Institut Luxembourgeois de Régulation

Règlement 14/184/ILR du 15 décembre 2014
relatif aux spécifications techniques pour l’interception des communications électroniques
au Luxembourg

Secteur Communications électroniques

La Direction de l’Institut Luxembourgeois de Régulation,

Vu la loi du 27 février 2011 sur les réseaux et les services de communications électroniques (ci-après «la loi de 2011») et notamment son article 4;

Vu la loi modifiée du 30 mai 2005 concernant la protection de la vie privée dans le secteur des communications électroniques et notamment son article 5;

Vu la consultation publique nationale du 3 juin 2014 au 3 juillet 2014 concernant le projet de règlement relatif aux spécifications techniques pour l’interception des communications électroniques au Luxembourg;

Vu les réponses à la consultation publique susvisée;

Arrête:

Titre I:

Champ d’application et définitions

Art. 1er.

Le présent règlement a pour objectif de définir le format et les modalités de mise à disposition des données techniques et des équipements afin de permettre aux autorités compétentes en la matière l’accomplissement de leurs missions légales de surveillance des communications. Sont notamment visées les mises à disposition de toutes formes de communications interceptées et des données y afférentes en vertu des articles 67-1, 88-1 à 88-4 du Code d’instruction criminelle.

Art. 2.

Au sens du présent règlement, on entend par:

(1)autorisation légale: décision prise conformément aux articles 67-1, 88-1 à 88-4 du Code d’instruction criminelle et ordonnant une mesure de surveillance;
(2)autorité légale: les autorités judiciaires agissant conformément aux articles 67-1, 88-1 et 88-2 du Code d’instruction criminelle et les autorités publiques agissant dans le cadre des articles 88-3 et 88-4 du Code d’instruction criminelle;
(3)cible: personne physique ou morale à l’encontre de laquelle la mesure de surveillance est ordonnée;
(4)communication interceptée: communication faite moyennant un réseau ou service de communication électronique et faisant l’objet d’une mesure d’interception;
(5)mesure d’interception: mesure de surveillance appliquée à l’égard des communications faites par une cible aux fins d’accéder à tout contenu, y compris les données afférentes, ainsi qu’à toute information relative aux communications en question;
(6)mesure de surveillance: mesure ordonnée en application des articles 67-1, 88-1 à 88-4 du Code d’instruction criminelle;
(7)exploitant: opérateur ou toute entreprise notifiée conformément à la loi du 27 février 2011 sur les réseaux et les services de communications électroniques;
(8)service-cible: un réseau de communication public ou un service de communications électroniques visés par une mesure de surveillance.

Titre II:

Mise à disposition des communications surveillées

Art. 3.

Dans le respect de l’autorisation légale, la mise à disposition par l’exploitant des données de la mesure d’interception à l’autorité légale concernée, en ce compris la communication interceptée, doit se faire en temps réel. La forme dans laquelle les données doivent être transmises et les modalités techniques de la transmission, sont définies dans les spécifications techniques nationales (Lawful interception of electronic communications: National Specifications for Luxembourg) qui se trouvent en annexe du présent règlement et en font partie intégrante.

Art. 4.

Dès la notification de l’autorisation légale à l’exploitant, celui-ci s’efforce à mettre en œuvre incessamment les mesures d’interception ordonnées sans que cette mise en œuvre ne puisse dépasser les délais maxima suivants:

Circonstances

Délai maximum

opération de routine

l’autorisation légale est notifiée pendant les heures de bureau

4 heures

opération urgente

l’autorisation légale est notifiée pendant les heures de bureau

30 minutes

opération urgente

l’autorisation légale est notifiée en dehors des heures de bureau

2 heures

Art. 5.

(1)

Au cas où un exploitant utilise des procédés de codage, de compression ou de chiffrement, les informations interceptées sont à délivrer aux autorités légales en clair.

(2)

Au cas où un exploitant modifie le contenu d’une communication, il est également tenu à le reconvertir dans sa forme initiale avant de le transférer à l’autorité légale effectuant la mesure d’interception.

