Feasibility of inexpensive CALEA Compliance

Feasibility of inexpensive CALEA Compliance

OpenCALEA Pragmatic Cost Effective CALEA Compliance Manish Karir, Merit - Research and Development Experimentation Goals 1. Develop an experimental reference architecture as a model for CALEA compliance 2. Determine what level of compliance is possible at a reasonable price point 3.

Experiment with simple hardware/software in order to determine suitability for compliance 4. How well will this solution scale (10G cards, multiple sites) compared to price/performance of commercial solutions 5. Gain a technical understanding of what is required to be CALEA compliant 6. Build open source tools that others can use/contribute towards Approach

1. Build and deploy a packet capture platform Experimental Architecture 1 -- Dell Precision GX260 Workstation, 2 GIGE interfaces for management and sampling, Pentium 4 3GHz, 1GB RAM, Linux Experimental Architecture 2 -- Dell PowerEdge860 1U server, Dual Pentium 2.8GHz, 1 GIGE interface(mgmt), 1myricom 10GIGE adapter, 1GB RAM, Linux Tcpdump/tethereal for packet capture -- both depend on pcap library, custom utilities to format packets appropriately for LEA Iperf as the traffic generator 2. Test ability to capture a single data stream in the presence of varying amounts of live background network traffic

Metrics: packet loss, cost 3. Experiment 1 Architecture Experiment 1 Methodology 1. 2. 3. Background traffic for the duration of the test: ~ 190-225Mbps (Sunday evening load) Repeat for higher traffic load ~400Mbps (Monday afternoon) Test Send data from source to sink using iperf Attempt to capture traffic stream at capture device (full packet captures not just headers) Measure actual number of packets

transmitted at the source and compare with number of full packets captured Measure for Small/Medium/Large UDP flow Experiment 1 Results Experiment Network Load Avg Packet Loss % 10 sec UDP390kbps 200Mbps < 1.0 5 min UDP 390kbps

200Mbps < 1.0 30 min UDP 390kbps 200Mbps < 1.0 5 min UDP 390kbps 400Mbps < 1.0 Experiment 2 Architecture Experiment 2 Methodology

1. Scale up experiment 1 architecture to links that carry over 2Gbps of traffic 2. Test ability to deliver the captured packets to LEA 3. 4. Use of better hardware platform: Dell 1U server 10GiGE Myricom Ethernet Adapter Simple custom software which operates similar to tcpdump but additionally can transmit packets to LEA

Test ability to operate in the presence of complications. (Such as VLANS ~40vlans mirrored on single interface) Measure ability to capture higher bitrate streams in presence of higher background traffic Experiment 2 Results UDP stream with average background network load of 2.3-2.4 Gbps Experiment Stream Bitrate Avg Packet Loss % 5min UDP 25K packets

1Mbps ~0.0 5 min UDP 127K packets 5 Mbps ~0.0 5 min UDP 255K packets 10Mbps < 1.0 5 min UDP 636K packets 25 Mbps

< 1.0 Experiment 2 Results UDP stream with average background network load of > 2.5Gbps Experiment Packet Loss Packet Loss at Tap at LEA 5min UDP 100kbps < 1% < 1% 5min UDP 200kbps

< 1% < 1% 5min UDP 400kbps < 1% < 1% 5 min UDP 1Mbps < 1% < 1% Experiment Conclusions 1.

2. 3. 4. 5. Return Path Characteristics are Important otherwise there can be packet loss on path to LEA. Check for MTU -- Encapsulation can lead to packet size > 1,500Bytes. (MTU should be able to support jumbo frames on the path to LEA). Packet capture at > 2Gbps network load appears to be feasible. Hardware/software cost: ~ $2,500 (server $1300 + 10Gige I/F card, $1200) Need to Verify: Is there any data impairment during the capture/transfer/writing process? OpenCALEA Software Toolset

Tap Tool: 1. Tap: Perform packet capture Receive packets via libpcap interface Create new UDP packet in appropriate format Encapsulate captured packet into new packet Timestamp information to UDP packet Send to LEA collection IP address Send the packet header information on separate UDP port 2. Example Usage: ./tap -d -i any -c -f "host and port 5001" OpenCALEA Software Toolset LEA Receiver Tool (Consistent with standard): 3. Example of LEA collection function implementation: lea_collect Receive UDP packets sent by tap Remove encapsulation

Create standard libpcap packet based on timestamps and encapsulated packet Write packet to file Write packet header information sent by tap 4. Example Usage: ./lea_collect -f capture-file.pcap OpenCALEA Software Toolset User Front End (in development): 5. calea_controller: Responsible for initiating a tap on remote tap devices but issuing the appropriate command 6. calea_collector: Responsible for listening for commands from calea_controller and initiating the tap with the appropriate filters

Conclusions A cost-effective CALEA solution was developed and tested The solution has performed well in initial testing The solution appears to be 1. 2. 3. 4. Consistent with technical requirements Cost effective Practical Soon! www.opencalea.org

Recently Viewed Presentations

  • Kant and Tolstoy - Salisbury University

    Kant and Tolstoy - Salisbury University

    Kant and Tolstoy Art as Judgment about a Form Or Art as Infectious Emotion Vermeer: Woman in Blue Vermeer: Woman Reading a Letter Andres Serrano's "Piss Christ" vs. A Medieval Cruxifix Kant's Aesthetic of Communicable Pleasure Disinterested Interest—An Appeal to...
  • Acute Respiratory Distress Syndrome

    Acute Respiratory Distress Syndrome

    And also recommended in patients with recurring thromboembolism despite adequate anticoagulation, chronic recurrent embolism and pulmonary hypertension, and concurrent surgical pulmonary embolectomy or pulmonary endarterectomy procedures * FIGURE 11-2 Insertion of umbrella filter in inferior vena cava to prevent pulmonary...
  • IV&amp;V ofAgile Projects Literatue Review

    IV&V ofAgile Projects Literatue Review

    Alistair Cockburn (one of the original agile proponents): "small projects, web projects, exploratory projects, agile is fabulous; it beats the pants off of everything else, but for NASA, no" [AM13] ... (e.g.co-located teams) are difficult to realize on large projects...
  • Safety in the Classroom

    Safety in the Classroom

    Folding Tables Folding tables can be dangerous if not set up properly. Be cautious of allowing students to move them or set them up. Food If having a snack or party, be aware of food contents; students may have allergies...
  • Molecular biology Tools - DNA RNA Protein extractions ...

    Molecular biology Tools - DNA RNA Protein extractions ...

    Since SYBR green does not distinguish between one DNA and another, an important means of quality control is to check all samples have a similar melting peak. After real time PCR amplification, the machine can be programmed to do a...


    ETS 1700 - Hydraulics & Pneumatics. ETM 2315 - Mechanical Devices & Systems. ETS #### - Capstone (course under development) ETS - 1941 Internship * Course also meets a High School graduation requirement^ Course will be taken on the High...
  • Изкуствен интелект - семинарно упражнение No 1

    Изкуствен интелект - семинарно упражнение No 1

    Програмиране на Пролог доц. Светла Бойчева Факултет по математика и информатика
  • Encouraging Encouraging

    Encouraging Encouraging

    Evangelism Ministries USA/Canada Region. ... one of the sociological characteristics of a holiness church is an unwritten goal of avoiding disagreement. You remember that verse: "Follow peace with all men, and holiness, without which no man shall see the Lord"...