Method and apparatus for identifying and monitoring VoIP media plane security keys for service provider lawful intercept use

摘要

A mechanism is described that enables encrypted end-point communications in a VoIP network to be accessed by a service provider. The mechanism includes a session information retrieval component which gathers session information such as encryption keys for each session that traverses a network element. The encryption keys may be used to decrypt data to make it available for lawful interception. A media stream monitoring component monitors media streams and verifies that the identified keys for each session are valid, to ensure continuity in compliance with LI regulations. Advantageously a security alert component may be used to controls further session operation for those sessions identified as potential security risks. With such an arrangement, the service provider can satisfy the legal requirement to provide interception, verify that the accuracy of the legal interception support and take appropriate steps to handle security risks.

主权项

1. A method of obtaining session information in a network comprising a plurality of end-points coupled by at least one network element, the method comprising:
establishing a secure communication channel with a first end-point by the at least one network element; forwarding session initiation requests and responses between the first end-point and the second end-point to establish a session for an exchange of media between the first end-point and the second end-point, the session having a characteristic; retrieving the characteristic of the session from the first end-point using the secure channel; storing the characteristic of the session, wherein the characteristic of the session is a key that is used to encrypt media of the session; periodically capturing blocks of media exchanged between the first end-point and the second end-point; attempting to decrypt the blocks of media using the key; analyzing the blocks of media for which decryption was attempted to determine whether the key provided by the first end-point is valid, wherein analyzing the blocks of media for which decryption was attempted to determine whether the key provided by the first end-point is valid includes analyzing the blocks of media for which decryption was attempted to determine whether the blocks of media for which decryption was attempted remain encrypted by employing a spectral analyzer separate from the first and second end-points to perform a randomness test on signal frequencies within the blocks of media to determine whether the blocks of media include random data; and logging information associated with the session if it is determined that the media remains encrypted after performing spectral analysis for use by legal interceptors.