STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.

STAR-GATE for PACKET DATA

Arkady Linshitz

Product Manager

Company Confidential

PRODUCT OVERVIEW

Introduction

Functional Description

GPRS and 3G Solutions

Product Demonstration

ISP Solutions


– Covers both administrative and delivery function;

– Supports multiple networks and switches;

STAR-GATE ARCHITECTURE COMPREHENSIVE SOLUTION


Performs the delivery function of communication surveillance

STAR-GATE MEDIATION DEVICE

• Wide Range of Protocols GTP* FTP TIIT ROSE …

• Multicasting Support 300 MC Up to 5 simultaneous delivery

• Flexible Architecture


GPRS Application Design

X1P X2P X3P

HI1

Target Session Manager

xGSN

MDMD

HI3

MD

Inside

HI2


Assigns targets and oversees system administration, maintenance and security

STAR-GATE SAS (Surveillance Administration Subsystem)


STAR-GATE SAS SINGLE POINT OF ADMINISTRATION

MD MD

SAS


STAR-GATE SOLUTION for GPRS


STAR-GATE SOLUTION for GPRS

Interception Criteria IMSI, MS ISDN, IMEI

Delivery Format HI2

FTP ROSE

HI3 FTP GTP*


STAR-GATE SOLUTION for 3G


STAR-GATE SOLUTION for 3G

Interception Criteria IMSI, MS ISDN, IMEI, (SIP URL)

Location Dependent Interception 1 or more areas in the same 3GMS

Charging Aspects Producing intercept-charging data

Target List Synchronization


3G Pan European networks - The STARGATE solution

CountryAlpha

CountryBeta

CountryGama

STARGATEMD

STARGATESAS

STARGATESAS

STARGATESAS


STAR-GATE SOLUTION for VoIP

New Challenges

Communication Content IP to PCM conversion

Signaling Protocols SIP H.323


3G MD Application Design

X1

HI1

Core Logic

3GMS

MD

VoIP Gateway

X3X2

HI3HI2


WELCOME TO STAR-GATE DEMO


STAR-GATE SOLUTION for ISP


STAR-GATE for ISP - Challenges

Operational challenges:– Target Provisioning– Identification of target traffic– Control and maintenance– High Security

Technological challenges:– Various network topologies – Fast changing architecture– No interference with ISP Service level


STAR-GATE for ISP - Solution

Interception Criteria: E-mail address Username/CLI in RADIUS IP address MAC address

Access Solution based on: LAN Splitter for mirroring Switching hubs for aggregation and filtering PD MD Software


STAR-GATE for ISP - Solution

Delivery Method: FTP Stream based

Delivery Format: TIIT STAR-GATE Tunneling Protocol


ISP Mediation Device S/W Design

HI1

Core LogicMD

HI3

MD

Inside

HI2

Access DeviceNetwork Access

(Interceptor)


Interceptors

RIPE (RADIUS IP Extractor) Keeps in RAM the target list

(Username/CLI) Monitors RADIUS messages Generates HI2 messages to LEMF Activates 3-4 layer switch and IPI based

on extracted IP address Stops 3-4 layer switch and IPI upon logout

event


Interceptors

IPI (IP Interceptor) Gets IP address from RIPE Analyze each packet in real-time Collects packets Forwards to LEMF


Interceptors

SMTPI (SMTP Interceptor) Keeps in RAM the target list (E-mail

address) Monitors SMTP (Port # 25) Checks E-mail address in “RCPT TO” or

“MAIL FROM” Buffers all E-mail (from DATA command

to closing ‘.’) Forwards LEMF


Interceptors

DHCPE (DHCP Extractor) Keeps in RAM the target list (MAC

address) Monitors DHCP Identifies events of IP address assignment Generates HI2 messages to LEMF Updates the system with the new IP

address

Mr.Adams

Mr.AdamsMr.

Adams

Mr.Adams

Mr.Adams

John@

John@

John@

John@John@


The Access DeviceTAP

TX RX

RXTX

TX RX

3-4 Layer Switch

TX RX


Solution Considerations

Coverage Intercepting all targets Intercepting all data Minimize number of intercepted links

Target Identification RADIUS DHCP

Security None intrusive Encryption


The SolutionTAP

TX R X

R XTX

TX R X

3-4 Layer Switch

TX R X

R IPE or D H C PE

IP I

SM TPI

LAN

R outerR outerTo LEA

IPSec Tunnels

SAS


System Security

Access rights: Access to target activation and database is controlled by user rights.

Audit Trail: For user login/logout and target activation/deactivation activities.

Centralized Target List Architecture: GSA is the only LI entity where target list is saved on disk

Passive interception: No indication for on going interception

Encrypted delivery to LEAs: Delivery to LEAs can be encrypted using IP-Sec or TLS.


WHY STAR-GATE

Comprehensive Solution Any Network Any Switch Any Protocol

Unified Administration Center

Open Design and Flexible Architecture


Thank you

STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.

Documents

Transcript of STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.