(3)

Au cas où la cible modifie le contenu d’une communication par chiffrement ou codage ou en lui administrant tout autre traitement de chiffrement, l’exploitant devra offrir tout le support possible aux autorités légales pour faciliter l’anéantissement de ce genre de chiffrement.

Titre III:

Mesures de sécurité

Art. 6.

(1)

Le dispositif d’interception de communications ne doit en aucun cas modifier la prestation du service-cible ni fournir une indication à un utilisateur de celui-ci qu’une mesure d’interception est en cours.

(2)

L’exploitant doit tenir un registre de toutes activités liées aux mesures d’interception. Ce registre doit contenir les informations suivantes pour chaque opération (initialisation d’une mesure d’interception, prolongation, clôture d’une mesure d’interception, etc.):

a)l’identité de la personne autorisée ayant effectué l’opération;
b)référence(s) du service ayant fait l’objet de l’opération;
c)genre d’opération effectuée;
d)date et heure de l’opération.

(3)

Un contrôle du registre par l’autorité légale concernée doit être accordé à tout moment.

(4)

L’exploitant est tenu de protéger de façon adéquate les informations relatives aux mesures d’interception et aux équipements utilisés et de ne les divulguer à quiconque d’autre que les personnes autorisées mentionnées ci-dessus sans que l’autorisation écrite ne soit transmise préalablement par l’autorité légale concernée.

(5)

Tout accès non autorisé réel ou tenté pour obtenir des informations sur les mesures d’interception et sur les équipements utilisés est à signaler à l’autorité légale concernée.

Titre IV:

Dispositif d’interception

Art. 7.

(1)

Le dispositif d’interception utilisé dans le cadre des mesures d’interception doit pouvoir permettre l’interception simultanée d’une même cible par plusieurs autorités légales différentes et ceci pour tous les services-cibles.

(2)

Les mesures d’interception des différentes autorités légales doivent rester séparées de façon à éviter que les cibles de l’une des autorités légales ne soient divulguées à une autre.

Art. 8.

La fiabilité et la qualité de service d’un dispositif d’interception doivent au moins être égales à la fiabilité et la qualité de service du service-cible.

Titre V:

Dispositions diverses

Art. 9.

(2)

Une prorogation de douze mois du délai visé au paragraphe (1) peut être accordée par l’Institut pour des services de faible importance sur le marché des communications électroniques. A cette fin, l’exploitant introduit auprès de l’Institut une demande écrite, documentant la faible importance du service visé sur le marché des communications électroniques.

(3)

Une prorogation accordée conformément au paragraphe (2) peut être renouvelée à l’issue de douze mois, lorsque les services de communications électroniques concernés sont de moindre importance sur le marché des communications électroniques, lorsque leur importance sur le marché des communications électroniques est en déclin rapide et définitif ou lorsque les équipements respectifs approchent à la fin de leur cycle de vie.

(4)

L’importance sur le marché des communications électroniques d’un service, telle que visée aux paragraphes (2) et (3) s’apprécie notamment par le nombre d’utilisateurs, le chiffre d’affaires et la pertinence du service pour les autorités légales.

(5)

Avant toute décision d’accorder une prorogation, la demande de l’exploitant est transmise par l’Institut aux autorités légales pour avis. La décision est notifiée par l’Institut au demandeur et aux autorités légales.

Titre VI:

Dispositions abrogatoires et finales

Art. 10.

Le règlement 08/134/ILR du 1er décembre 2008 relatif aux spécifications techniques pour l’interception des communications électroniques au Luxembourg est abrogé.

Art. 11.

Le présent règlement sera publié au Mémorial et sur le site Internet de l’Institut. L’annexe au présent règlement sera publiée au Recueil des Annexes du Mémorial.

