star-gate for packet data arkady linshitz product manager
TRANSCRIPT
STAR-GATE for PACKET DATA
Arkady Linshitz
Product Manager
Company Confidential
PRODUCT OVERVIEW
Introduction
Functional Description
GPRS and 3G Solutions
Product Demonstration
ISP Solutions
Company Confidential
– Covers both administrative and delivery function;
– Supports multiple networks and switches;
STAR-GATE ARCHITECTURE COMPREHENSIVE SOLUTION
Company Confidential
Performs the delivery function of communication surveillance
STAR-GATE MEDIATION DEVICE
• Wide Range of Protocols GTP* FTP TIIT ROSE …
• Multicasting Support 300 MC Up to 5 simultaneous delivery
• Flexible Architecture
Company Confidential
GPRS Application Design
X1P X2P X3P
HI1
Target Session Manager
xGSN
MDMD
HI3
MD
Inside
HI2
Company Confidential
Assigns targets and oversees system administration, maintenance and security
STAR-GATE SAS (Surveillance Administration Subsystem)
Company Confidential
STAR-GATE SAS SINGLE POINT OF ADMINISTRATION
MD MD
SAS
Company Confidential
STAR-GATE SOLUTION for GPRS
Company Confidential
STAR-GATE SOLUTION for GPRS
Interception Criteria IMSI, MS ISDN, IMEI
Delivery Format HI2
FTP ROSE
HI3 FTP GTP*
Company Confidential
STAR-GATE SOLUTION for 3G
Company Confidential
STAR-GATE SOLUTION for 3G
Interception Criteria IMSI, MS ISDN, IMEI, (SIP URL)
Location Dependent Interception 1 or more areas in the same 3GMS
Charging Aspects Producing intercept-charging data
Target List Synchronization
Company Confidential
3G Pan European networks - The STARGATE solution
CountryAlpha
CountryBeta
CountryGama
STARGATEMD
STARGATESAS
STARGATESAS
STARGATESAS
Company Confidential
STAR-GATE SOLUTION for VoIP
New Challenges
Communication Content IP to PCM conversion
Signaling Protocols SIP H.323
Company Confidential
3G MD Application Design
X1
HI1
Core Logic
3GMS
MD
VoIP Gateway
X3X2
HI3HI2
Company Confidential
WELCOME TO STAR-GATE DEMO
Company Confidential
STAR-GATE SOLUTION for ISP
Company Confidential
STAR-GATE for ISP - Challenges
Operational challenges:– Target Provisioning– Identification of target traffic– Control and maintenance– High Security
Technological challenges:– Various network topologies – Fast changing architecture– No interference with ISP Service level
Company Confidential
STAR-GATE for ISP - Solution
Interception Criteria: E-mail address Username/CLI in RADIUS IP address MAC address
Access Solution based on: LAN Splitter for mirroring Switching hubs for aggregation and filtering PD MD Software
Company Confidential
STAR-GATE for ISP - Solution
Delivery Method: FTP Stream based
Delivery Format: TIIT STAR-GATE Tunneling Protocol
Company Confidential
ISP Mediation Device S/W Design
HI1
Core LogicMD
HI3
MD
Inside
HI2
Access DeviceNetwork Access
(Interceptor)
Company Confidential
Interceptors
RIPE (RADIUS IP Extractor) Keeps in RAM the target list
(Username/CLI) Monitors RADIUS messages Generates HI2 messages to LEMF Activates 3-4 layer switch and IPI based
on extracted IP address Stops 3-4 layer switch and IPI upon logout
event
Company Confidential
Interceptors
IPI (IP Interceptor) Gets IP address from RIPE Analyze each packet in real-time Collects packets Forwards to LEMF
Company Confidential
Interceptors
SMTPI (SMTP Interceptor) Keeps in RAM the target list (E-mail
address) Monitors SMTP (Port # 25) Checks E-mail address in “RCPT TO” or
“MAIL FROM” Buffers all E-mail (from DATA command
to closing ‘.’) Forwards LEMF
Company Confidential
Interceptors
DHCPE (DHCP Extractor) Keeps in RAM the target list (MAC
address) Monitors DHCP Identifies events of IP address assignment Generates HI2 messages to LEMF Updates the system with the new IP
address
Mr.Adams
Mr.AdamsMr.
Adams
Mr.Adams
Mr.Adams
Mr.Adams
Mr.Adams
John@
John@
John@
John@John@
Company Confidential
The Access DeviceTAP
TX RX
RXTX
TX RX
3-4 Layer Switch
TX RX
Company Confidential
Solution Considerations
Coverage Intercepting all targets Intercepting all data Minimize number of intercepted links
Target Identification RADIUS DHCP
Security None intrusive Encryption
Company Confidential
The SolutionTAP
TX R X
R XTX
TX R X
3-4 Layer Switch
TX R X
R IPE or D H C PE
IP I
SM TPI
LAN
R outerR outerTo LEA
IPSec Tunnels
SAS
Company Confidential
System Security
Access rights: Access to target activation and database is controlled by user rights.
Audit Trail: For user login/logout and target activation/deactivation activities.
Centralized Target List Architecture: GSA is the only LI entity where target list is saved on disk
Passive interception: No indication for on going interception
Encrypted delivery to LEAs: Delivery to LEAs can be encrypted using IP-Sec or TLS.
Company Confidential
WHY STAR-GATE
Comprehensive Solution Any Network Any Switch Any Protocol
Unified Administration Center
Open Design and Flexible Architecture
Company Confidential
Thank you