Lawful Interception - Cloud/Virtual Services
As more and more people move to mobile/wireless devices to access virtual services so mobile forensics is having to expand its boundaries too in order to cope with cloud/virtual servcies. Many people misunderstand mobile forensics and see its role limited to arguments on good practice and methodology (extract and harvest data from mobile/smart phones). This narrow view is completely wrong but has arisen as mobile forensics is being labelled in some quarters as a sub-category of e.g. computer forensics in criminal proceeding. However, mobile forensics encompasses a wide area and on principals of science fact that computer forensics can operate:
- criminal investigation
- civil investigation
- contract and commerical ventures
- public services/national security
In civil cases there is the investigation process, for example, of requiring examination of the mobile/smart phone as the conduit between confidential information being jettisoned to a secret file in the Cloud, because there is no trail of bread crumb data evidence on the PC/laptop. Radio signals are not part of computer forensics, unless we all ursurp the laws of physics and rename, for instance, radio signals as computer signals just to be able to lock mobile forensics to computer forensics; it would be just absurd. The investigatory elements requires knowing whether the device is capable of working with HSPA etc as opposed to suggesting full blown data streaming occurs on basic GSM transmission technology. In other words the investigator must be realistic in his/her approach. That equally means understand cell site analysis so that the investigator knowns to understand the advantages of, for instance, MIMO in the wireless arena and the base station set up for that purpose.
Mobile Cloud usage is on the increase and therefore public servcies/national security will equally require to understand any loopholes that exist. Mobile forensics provided for consultancy or in education again requires obtaining facts and understanding processes and procedures as indeed does contract and commercial ventures that require accuracy in description and terms for technology usage.
It is upon that basis this blog discussion introduces Lawful Interception - Cloud/Virtual Services so that whilst law enforcement and national security would seem the obvious target audience, it doesn't take that much effort to realise how all the other categories in which mobile forensics operates equally benefit from knowing the subject matter.
I am not able to provide masses of info or say too much on this issue
but I thought trewmte blog readers might be interested in several informative
documents about the subject matter. You may even appreciate the irony of making the downloads for these documents via Dropbox.
As a primer this is a very helpful document:
ETSI TR 102 997 V1.1.1 (2010-04)
Initial analysis of standardization requirements for Cloud services
present document describes standardisation requirements for cloud
services. It is based on the outcome of the ETSI TC GRID Workshop,
"Grids, Clouds and Service Infrastructures", 2 and 3 December 2009. This
event brought together key stakeholders of the grid, cloud and
telecommunication domains to review state of the art and current trends.
Needs for standardisation, with a particular focus on the emerging area
of cloud computing and services, were discussed. The present document
introduces and expands on the conclusions reached. This is not an
exhaustive survey and is intended to serve as the basis for future work.
A useful guide to the mechanisms needed to enable eWarrants to function in the global marketplace.
ETSI TR 103 690 V1.1.1 (2012-02) Lawful Interception (LI); eWarrant Interface
present document presents a high-level description of an interface
mechanism - the eWarrant Interface - for receipt of requests for
measures producing real-time or stored information by an issuing
authority possessing lawful authorization to initiate such a request.
The eWarrant Interface is a generic, extensible interface intended to be
fully compatible with all existing kinds of requests for these purposes
- as well as support future ones, including local
languages or character sets. The eWarrant Interface is not intended to
replace existing implementation-specific mechanisms found, for example,
in the Retained Data Handover Interface.
The present document
describes an electronic interface. Annex B describes work flow for an
eWarrant in different jurisdictions and a means for discovering related
information. Annex C describes how this interface may be adapted and
made interoperable for manual and legacy techniques. The present
document provides a high-level description of the interface mechanism.
It defines basic principles of interoperability, and provides
recommendations for the types of data that are delivered. It provides a
recommendation on the choice of data modelling languages, but the
present document does not give a normative structure for the delivery of
eWarrant messages. It is envisaged that a later Technical Specification
will add the required details for a full implementation.
is the draft standard being worked on that will eventually be the
agreed standardised approach to interception for Cloud and Virtual
Services that occurs trans-border.
Draft ETSI DTR 101 567 V0.1.0 (2012-05) Lawful Interception (LI); Cloud/Virtual Services (CLI)
present document provides an overview on requests for handover and
delivery of real-time information associated with cloud/virtual
services. The report identifies Lawful Interception needs and
requirements in the converged cloud/virtual service environment, the
challenges and obstacles of complying with those requirements, what
implementations can be achieved under existing ETSI LI standards, and
what new work may be required to achieve needed Lawful Interception
capabilities. Cloud Services in whichever forms they take
(Infrastructure, Software, Platform or combinations of these) are often
trans border in nature and the information required to maintain Lawful
Interception (LI) capability or sufficient coverage for LI support may
vary in different countries, or within platforms of different security
assurance levels. This work aims to ensure capabilities can be
maintained while allowing business to utilise the advantages and
innovations of Cloud Services and was undertaken cooperatively with
relevant cloud security technical bodies.