La Direction

(s.) Paul Schuh

(s.) Jacques Prost

(s.) Camille Hierzig

ANNEXE

Règlement 14/184/ILR du 15 décembre 2014 relatif aux
spécifications techniques pour l’interception des
communications électroniques au Luxembourg

Lawful interception
of electronic communications :

National Specifications for
Luxembourg

Table of contents

1 INTRODUCTION

3

2 SCOPE

3

3 BASIS OF THIS SPECIFICATION

4

4 LIST OF ABBREVIATIONS

5

5 OPTIONS THAT ARE CHOSEN AND AMENDMENTS

6

5.1 RE [1] (TS 101 671)

6

5.1.1 Re [1], General section

6

5.1.2 Re [1], Annex A circuit-switched network handover

7

5.1.3Re [1], Annex C HI2 delivery mechanisms and procedures

7

5.1.4Re [1], Annex D Structure of data at the handover interface

8

5.1.5 Re [1], Annex E Use of subaddress and calling party number to carry correlation information

8

5.1.6Re [1], Annex F GPRS HI3 interface (includes 3GPP as referenced in [1])

8

5.1.7Re [1], Annex D.5 ASN.1 - description of IRI (HI2)

8

5.2 RE [2] (TS 133 108)

10

5.2.1 Re[2], General section

10

5.2.2 Re [2], Annex A HI2 delivery mechanisms and procedures

11

5.2.3 Re [2], Annex C UMTS HI3 interface

11

5.2.4 Re [2], Annex J Use of subaddress and calling party number to carry correlation information

11

5.2.5 Re [2], Annex B ASN.1-description

12

5.3 RE [3] (TS 102 232-1)

13

5.3.1 Re [3], General Section

13

5.3.2 Supplements to [3], Annex A ASN.1 syntax trees

14

5.4 RE [4], [5], [6], [7] (TS 102 232 – 2…5)

15

5.4.1 Re [4], [5], [6], [7]; General Section

15

5.4.2 Supplements to [4], [5], [6], [7]; ASN.1 definitions

15

5.5 RE [8] (TS 102 232 – 6)

15

5.5.1 Re [8]; General Section

15

5.5.2 Supplements to [8]; ASN.1 definitions

15

5.6 RE [9] (TS 102 232 – 7)

15

5.6.1 Re [9]; General Section

15

5.6.2Supplements to [9]; ASN.1 definitions

15

6 TECHNICAL PROVISIONS

17

6.1 ISDN BASED TRANSMISSION

17

6.2 IP BASED TRANSMISSION

17

ANNEX A: NATIONAL HI2-ASN.1 PARAMETERS

18

1 Introduction

These specifications describe the technical implementation of lawful interception of telecommunications in Luxembourg. Implementation is carried out on the basis of the relevant ETSI specification (refer to 3); this document describes the options and amendments that have been defined for Luxembourg.

2 Scope

This document is written in English and will be provided to the NWO/AP/SvP upon request. It applies to any Network Operator, Access Provider or Service Provider (NWO/AP/SvP) in the Grand Duchy of Luxembourg that is obligated to comply in lawful interception.

3 Basis of this specification

This document includes the ETSI documents listed below, which are applicable in the version noted as follows or in later versions, and are to be observed.

[1]

ETSI TS 101 671

V3.12.1

(2013-11):

Lawful Interception (LI); Handover Interface for the lawful interception of telecommunications traffic

[2]

ETSI TS 133 108

V11.4.0

(2012-10):

Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Handover interface for Lawful Interception (LI)

[3]

ETSI TS 102 232-1

V3.5.1

(2013-10):

Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery

[4]

ETSI TS 102 232-2

V3.6.1

(2013-10):

Part 2: Service specific details for messaging services

[5]

ETSI TS 102 232-3

V3.3.1

(2013-10):

Part 3: Service specific details for internet access services

[6]

ETSI TS 102 232-4

V3.1.1

(2012-02):

Part 4: Service specific details for Layer 2 services

[7]

ETSI TS 102 232-5

V3.2.1

(2012-06):

Part 5: Service specific details for IP Multi Media services

[8]

ETSI TS 102 232-6

V3.2.1

(2013-07):

Part 6: Service specific details for PSTN/ISDN services

[9]

ETSI TS 102 232-7

V3.2.1

(2013-07):

Part 7: Service specific details for Mobile Packet Services

If existing the chosen options and national amendments to these ETSI documents are listed in the following chapters. If no options or amendments are existing for a document, then it is applicable without change in the version specified above or a later version.

