| VoIP has already been the trend of voice communication. Yet, along with the expending of its business scope, a series of security and management problems occurs, including the Lawful Interception (LI) problem. This paper mainly researches in the lawful interception of VoIP, and proposes a concrete solution of it as well as implementation of its interception access point (IAP).This paper introduces the basic theory of VoIP and its deployment, as well as the Session Initiation Protocol (SIP) and its basic callflow. It discusses the key technology of the network interception, including the interception theorem, packet filtering and protocol analyzing technology. Then, it introduces a LI model which was designed by IETF for the softswitch system, in addition, it introduces the function of each functional entity and the interfaces between them. Then, it raises four solutions of the LI system's deployment on the basis of the network involving the Session Border Controller (SBC). The four solutions are making use of conference service, changing the route of media stream, setting packet filter and forwarding the signals.Whereafter, the advantages and disadvantages of each solution are discussed, and the setting packet filter method is chosen as the best LI network deployment solution according to the acquirement of interception and the principles of designing.After the analyzing of the SBC's mechanism, this paper designs the IAP on the basis of the requirement of interception data and the deployment of the LI system, and describes its architecture and mechanism in detail. Then it uses the libpcap functions and gives the implementation of the filtering and analyzing module which is the key inner module of IAP.According to the main design consideration of IAP, the interception is triggered by the INVITE message with the phone number, the filter's rule code is refreshed with the message type and the call related information which is derived from the SIP message. There are three features of the implementation, The first one is that, the media stream ports and the signal ports can be captured during the session, the second one is the filter's rule code is refreshed with the ports captured, which results in the reduction of the time of filtering. The last feature is that, it can correlate the session's state and the interception infomaion with the help of the state machine. At the end, the string pattern matching is researched, and a new algorithm derived from Boyer-Moore-Horspool(BMH) algorithm is raised. In addition, muti-thread processing and thread-pool technology are introduced in the system to increase the efficiency of the IAP. |
PDF Full Text Request