As telecommunications networks have migrated from circuit-switched to packet-switched architectures, the standards governing lawful interception have had to evolve in parallel. ETSI TS 103 120 is one of the most important technical specifications in this evolution, defining the handover interfaces for lawful interception in IP-based networks. For operators, system integrators, and LI solution vendors, understanding TS 103 120 is essential to building interception systems that are both standards-compliant and technically effective in modern network environments.
This article provides a detailed examination of ETSI TS 103 120, covering its scope, its relationship to other ETSI LI standards, the key technical concepts it introduces, and its practical implications for operators deploying lawful interception in IP networks. Whether you are building a new LI capability from scratch or upgrading an existing system to support modern network technologies, TS 103 120 is a specification you need to understand thoroughly.
What ETSI TS 103 120 Covers
ETSI TS 103 120 sits within the broader family of ETSI LI standards and focuses specifically on the handover of intercepted material from the operator’s network to the law enforcement monitoring facility (LEMF). The standard addresses the delivery of both intercept-related information (IRI) and content of communication (CC) over IP-based transport networks. It complements the foundational ETSI TS 102 232 series, which defines the core handover architecture, by providing specific guidance and protocol definitions for IP transport scenarios.
The need for TS 103 120 arose from the recognition that the original handover specifications, developed primarily with circuit-switched networks in mind, did not fully address the characteristics and challenges of IP-based networks. IP networks introduce issues such as packet reordering, variable latency, the need for reliable delivery of intercepted data, and the requirement to support multiple media types within a single session. TS 103 120 addresses these challenges by defining IP-optimised transport mechanisms and encoding formats for the handover interfaces.
The standard is designed to be used in conjunction with the ETSI TS 102 232 series, which defines the overall handover architecture and the data structures for IRI and CC. TS 103 120 does not replace TS 102 232 but rather extends it by specifying how the handover interfaces should be implemented in IP network environments. Operators and vendors should treat both specifications as essential references when designing LI systems for modern networks.
The Three Handover Interfaces
TS 103 120, like the broader ETSI LI framework, organises the handover of intercepted material through three interfaces: HI1, HI2, and HI3. Each interface serves a distinct function in the interception workflow, and TS 103 120 provides specific guidance on how each should be implemented in IP environments.
HI1 is the administrative interface, used for the exchange of interception orders, activation instructions, and status information between the law enforcement agency and the operator. In the IP context, HI1 may be implemented using secure web services, encrypted messaging protocols, or dedicated administrative platforms. TS 103 120 acknowledges that the specific implementation of HI1 is often determined by national requirements rather than by the standard itself, but it provides general guidance on security, authentication, and message formats.
HI2 is the interface for delivering intercept-related information — the metadata associated with intercepted communications. This includes information such as the identities of the communicating parties, timestamps, network identifiers, and session parameters. In IP networks, the IRI can be significantly more complex than in circuit-switched networks, reflecting the richer set of signalling and session management protocols used in IP communications. TS 103 120 defines the encoding and transport mechanisms for IRI delivery over IP, using ASN.1-based data structures carried over secure transport protocols.
HI3 is the interface for delivering the content of communications — the actual voice, data, or messaging content being intercepted. In IP networks, the CC may take many forms, including RTP streams for voice, IP packets for data sessions, and protocol-specific payloads for messaging services. TS 103 120 defines how this content should be encapsulated and delivered to the LEMF, including mechanisms for maintaining the temporal relationship between different media streams within a single intercepted session.
Key Technical Concepts
Several technical concepts introduced or refined by TS 103 120 are important for understanding how the standard works in practice. The first is the concept of the mediation function, which sits between the operator’s network and the LEMF and is responsible for translating the internal representation of intercepted data into the standardised formats defined by the handover interfaces. The mediation function is a critical component of any LI system and is the point at which the operator’s proprietary network protocols are mapped to the ETSI-standard handover formats.
The second concept is the use of ASN.1 (Abstract Syntax Notation One) for encoding IRI data. ASN.1 provides a formal, machine-readable notation for defining data structures, and its use in TS 103 120 ensures that IRI data can be unambiguously encoded, transmitted, and decoded across different implementations. While ASN.1 can be complex to work with, it provides the precision and interoperability that are essential for the reliable exchange of intercepted metadata between operators and law enforcement.
The third concept is the use of secure transport protocols for the delivery of intercepted material. TS 103 120 specifies the use of TLS (Transport Layer Security) for securing the HI2 and HI3 transport channels, and defines requirements for certificate management, cipher suite selection, and mutual authentication between the operator’s systems and the LEMF. The security of the handover interfaces is critical, as intercepted material is highly sensitive and must be protected against unauthorised access, modification, and interception during transport.