4 List of abbreviations

Abbreviation

Description

3GPP

3rd Generation Partnership Project

AP

Access Provider

ASN.1

Abstract Syntax Notation One

CC

Content of Communication

CCLID

CC Link IDentifier

CUG

Closed User Group

DSL

Digital Subscriber Line

ETSI

European Telecommunications Standards Institute

FTP

File Transfer Protocol

GGSN

Gateway GPRS Support Node

GLIC

GPRS LI Corellation

GPRS

General Packet Radio Service

GSM

Global System for Mobile communications

HI 1

Handover Interface 1

HI 2

Handover Interface 2

HI 3

Handover Interface 3

ID

Identifier

IPSec

Internet Protocol Security

IRI

Intercept Related Information

ISDN

Integrated Services Digital Network

LEA

Law Enforcement Agency

LEMF

Law Enforcement Monitoring Facility

LI

Lawful Interception

LIID

Lawful Interception Identifier

NEID

Network Element Identifier

NID

Network Identifier

NWO

Network Operator

ROSE

Remote Operation Service Element

RTP

Real-Time Transport Protocol

SGSN

Serving GPRS Support Node

SMS

Short Message Service

SSD

Service-Specific Details

SvP

Service Provider

TCP

Transmission Control Protocol

TS

Technical Specification

UDP

User Datagram Protocol

ULIC

UMTS LI Corellation

UMTS

Universal Mobile Telecommunication System

UPS

Uninterruptible power supply

UUS

User to User Signalling

VPN

Virtual Private Network

5 Options that are chosen and amendments

5.1 Re [1] (TS 101 671)

Options that can be chosen in each country and amendments to [1] are listed in this chapter

5.1.1 Re [1], General section

Re. Section

Reference / Description

National provision / extension

5.1

Handover interface 1 (HI1)

Design, electronic or manual

The HI1 interface will remain manual. If a legal basis is created for electronic implementation of the HI1 interface, this will be introduced at a later stage.

Exception: LI Management Notifications (LI BEGIN, LI MODIFY, LI END, ALARM) must be sent via the electronic HI2 interface (pls. refer to [1], D.4).

5.2

Handover Interface port 2 (HI2)

The IRI records are transmitted individually.

6.1

Lawful Interception Identifier (LIID)

The LIID is defined by the LEA and the NWO/AP/SvP is notified.

6.2.1

Network IDentifier (NID)

The NID consists of the Operator ID and Network Element Identifier (NEID).

The Operator ID consists of up to five characters; the nomenclature is defined and updated by the LEA.

The NEID is 1-25 characters long, as defined in [1].

7.2

LI notifications towards the LEMF

LI Management Notifications (LI BEGIN, LI MODIFY, LI END, ALARM) must be sent via the electronic HI2 interface (pls. refer to [1], D.4).

8.1

Data transmission protocols (HI2)

Only FTP is to be used, there are no plans to use ROSE.

9

HI3: Interface port for Content of Communication

The Content of Communication (CC) must be presented as a transparent en-clair copy, if the encryption is managed by the network. Encryption not managed by the network, e.g. user provided end-to-end encryption, has not to be removed by the network.

10.1

Timing

If IRI cannot be transmitted, they must be buffered by the NWO/AP/SvP.

Minimum buffer time: 3 days

11

Security aspects

ISDN transmission: An ISDN CUG or an alternative secure transmission channel (closed user group) is to be formed in accordance with the LEA.

IP-based transmission: A VPN including IPSec encryption will be set up between the NWO/AP/SvPs obliged to provide for intercepts and the LEAs, refer to explanations in chapter 6.2 of this document.

12

Quantitative aspects

The following figures can be used as a basis for dimensioning the technical equipment installed at the NWO/AP/SvPs:

50 targets for the first 10000 subscribers
an additional 20 targets for each further 10000 subscribers started

(e.g.: NWO with 76000 subscribers shall be able to set up at least 50+7*20= 190 targets)

5.1.2 Re [1], Annex A circuit-switched network handover

re. Section

Reference / Description

National provision / extension

A.1.1

CC Link IDentifier (CCLID)

As the option B (A.5.4.2) has been specified in A.5.4, the CCLID has to be set by the NWO/AP/SvP.

