Voice over IP and Lawful Intercept : Good cop/Bad cop

Sammanfattning: Lawful interception is a common practice for monitoring a telecommunication network by law enforcement agencies all over the world. It plays a vital role to ensure national security and to control crimes by providing authorized monitoring of communicating parties in a communication network. However, there are some important issues that need to be addressed, such as the privacy of individuals, malicious use of lawful interception by a “bad” cop, vulnerability of a lawful interception system to misuse by others, cost, legal liability, etc. These issues have lead to opposition to lawful interception. Many researchers have been looking for a secure and acceptable lawful interception system that would eliminate or minimize the undesirable aspects of lawful interception. One of the approaches that gained a lot of attention is a key escrow encryption system. For lawful interception a key recovery key is escrowed with a trusted third party. This key can subsequently be used for decryption by the law enforcement agency. The trusted third party might be a government agency or a private company. The process for recovering keys should be based on a predefined securitypolicy. The trusted third party’s responsibility is to store the key and to protect it from malicious use. This malicious use could be by a competitor, a telecommunication operator, Internet Service Provider (ISP), a law enforcement agency, or other party. If the trusted third party itself utilizes the key or improperly discloses the key to another party, then the data that was protected by encryption could be compromised Unfortunately, there is no easy means to detect if the data has been tampered with or not. This thesis focuses on therefore in the case of voice over IP, where there is a need for a means to determine if a recorded conversation is authentic or not. Hence the objective of the overall thesis project is to design, implement, and evaluate a security mechanism that can be used with a trusted third party -based key escrow encryption system that will prevent or reduce the risk of forgery by (a bad cop within) a lawenforcement agency using the escrowed key. This thesis describes how a key escrow encryption system would be improved by the proposed mechanism – with a focus on the actions of a party that has access to the escrowed key. We do not examine how the party got access to this key, but for the purposes of this thesis we assumed that this party is either a good cop or a bad cop. We have defined the meaning of these terms and examine what operations a bad cop might attempt to perform – given the access to the master key. For example, this party could capture the data packets of a Voice over IP session, and then decrypt the packets using the key provided by the escrow agent. After decryption we examined the ability of a bad cop to modify or forge data packets, then encrypt these forged packets with the key – in order to fabricate evidence. We then examined how to detect such modifications or forgery. The proposed system is able to detect this forgery, based upon the inability of the forger to generate the correctly signed hashed message authentication coded. We also examine additional extensions to the user agent and the escrow agent to be able to identify which packets (or groups of packets) were not generated by the original participant in the conversation. The goal is to understand if the proposed mechanism could make lawful interception more secure, while increasing the protection of the communicating parties’ conversation from undetected manipulation and making the digital record of a conversion easier to authenticate.