| Today, VoIP is moving into the mainstream and, since criminal activity as a rule takes place in the mainstream, law-enforcement agencies must access to VoIP networks that is as routine as what they now have with traditional wire-line services. As a powerful weapon against crime, lawful interception becomes more and more important.The situation is this. Law enforcement agencies are authorized to tap and record suspect voice conversations. As VoIP proliferate, authorities must be able to reach into the IP network and trace SIP and H.323-signaling messages that enter or leave the network in order to learn the sources and destinations of the calls. Additionally, session controllers must be able to duplicate both signaling and actual voice flows and send them to law enforcement to capture whatever information is required. Of course all this must be accomplished without the overall knowledge of the end user.There are three main steps in helping law enforcement agencies gather information.Administration Function: This is a process that begins when the law enforcement identifies a person who requires surveillance, then gives the service provider a phone number or, in the case of VoIP, an IP or SIP address to be monitored. The service provider sends that request into the session controller to seek the necessary information and initiate a tap on the line.Intercept Function: In some instances the agency will only want Information call signaling-related data: the number being used to initiate the call and the number being called; the duration of the call and if there were any other calls made, including three-way calling. The session controller will than replicate the signaling stream and passes it to the delivery function that will pass to the lawful intercept center for monitoring.Delivery Function: Once obtained, information from the Intercept function must be placed into a format and delivered to the lawful intercept center.Thus, while miscreants may think they're hiding behind computer phone calls or the latest technology, in effect VoIP providers - thanks in large part to the ability of session controllers to duplicate signaling and call information - are one step ahead of them, gathering information on their calls and sending that data to the proper authorities for monitoring.In this text, I will discuss following issues of network interception in VoIP systems based on ITU-T Recommendation H.323.Protocol Analysis: First, We must accomplish protocol analysis and decode of the H.323 protocols. The analyzer captures IP packet data, and automatically searches for signaling and audio traffic. The H.323 standards are important building blocks for a broad new range of collaborative, LAN-based applications for multimedia communications. It includes parts of H.225.0 - RAS, Q.931, H.245 RTP/RTCP and audio/video codecs, such as the audio codecs (G711, G723.1, G729, etc.) and video codecs (H.261, H.263) that compress and decompress media streams.Two Side Voice Synchronization: In VoIP interception, It is difficult to keep the two side voice synchronization with a simple and real-time method. With the help of analysis and interception experience, Two methods are obtained: re-arrange the order of the voice frames, serialize the voice pieces. These mothods can provid means to get ideal alternating voice of VoIP in interception application.A Sample: An actual interception to a multi-link line. |
PDF Full Text Request