A.1.3

Usage of Identifiers

As option B (A.5.4.2) has been specified in A.5.4, the rules according to table A.1.1, right side, apply.

A.3.2

Structure of IRI records

Only IRI conforming to ASN.1-description are permissible.

A.3.2.1

Control information for HI2,

5) date and time

Date and time are to be transmitted as local time.

A.4

HI3: Interface port for Content of Communication

The Content of Communication (CC) must be presented as a transparent en-clair copy, if the encryption is managed by the network. Encryption not managed by the network, e.g. user provided end-to-end encryption, has not to be removed by the network.

A.4.1

Delivery of content of communication (CC)

Use of UUS1 has been specified. In order to enable sub-addressing as fall-back the LIID for circuit switched intercepts are implemented solely by number (LIID is set by LEA)

A.4.2

Delivery of packetized content of communication (CC)

Transmission of text messages (SMS) and UUS is only via the HI2 interface.

A.4.4.1

Failure of CC links

The NWO/AP/SvP has to make at least three attempts at an interval of five seconds.

A.4.4.2

Fault reporting

Error messages must be transmitted over HI2 in accordance with Annex D.4, if the system used by the NWO/AP/SvP supports this functionality.

A.4.5

Security requirements at the HI3 interface port

Refer to 5.1.1, re. 11. Security Aspects

A.5.4

Multi party calls - general principles, options A, B

Option B is used.

A.6.4.1

Explicit call transfer, CC link

Option 2.) has been specified, transferred calls are not intercepted.

A.6.22

User-to-User signalling (UUS)

Transmission via HI2 has been specified, also refer to A.4.2.

A.8.3

HI3 (delivery of CC)

Correlation information is transmitted in conformance with 5.1.2, sec. A.4.1.

5.1.3 Re [1], Annex C HI2 delivery mechanisms and procedures

re. Section

Reference / Description

National provision / extension

C

ROSE or FTP

Only FTP is to be used, there are no plans to use ROSE.

C2.2

Usage of FTP

Method B is to be used.

5.1.4 Re [1], Annex D Structure of data at the handover interface

re. Section

Reference / Description

National provision / extension

D

ASN.1 object tree

Additional national parameters will be established, refer to Annex A for the definition.

5.1.5 Re [1], Annex E Use of subaddress and calling party number to carry correlation information

re. Section

Reference / Description

National provision / extension

E.2

Subaddress options

According to Table E.2.1 in [1], the default value for
Type of subaddress is “user specified”.

E.3.2

Field order and layout

To distinguish between "old" transmission and transmission in accordance with this specification, the octets 16-23 are allocated as follows:

If ‘old’ transmission: no entry

If transmitting according to this specification:

"Xa.bb.cc"

X: E for ETSI

a: main version TS101 671

bb: technical version

cc: editorial version

(Example: E3.12.01 for TS 101 671 V3.12.1)

5.1.6 Re [1], Annex F GPRS HI3 interface (includes 3GPP as referenced in [1])

re. Section

Reference / Description

National provision / extension

F.1

Functional architecture

GGSN and SGSN interception are to be set as standard in order to obtain a maximum of information. If for technical reasons only one kind of interception is possible, then SGSN interception is to be set up.

F.3

HI3 Delivery of Content of Communication (CC)

Transmission by GLIC/TCP or FTP/TCP is allowed, GLIC/UDP is not allowed.

F.3.2.2

Usage of FTP

Method B is to be used

F.3.2.2

Usage of FTP

The following triggers have been specified:

send timeout = 10s

volume trigger = 10 MByte

5.1.7 Re [1], Annex D.5 ASN.1 - description of IRI (HI2)

All parameters described in the ASN.1 Notation MUST be transmitted, even if they have been marked as optional, insofar as they are available with regard to the respective message.