A fourth important concept is the handling of multi-stream sessions. In IP networks, a single communication session may involve multiple concurrent media streams — for example, a VoLTE call includes both a signalling stream (SIP) and one or more media streams (RTP). TS 103 120 defines how these multiple streams should be correlated and delivered to the LEMF in a way that preserves their temporal relationships and allows the law enforcement agency to reconstruct the complete communication session.
Relationship to ETSI TS 102 232
The ETSI TS 102 232 series is the cornerstone of the ETSI LI handover architecture. It defines the general framework, data structures, and procedures for the handover of intercepted material, organised into several parts covering different network technologies and service types. TS 103 120 builds on this foundation by providing IP-specific implementation guidance.
In practice, operators implementing LI in IP networks will need to reference both TS 102 232 and TS 103 120. TS 102 232 provides the data models and procedural framework, while TS 103 120 provides the transport-layer specifications for IP environments. The two standards are complementary, and neither is sufficient on its own for a complete implementation. Operators should also be aware of related standards in the TS 102 232 series that address specific network technologies, such as TS 102 232-5 for IP multimedia services and TS 102 232-6 for PSTN/ISDN services.
Practical Implications for Operators
For operators deploying LI in IP networks, TS 103 120 has several practical implications. The first is the requirement for a robust mediation function that can handle the complexity of IP-based communications. The mediation function must be capable of extracting IRI from various signalling protocols (SIP, Diameter, GTP, and others), capturing CC from multiple media types, encoding the extracted data in ASN.1 format, and delivering it securely to the LEMF over the HI2 and HI3 interfaces. This requires significant technical capability and ongoing maintenance as network technologies evolve.
The second implication is the need for interoperability testing with the LEMF. Because TS 103 120 defines a standardised interface, operators and law enforcement agencies must verify that their respective implementations are compatible. This typically involves formal testing against a set of reference scenarios, covering different communication types, target identification methods, and edge cases such as session handover, multi-party calls, and emergency services calls.
The third implication relates to scalability. IP networks can generate significantly more data per intercepted session than circuit-switched networks, particularly for data interception. Operators must ensure that their LI systems can handle the throughput requirements without introducing latency or data loss. The transport mechanisms defined by TS 103 120 include provisions for flow control and congestion management, but operators must also dimension their infrastructure appropriately.
A fourth practical consideration is the management of encryption. As more network traffic is encrypted — both at the application layer (TLS, DTLS) and at the transport layer (IPsec) — operators must implement their interception points at locations in the network where the target’s traffic is accessible in clear text. TS 103 120 does not address the question of how to intercept encrypted traffic; it assumes that the operator has access to the unencrypted content. The practical challenge of maintaining this access as encryption becomes more pervasive is one of the most significant issues facing LI practitioners today.
Evolution and Future Directions
TS 103 120 continues to evolve as network technologies advance. The migration to 5G, the proliferation of IoT devices, and the increasing use of cloud-native network architectures all present new challenges for the handover interfaces. ETSI’s Technical Committee on Lawful Interception (TC LI) is actively working on updates to the LI standards to address these developments, including the 5G-specific LI architecture defined in collaboration with 3GPP.
Operators should monitor the evolution of TS 103 120 and related standards to ensure that their LI systems remain compliant as new versions are published. The transition to 5G in particular introduces significant changes to the LI architecture, including new interfaces (X1, X2, X3) and new network functions that must be integrated into the interception framework. While TS 103 120 provides a solid foundation for IP-based handover, the 5G-specific standards add additional layers of complexity that operators must address.
结论
ETSI TS 103 120 is a critical specification for any operator deploying lawful interception in modern IP-based networks. It defines the transport mechanisms, encoding formats, and security requirements for the handover of intercepted communications to law enforcement, building on the foundational architecture of the TS 102 232 series. For operators, understanding and implementing TS 103 120 is essential to achieving standards-compliant LI in an IP network environment. As networks continue to evolve toward 5G and beyond, the principles and mechanisms defined in TS 103 120 will remain relevant, even as new standards and interfaces are introduced to address the specific requirements of next-generation network architectures.
相关文章
如需进一步了解相关主题,请浏览这些文章:
- HI1 vs HI2 vs HI3: Understanding the Three Lawful Interception Interfaces
- SIPREC vs ETSI LI: What’s the Difference and When Does Each Apply?
- How a Mediation Function Works: The Bridge Between Your Network and Law Enforcement
外部资源
以下外部资源提供了更多背景资料和官方文件: