Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)


Communicating parties inside computer networks use different kind of identifiers. Some of these identifiers are stable, e.g., logins used to access a specific service, some are only temporary, e.g., dynamically assigned IP addresses. This paper tackles several challenges of lawful interception that emerged in modern networks. The main contribution is the graph model that links identities learnt from various sources distributed in a network. The inferred identities result into an interception of more detailed data in conformance with the issued court order. The approach deals with network address translation, short-lived identifiers and simultaneous usage of different identities. The approach was evaluated to be viable during real network testing based on various means to learn identities of users connected to a network.


AQSACOM. (2012). Lawful Interception for IP Network. (White Paper) ATIS/TIA. (2006). Lawfully Authorized Electronic Surveillance. J-STD-025-B.

Baker, F., Foster, B., & Sharp, C. (2004). Cisco Architecture for Lawful Intercept in IP Networks. (RFC 3924)

Carpenter, B. E. (2001). Connection of IPv6 Domains via IPv4 Clouds. (RFC 3056)

Cronin, E., Sherr, M., & Blaze, M. (2008). On the (un)reliability of eavesdropping. International Journal of Secure Networking, 3 , 103–113.

Despres, R. (2010). IPv6 Rapid Deployment on IPv4 Infrastructures (6rd). (RFC 5569)

ETSI. (2001). ETSI TR 101 943: Telecommunications security; Lawful Interception (LI); Concepts of Interception in a generic Network Architecture. (Version 1.1.1)

ETSI. (2006). ETSI TR 102 528: Lawful Interception (LI); Interception domain Architecture for IP networks. (Version 1.1.1)

ETSI. (2010a). ETSI TS 102 232-2: Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for E-mail services. (Version 2.5.1)

ETSI. (2010b). ETSI TS 102-232-5: Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services. (Version 2.5.1)

Hoffman, P., & Terplan, K. (2006). Intelligence support systems: Technologies for lawful intercepts. Auerbach Publications, U.S.

Huitema, C. (2006). Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs). (RFC 4380)

Karpagavinayagam, B., State, R., & Festor, O. (2007, June). Monitoring Architecture for Lawful Interception in VoIP Networks. In Internet monitoring and protection.

McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., . . . Turner, J. (2008). OpenFlow: enabling innovation in campus networks. SIGCOMM Computer Communication Review, 38 (2), 69–74.

Milanovi´c, A., Srblji´c, S., Raˇznjevi´c, I., Sladden, D., Skrobo, D., & Matoˇsevi´c, I. (2003). Distributed system for lawful interception in VoIP networks. In Eurocon 2003. computer as a tool. (Vol. 1, pp. 203–207).

Narten, T., Draves, R., & Krishnan, S. (2007). Privacy Extensions for Stateless Address Autoconfiguration in IPv6. (RFC 4941) Pfitzmann, A., & Hansen, M. (2010). A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (Tech. Rep.). Retrieved from https:// dud.inf.tu-dresden.de/literatur/ Anon Terminology v0.34.pdf (Version 0.34) Polˇc´ak, L., & Frankov´a, B. (2014). On reliability of clock-skew-based remote computer identification. In 11th international conference on security and cryptography. Vienna, AT: SciTePress - Science and Technology Publications.

Polˇc´ak, L., Holkoviˇc, M., & Matouˇsek, P. (2013). A New Approach for Detection of Host Identity in IPv6 Networks. In Data communication networking (pp. 57–63).

Reykjavk, IS: SciTePress - Science and Technology Publications.

Sanguanpong, S., & Koht-Arsa, K. (2013). A design and implementation of dual-stack aware authentication system for enterprise captive portal. In 9th international conference on network and service management (pp. 118–121).Z¨urich, Switzerland.

Utimaco Safeware AG. (2010). Lawful interception in the digital age: Vital elements of an effective solution. (White Paper)

Wing, D., & Yourtchenko, A. (2012). Happy Eyeballs: Success with Dual-Stack Hosts. (RFC 6555)

Yang, M., & Liu, H. (2013). Implementation and performance of VoIP interception based on SIP session border controller. Telecommunication Systems, 1–17.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.