ASN.1- Reference

Reference / Description

National provision / Extension

04022.1.10

Location

In case of a mobile connection, the following parameters must be set:

-globalCellID
-gsmlocation or umtslocation or

ePSlocationOfTheTarget

04022.1.10

Location/gsm Location/
GeoCoordinates

The AZIMUTH value must be set except in the case of an omni-directional antenna (360° antenna).

04022.1.10

National HI2-ASN1parameters/
LuxParameters

National parameters have been defined in addition to the ASN.1 Description in [1]: the description can be found in Annex A.

04022.1.10

partyinformation

An individual partyinformation must be sent for EACH party involved in a communication.

04022.1.10

partyinformation/partyidentity

All existing parameters must be set, depending on the means of communication used.

5.2 Re [2] (TS 133 108)

The options that can be chosen in each country and amendments to [2] are listed in this chapter.

5.2.1 Re[2], General section

re. Section

Reference / Description

National provision / extension

4.5

HI2: Interface port for intercept related information

If it is not possible to transmit the IRI, they must be buffered by the NWO/AP/SvP.

Minimum buffer time: 3 days

4.5.1

Data transmission protocols (HI2)

Only FTP is to be used, there are no plans to use ROSE.

5.1.2.1

Network IDentifier (NID)

The NID consists of the Operator ID and Network Element Identifier (NEID).

The Operator ID consists of up to five characters; the nomenclature is defined and updated by the LEA.

The NEID is 1-25 characters long, as defined in [1].

5.2.2.1

Control information for HI2,

5) Date and Time

Date and time are to be transmitted as local time.

5.3.1

Delivery of content of Communication (CC)

Use of UUS1 has been specified. In order to enable sub-addressing as fall-back the LIID for circuit switched intercepts are implemented solely by number (LIID is set by LEA)

5.3.3

Security requirements at the interface port of HI3

ISDN transmission: An ISDN CUG or an alternative secure transmission channel (closed user group) is to be formed in accordance with the LEA.

5.4.4

Multi party calls - general principles, options A, B

Option B is chosen.

5.5.4.1

Explicit call transfer, CC link

Option 2.) has been specified, transferred calls are not intercepted.

5.5.1.5

User-to-User signalling (UUS)

Transmission via HI2 has been specified.

6.2.1

7.2.1

8.2.1

9.2.1

10.2.1

11.2.1

Timing

If IRI cannot be transmitted, they must be buffered by the NWO/AP/SvP.

Minimum buffer time: 3 days

6.3

7.3

8.3

9.3

10.3

11.3

Security aspects

IP-based transmission: A VPN including IPSec encryption will be set up between the NWO/AP/SvPs obliged to provide for intercepts and the LEAs, refer to explanations in chapter 6.2 of this document.

6.4

7.4

8.4

9.4

10.4

11.4

Quantitative aspects

The following figures can be used as a basis for dimensioning the technical equipment installed at the NWO/AP/SvPs:

50 targets for the first 10000 subscribers
an additional 20 targets for each further 10000 subscribers started

(e.g.: NWO with 76000 subscribers shall be able to set up at least 50+7*20= 190 targets)

6.6

IRI reporting for packet domain at GGSN

This option does not have to be implemented in Luxembourg.

6.7

Content of communication interception for packet domain at GGSN

The option has been chosen. All target traffic, which is available at the interception node, is to be routed to the LEA.

5.2.2 Re [2], Annex A HI2 delivery mechanisms and procedures

re. Section

Reference / Description

National provision / extension

A

ROSE or FTP

Only FTP is to be used, there are no plans to use ROSE.

A.2.2

Usage of FTP

Method B is to be used.

A.2.2

Usage of FTP

The following triggers have been specified:

send timeout = 10s

volume trigger = 10MByte

5.2.3 Re [2], Annex C UMTS and EPS HI3 interface

re. Section

Reference / Description

National provision / extension

C

UMTS and EPS HI3 interfaces; Methods of transmission

Only ULICV1 via TCP stream is to be used.

C.2.2

Usage of FTP

Method B is to be used.

