. ISPs, cable companies and others are probably going to focus more on access routers, but scaling intercept to address the thousands and thousands of access routers on the Internet is an exercise in futility in my view. They are far more in number and far more dynamic that PSTN central office switches.

Manohar expects to see strong regulation by next year, but noted that the IETF isn't terribly thrilled with any legislated efforts.

The session ran quite a bit overtime because we were slowed in progress. I'll try to cycle through the notes and write something useful up after I'm back home and have some time to dig into this further.