Lawful Interception Current Projects
Interception of Skype voice traffic
Because it is encrypted and peer-to-peer, Skype presents great challenges to lawful interception.
Given Skype’s peer-to-peer nature and jurisdictional difficulties, the easiest point through which Skype traffic can be intercepted is the user’s ISP.
Fortunately, law enforcement agencies are often only interested in who is talking to whom, rather than in what they are saying Consequently, it may well be sufficient if the ISP provides to the law enforcement agencies information such as source and destination IP addresses about flows it knows to be Skype.
Identifying traffic flows has, in the past usually been based on well known port numbers. However, the effectiveness of this method is rapidly declining as applications using unregistered or random ports, particularly peer-to-peer applications, have proliferated. Differentiating applications by comparing statistical properties such as average packet length and interarrival times provide alternative approaches to identifying the application without the need to rely on port numbers or on inspecting the packet contents. This research involves the feasibility of using machine learning to identify such flows.
Large scale content filter systems
The Australian Government has recently proposed ISP level content filtering as part of its Cyber-safety plan. However, implementing such a scheme based on web content blacklists is unlikely to be successful. Also, there is some evidence that most objectionable content is transmitted via peer-to-peer networks rather than web downloads. This project aims to find more effective and less intrusive ways of filtering such content than those currently being considered.
Interception of mobile users in networks with large numbers of nodes
One of the emerging challenges for LI is in networks with mobile users and large numbers of network nodes. Interception of mobile users in traditional networks such as GSM, GPRS and UMTS has usually involved only a few nodes (the MSC or SGSN) and has been conducted in an environment of considerable security. Typically, even in a large network, only a few nodes need to be informed as to which hosts are to be intercepted. Emerging network technologies, such as Mobile IP, IEEE 802.15.5 (mesh networking) and Mobile Ad-hoc networks (MANets) will be characterised by large numbers of (possibly mobile) network nodes making traditional approaches to LI both much less secure and much more resource hungry; a serious issue in resource constrained devices.
The research issues we are investigating related to these networks are:
- Minimize the number of nodes that need to be loaded with interception information;
- Minimize the interception information to be propagated to each network node;
- Blind interception where the (possibly untrusted) node can provide intercept information without knowing details of the intercept warrant;
- Mobility modelling of individuals on a city-wide scale.
Test IP interception system
As part of the research into this area we have developed a test IP interception system (SPLIT) that we use as a testbed in intercepting IP packets generated by or destined to particular users. This system runs on FreeBSD and is integrated with FreeRADIUS. It provides all the facilities an ISP may require when presented with an interception warrant.