top of page
< Back

Lawful Interception in 2G/3G/4G/5G Mobile Networks

Duration : 4 days

Objectives : Understand Lawful Interception in mobile network and service architectures and their evolutions.

Who should attend : Telecommunications engineer, Telecommunications architecture, any person working on the technical part of lawful interception.

Prerequisites : Knowledge on mobile networks

Course outline :
Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require licensed telecommunications operators to provide their networks with Legal Interception gateways and nodes for the interception of communications. The interfaces of these gateways have been standardized by telecommunication standardization organizations.
Lawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications.
This course presents the architecture, the functions and lawful interception data in 2G/3G (circuit and packet), 4G (packet) and 5G (packet) mobile networks. With the advent of 4G as an all-IP mobile network, voice is transported over IP. The architecture is called VoLTE based on IMS (IP Multimedia Subsystem) architecture. The course describes the lawful interception architecture associated with VoLTE service with IMS as well as with VoNR and EPS Fallback in 5GS. Another variant of voice over IP is offered by the mobile operator called WiFi Calling or VoWiFi. The customer uses his home WiFi hotspot or any other public WiFi hotspot to directly access his Internet services and also to access his mobile telephone services, including voice, video telephony, SMS and USSD. The user is connected to the mobile packet network via WiFi to access the IMS architecture. This service is particularly interesting when the mobile radio coverage is absent or the quality of the mobile radio signal is low. The course describes the lawful interception service architecture associated with the VoWiFi/WiFi Calling service with IMS.
Several telecommunications services are provided by mobile services provided : SMS, MMS, Mission Critical communications, Rich Communication Suite (RCS), Location-based services. The lawful interception aspect of these services is presented.
The mobile core network evolves in 3GPP releases 13 and 14 to effectively support MTC (Machine Type Communication) devices, particularly in the LTE-M and NB-IoT context. This course also describes the lawful interception architecture envisaged for LTE-M and NB-IoT.
Finally, the training describes the lawful interception architecture in the 5G SA network with a new lawful interception architecture different from that used for 2G, 3G, 4G and their services. IRIs and communication content.

1. Lawful interception
1.1. Definition
1.2. Architecture
1.2.1. Entities: LEMF, ADMF, DF2, DF3
1.2.2. LI interfaces: HI1, HI2, HI3, X1, X2, X3
1.2.3. LI identities: LIID, CID, NID, CIN, CN, etc.

2. Lawful interception in the 2G/3G circuit switched (CS) architecture
2.1. CS Architecture
2.2. Roaming
2.2.1. Bilateral roaming and use of the roaming hub
2.2.2. Multilateral roaming with roaming sponsor
2.3. Lawful interception architecture and associated network functions for the 2G/3G circuit switched domain
2.4. Intercept related information (IRI) for 2G/3G circuit swiched domain and communication content (CC)
2.4.1. IRI on the IMSI attach procedure, the IMSI detach procedure, the location area update procedure
2.4.2. IRI on basic call setup, on supplementary services, on call release
2.4.3. IRI on SMS-MO and SMS-MT procedures
2.4.4. IRI on the handover procedure
2.4.5. Content of Communication (CC)

3. Lawful interception in the 2G/3G packet swiched domain
3.1. GPRS architecture
3.2. Lawful interception architecture and network functions for the 2G/3G packet swiched network (GPRS)
3.3. Intercept related information (IRI) for 2G/3G packet switched domain and communication content (CC)
3.3.1. IRI on the GPRS attach, GRPS detach and GRPS routing area update procedures
3.3.2. IRI on PDP context activation, PDP context deactivation and handover procedures
3.3.3. IRI on the SMS-MO and SMS-MT procedures (In the case where the SMS is sent via the SGSN, which is rarely the case).
3.3.4. IRI on the packet data header information per packet or per summary flow
3.3.5. Content of Communication (CC)
3.3.6. Lawful interception of the MMS service

4. Lawful interception in the 4G network (Evolved Packet Core)
4.1. Evolved PAcket System (EPS) Architecture
4.2. Lawful interception architecture and network functions for the 4G network (EPS)
4.3. X1, X2 and X3 Interfaces
4.4. EPS events relating to lawful interception
4.5. Intercept related information (IRI) for EPS and communication content (CC)
4.5.1. IRI on E-UTRAN attach, E-UTRAN detach, Tracking Area update procedures
4.5.2. IRI on the Cancel Location, HSS subscriber record change, Register location and Location information request procedures
4.5.3. IRI on procedures Bearer activation, Bearer modification, UE Requested bearer resource modification, Bearer deactivation, UE requested PDN connectivity, UE requested PDN disconnection , handover
4.5.4. IRI on packet data header information per packet or per summary flow
4.5.5. Content of Communication (CC)
4.6. 4G lawful interception architecture with CUPS (Control and User Plan Separation)
4.6.1. SGW-C/PGW-C entity
4.6.2. SGW-U/PGW-U entity
4.6.3. SX3LIF entity
4.6.4. Packet detection rules
4.6.5. Transfer Action Rules
4.6.6. X2, X3-C, X3-U Interfaces of the SX3LIF function
5. Lawful interception in the SMS over NAS and Data over NAS architecture
5.1. IRIs on SMS MO and SMS MT

6. Lawful interception in the VoLTE (Voice over IP over LTE) architecture
6.1. VoLTE architecture with IMS
6.2. Lawful interception architecture and functions for VoLTE with IMS
6.3. Intercept related information (IRI) for IMS/VoLTE and communication content
6.4. IRIs on SIP message, XCAP request/response, SMS over IP
6.5. VoLTE roaming : LBO and S8HR
6.6 S8HR lawful interface architecture

7. Lawful interception in the architecture WLAN access to the ePC
7.1. WiFi architecture connected to the EPC
7.2. IRI on the procedures I-WLAN Access Initiation, I-WLAN Access Termination, I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect
7.3. IRI on packet data header information
7.4. Content of Communication (CC)

8. Lawful interception in WiFi Calling architecture also called VoWiFi
8.1. VoWiFi architecture with IMS
8.2. Lawful Interception Architecture for WiFi Calling
8.3. Intercept related information (IRI) for IMS/WiFi Calling and Communication content (CC)

9. Lawful interception with LTE-M/NB-IoT
9.1. Evolution of the ePC architecture for M2M/IoT
9.2. New features
9.3. Associated lawful interception architecture
9.4. IRIs for IP data
9.5. IRIs for Non-IP data Delivery (NIDD) (MME and SCEF)
9.6. CC for IP data
9.7. CC for NIDD

10. New lawful interception architecture applicable to 4G, 5G NSA and 5G SA
10.1. Concepts and principles underlying the new LI architecture
10.2. SIRF, LIPF, LICF, MDF, LEMF, LEA entities
10.3. Interception points: IRI-TF, CC-TF, IRI-POI, CC-POI
10.4. Intercept identities
10.5. Interfaces : LI_X1, LI_X2, LI_X3, LI_T2, LI_T3, LI-SI, LI-ADMF, LI-MDF, LI_HI1, LI_HI2, LI_HI3, LI_HI4

11. Lawful interception in the 5G network (Evolved Packet Core)
11.1. 5G SA Architecture
11.2. Lawful interception architecture and functions for the 5G SA (5GS) network
11.3.1. xIRIs from POI of AMF
11.3.2. xIRIs from POI of SMF
11.3.3. xIRIs from POI of SMSF
11.3.4. xIRIs from POI of NEF
11.3.5. xIRIs from POI of UDM
11.3.6. xIRIS POI of UPF
11.4. Communication content: CC-POI of UPF

12. Future of lawful interception

bottom of page