Lawful Interception Architecture for LTE Evolved Packet System
Lawful Interception is a legally sanctioned official access to private communications. It is a security process in which a service provider or network operator collects and provides law enforcement officials with intercepted communications of private individuals or organizations. Lawful interception is always done in accordance with the applicable national or regional laws and technical regulations.
3GPP Evolved Packet System (EPS) provides IP based services. Hence, EPS is responsible only for IP layer interception of Content of Communication (CC) data. In addition to CC data, the Lawful Interception (LI) solution for EPS offers generation of Intercept Related Information (IRI) records from respective control plane (signalling) messages as well.
3GPP lawful interception functional architecture for EPS is similar to 3G PS functional architecture. The following figures contain the reference configuration applicable for the lawful interception in the EPS.
The Administration Function (ADMF) interfaces with all the LEAs that may require interception in the intercepting network. It keeps the intercept activities of individual LEAs separate and interfaces to the intercepting network. ADMF along with the delivery functions is used to hide from Intercepting Control Element (ICE) that there might be multiple activations by different Law Enforcement Agencies (LEAs) on the same target.
Every physical Intercepting Control Element (ICE) is linked by its own X1_1-interface to the ADMF. Consequently, every single ICE performs interception (activation, deactivation, interrogation as well as invocation) independently from other ICEs. The HI1-interface represents the interface between the requester of the lawful interception and the Lawful administration function.
HI2 & HI3 interfaces represent the interfaces between the LEA and delivery functions. The delivery functions are used to distribute the Intercept Related Information (IRI) to the relevant LEA(s) and to distribute the Content of Communication (CC) to the relevant LEA(s)
The target identities for interception at the MME, HSS, S-GW and PDN-GW are IMSI, MSISDN and ME (Mobile Equipment) Identity.
As the MME only handles control plane and HSS only handles signaling, interception of Content of Communication is applicable only at the S-GW and PDN-GW.
For the delivery of the Content of Communication and Intercept Related Information the S-GW and/or, PDN-GW (per national option) provides correlation number and target identity to the Delivery Function 2 and Delivery Function 3 which is used there in order to select the different LEAs where the product would be delivered.
Refer 3GPP standard 33.107 for further reading.