5.2.4 Re [2], Annex J Use of subaddress and calling party number to carry correlation information

re. Section

Reference / Description

National provision / extension

J.2.3.2

Field order and layout

To distinguish between "old" transmission and transmission in accordance with this specification, the octets 16-23 are allocated as follows:

If ‘old’ transmission: no entry

If transmitting according to this specification:

"Xa.bb.cc"

X: E for ETSI

a: main version TS101 671

bb: technical version

cc: editorial version

(Example: E3.12.01 for TS 101 671 V3.12.1)

5.2.5 Re [2], Annex B ASN.1-description

All the parameters described in the ASN.1 Notation, even if they are marked as optional, MUST be transmitted, insofar as they exist with regard to the respective message.

ASN.1 - Reference

Reference / Description

National provision / Extension

04022.4

General

The provisions in [2] remain unchanged.

5.3 Re [3] (TS 102 232-1)

The options that can be chosen in each country and amendments to [3] are listed in this chapter.

5.3.1 Re [3], General Section

re. Section

Reference / Description

National provision / extension

5.2.3

Authorization country code

Specified as "LU".

5.2.4

Communication identifier

The Operator ID consists of up to five characters; the nomenclature is defined and updated by the LEA.

6.2.3

Aggregation of payloads

Combined transmission of IP packets is authorised, but must not delay transmission unnecessarily.

The delay must not last longer than a few seconds.

6.2.4

Sending a large block of application-level data

Segmentation is not used.

6.2.5

Padding data

Padding is not used.

6.2.6

Payload Encryption

Payload encryption is not used.

6.3.1

General

TCP/IP socket connections are used.

6.3.2

Opening and closing connections

The NWO/AP/SvP shall make three connection attempts at an interval of ten seconds.

The socket connection is to be closed by the NWO/AP/SvP after 2 minutes of inactivity.

6.3.4

Keep alives

Using Keep-Alives can be used if desired, but must be agreed between NWO/AP/SvP and LEA. The preferred method is closing the connection after 2 minutes of inactivity according to 6.3.2.

If the LEA requests Keep-Alives, the function must be implemented.

6.4.2

TCP Settings

The following port numbers have been specified:

50100 for HI-2 (IRI for e.g. XDSL)

50110 for HI-3 (CC for e.g. XDSL)

7.2

Security requirements

IP-based transmission: A VPN including IPSec encryption is to be set up between the NWO/AP/SvPs and the LEAs; please refer to Explanations in 6.2.

5.3.2 Supplements to [3], Annex A ASN.1 syntax trees

All parameters described in the ASN.1 Notation, even if they have been marked as optional, MUST be transmitted, insofar as they exist with regard to the respective message.

ASN.1- Reference

Reference / Description

National provision / Extension

04022.5

General

The provisions in [3] remain unchanged.

5.4 Re [4], [5], [6], [7] (TS 102 232 – 2…5)

5.4.1 Re [4], [5], [6], [7]; General Section

The provisions in the specified documents remain unchanged.

5.4.2 Supplements to [4], [5], [6], [7]; ASN.1 definitions

All parameters described in the ASN.1 Notation, even if they have been marked as optional, MUST be transmitted, insofar as they exist with regard to the respective message.

ASN.1- Reference

Reference / Description

National provision / Extension

04022.5

General

The provisions in [4], [5], [6] and [7] remain unchanged.

5.5 Re [8] (TS 102 232 – 6)

5.5.1 Re [8]; General Section

REMARK:

If the NWO/AP/SvP’s equipment supports the delivery of CC via dedicated ISDN channels as described and defined in [1], this delivery shall be used for PSTN/ISDN services described in TS 102 232-6 as well.

If the delivery of CC via dedicated ISDN channels is not supported by the NWO/AP/SvP’s equipment, the CC delivered via RTP according to [8] shall be coded in G.711.

The other provisions in the specified documents remain unchanged.

5.5.2 Supplements to [8]; ASN.1 definitions

All parameters described in the ASN.1 Notation, even if they have been marked as optional, MUST be transmitted, insofar as they exist with regard to the respective message.

