Friday, August 30, 2013

Lawful Interception - Cloud/Virtual Services

Lawful Interception - Cloud/Virtual Services

As more and more people move to mobile/wireless devices to access virtual services so mobile forensics is having to expand its boundaries too in order to cope with cloud/virtual servcies. Many people misunderstand mobile forensics and see its role limited to arguments on good practice and methodology (extract and harvest data from mobile/smart phones). This narrow view is completely wrong but has arisen as mobile forensics is being labelled in some quarters as a sub-category of e.g. computer forensics in criminal proceeding. However, mobile forensics encompasses a wide area and on principals of science fact that computer forensics can operate:

- criminal investigation
- civil investigation
- contract and commerical ventures
- consultancy
- education
- public services/national security     

In civil cases there is the investigation process, for example, of requiring examination of the mobile/smart phone as the conduit between confidential information being jettisoned to a secret file in the Cloud, because there is no trail of bread crumb data evidence on the PC/laptop. Radio signals are not part of computer forensics, unless we all ursurp the laws of physics and rename, for instance, radio signals as computer signals just to be able to lock mobile forensics to computer forensics; it would be just absurd. The investigatory elements requires knowing whether the device is capable of working with HSPA etc as opposed to suggesting full blown data streaming occurs on basic GSM transmission technology. In other words the investigator must be realistic in his/her approach. That equally means understand cell site analysis so that the investigator knowns to understand the advantages of, for instance, MIMO in the wireless arena and the base station set up for that purpose.

Mobile Cloud usage is on the increase and therefore public servcies/national security will equally require to understand any loopholes that exist. Mobile forensics provided for consultancy or in education again requires obtaining facts and understanding processes and procedures as indeed does contract and commercial ventures that require accuracy in description and terms for technology usage.  

It is upon that basis this blog discussion introduces Lawful Interception - Cloud/Virtual Services so that whilst law enforcement and national security would seem the obvious target audience, it doesn't take that much effort to realise how all the other categories in which mobile forensics operates equally benefit from knowing the subject matter.

I am not able to provide masses of info or say too much on this issue but I thought trewmte blog readers might be interested in several informative documents about the subject matter. You may even appreciate the irony of making the downloads for these documents via Dropbox.


As a primer this is a very helpful document:

ETSI TR 102 997 V1.1.1 (2010-04)
Initial analysis of standardization requirements for Cloud services

The present document describes standardisation requirements for cloud services. It is based on the outcome of the ETSI TC GRID Workshop, "Grids, Clouds and Service Infrastructures", 2 and 3 December 2009. This event brought together key stakeholders of the grid, cloud and telecommunication domains to review state of the art and current trends. Needs for standardisation, with a particular focus on the emerging area of cloud computing and services, were discussed. The present document introduces and expands on the conclusions reached. This is not an exhaustive survey and is intended to serve as the basis for future work.


A useful guide to the mechanisms needed to enable eWarrants to function in the global marketplace.

ETSI TR 103 690 V1.1.1 (2012-02) Lawful Interception (LI); eWarrant Interface

The present document presents a high-level description of an interface mechanism - the eWarrant Interface - for receipt of requests for measures producing real-time or stored information by an issuing authority possessing lawful authorization to initiate such a request. The eWarrant Interface is a generic, extensible interface intended to be fully compatible with all existing kinds of requests for these purposes - as well as support future ones, including local
requirements and languages or character sets. The eWarrant Interface is not intended to replace existing implementation-specific mechanisms found, for example, in the Retained Data Handover Interface.

The present document describes an electronic interface. Annex B describes work flow for an eWarrant in different jurisdictions and a means for discovering related information. Annex C describes how this interface may be adapted and made interoperable for manual and legacy techniques. The present document provides a high-level description of the interface mechanism. It defines basic principles of interoperability, and provides recommendations for the types of data that are delivered. It provides a recommendation on the choice of data modelling languages, but the present document does not give a normative structure for the delivery of eWarrant messages. It is envisaged that a later Technical Specification will add the required details for a full implementation.


Here is the draft standard being worked on that will eventually be the agreed standardised approach to interception for Cloud and Virtual Services that occurs trans-border.

Draft ETSI DTR 101 567 V0.1.0 (2012-05) Lawful Interception (LI); Cloud/Virtual Services (CLI)
The present document provides an overview on requests for handover and delivery of real-time information associated with cloud/virtual services. The report identifies Lawful Interception needs and requirements in the converged cloud/virtual service environment, the challenges and obstacles of complying with those requirements, what implementations can be achieved under existing ETSI LI standards, and what new work may be required to achieve needed Lawful Interception capabilities. Cloud Services in whichever forms they take (Infrastructure, Software, Platform or combinations of these) are often trans border in nature and the information required to maintain Lawful Interception (LI) capability or sufficient coverage for LI support may vary in different countries, or within platforms of different security assurance levels. This work aims to ensure capabilities can be maintained while allowing business to utilise the advantages and innovations of Cloud Services and was undertaken cooperatively with relevant cloud security technical bodies.

No comments: