In standard PSTN Lawful Interception (LI)was achieved using wire taps and butt sets. In VoIP networks it is required to identify the VoIP session related to the person of interest. The ability to find the information of interest is often compared to finding a needle in a haystack. This is where Deep Packet inspection (DPI) has found its usefulness in lawful intercept. It acts as a pre-filter to narrow down the packets of interest in order to route the packets to a LI point.
IP networks mostly use Layer 2/Layer 3 routers and switches. The application and service layers have little or no visibility. IP traffic is all classified as the same application or from the same service. Therefore, in order to perform deep packet inspection at this level is usually by a fixed-string search within a packet. Obviously, with high speed connections, performing DPI in this manner would fail to maintain line speed. What is required is more intelligent DPI that inspects layers 2 through 7 and is application/protocol aware and understands the eventual flow of the data.
This is where application layer protocols such as SIP can be useful in filtering out the media streams of interest. Being able to establish correlation in the payloads and data flows can reveal useful information about a target. DPI of SIP messages allow the systems to identify type of service of the target is using and the format in which it is packaged to correctly decode the packet. For VoIP sessions, DPI of SIP will be important for monitoring scenarios such as session re-negotiations and call forwarding.
The SIP security will be critical and useful in next generation networks because the framework for delivering IP multimedia services is the IP Multimedia Subsystem (IMS) which tries to make use of SIP wherever possible. In addition, SIP and DPI can be used as an upper level of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Since SIP has a well specified format in both send and receive direction, the SIP messages are inspected for anomalies.