ASN.1- Reference

Reference / Description

National provision / Extension

04022.5

General

The provisions in [8] remain unchanged.

5.6 Re [9] (TS 102 232 – 7)

5.6.1 Re [9]; General Section

The provisions in the specified documents remain unchanged.

5.6.2 Supplements to [9]; ASN.1 definitions

All parameters described in the ASN.1 Notation, even if they have been marked as optional, MUST be transmitted, insofar as they exist with regard to the respective message.

ASN.1- Reference

Reference / Description

National provision / Extension

04022.5

General

The provisions in [9] remain unchanged.

6 Technical Provisions

6.1 ISDN based transmission

Routing of CC (content of communication) is via ISDN dial-up lines using Euro ISDN (E-DSS1). An ISDN CUG or an alternative secure transmission channel (closed user group) between the NWO/AP/SvP and the LEA is to be formed.

6.2 IP based transmission

IP-based transmission takes place over a VPN which is set up over the Internet. Provision, configuration and operation of the VPN components are the responsibility of the LEA.

The following components shall be provided by the NWO/AP/SvP:

Transparent Internet access to each LEA:

Internet access must be sized adequately, must have static, official IP addresses and must be equipped with maximum availability with regard to the infrastructure of the NWO/AP/SvP.

Internet access needs to be planned and implemented in parallel if required by the LEA for introduction of redundancy. In this case both Internet accesses should be planned as independently as possible from one another, taking the infrastructure at the NWO/AP/SvP into account (e.g. separate physical entry points, routing, autonomous network components, independent Peering Points)

Infrastructure at the handover point:

The following components are to be supplied by the NWO/AP/SvP:

exclusive 19" rack, with lock
2 X 230 VAC, 16 amp. power supply (connected to UPS)
waste heat < 1kW
installation in IT server room
transparent Internet access/Internet access terminates in this 19" rack (GigabitEthernet or faster)
handover from the provider’s network takes place in this 19" rack (GigabitEthernet or faster)

Annex A: National HI2-ASN.1 parameters

Additions to HI2-Operations

{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version18(18)}

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

IMPORTS

Natparas

FROM NatParameter;

National-HI2-ASN1parameters ::= SEQUENCE

{

countryCode [1] PrintableString (SIZE (2)),

-- Country Code (LU for Luxembourg) according to ISO 3166-1,

-- the country to which the parameters inserted after the extension marker apply.

-- In case a given country wants to use additional national parameters according to

-- its law, these national parameters should be defined using the ASN.1 syntax and

-- added after the extension marker (...).

-- It is recommended that "version parameter" and "vendor identification parameter"

-- are included in the national parameters definition. Vendor identifications can be

-- retrieved from the IANA web site (see annex H). Besides, it is recommended to

-- avoid using tags from 240 to 255 in a formal type definition.

natparas [2] Natparas,

-- Import from National Specifications for Luxembourg, Annex A

}

END -- HI2Operations

NatParameter

-- National parameter

-- Content defined by national law

-- Version of this ASN.1 specification of the national parameters: '1',

-- to be inserted into the parameter "specificationVersion"

-- The coding of all text fields shall be according to CODEPAGE 1252

NatParameter

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

Natparas ::= SEQUENCE

{

natVersion [1] SEQUENCE

{

Version [1] INTEGER(0..255)

},

locationDetails [2] LocationDetails OPTIONAL

}

-- **************************** Parameter begin **********************

LocationDetails ::= SEQUENCE

{

radius [0] INTEGER(0..2147483647) OPTIONAL,

-- radius of a cell in metres

radiationDirection [1] INTEGER(0..360) OPTIONAL,

-- radiation direction of the main beam of a cell in degrees

deflectionAngle [2] INTEGER(0..360) OPTIONAL,

-- deflection angle of the cell in degrees

fieldIntensity [3] INTEGER(-200..0) OPTIONAL,

-- field intensity of the mobile phone in [dbm]

remark [4] PrintableString (SIZE (256)) OPTIONAL

-- free text for additional information

-- (e.g. "antenna position Main Station, Building 16")

}

-- **************************** Parameter end **********************

END