Implementing TLS 1.3 in Lawful Intelligence

Locked digital padlock laid over data streams

Codes and ciphers have long been used to hide communications, and the practice continues to evolve and become more sophisticated and widespread today. When the first graphical internet browsers appeared in the 1990s, Netscape created secure sockets layer (SSL) to encrypt online communications. As vulnerabilities and other weaknesses were discovered with SSL, the technology was improved on and ultimately replaced by a more secure successor, transport layer security (TLS). In addition to protecting browser interactions by enabling HTTPS, TLS is used across multiple communications applications today, including text, voice, and video.

The first two versions of TLS — 1.0 and 1.1 — are generally no longer used. Released in 2008, TLS 1.2 is the most widely implemented version today, with extensive support from software, hardware, and browsers. TLS 1.3 is the newest production version, introduced in 2018 to better protect consumer privacy after several high-profile security vulnerabilities were discovered in TLS 1.2. The industry’s adoption of TLS 1.3 has been gradual, but continuous.

A core complexity of migrating from TLS 1.2 to TLS 1.3 is transitioning the full communication path from end-to-end. The interdependency of many network components provided by multiple vendors can slow progress towards implementing new standards. Nevertheless, it is clear that lawful intelligence operations will increasingly need to accommodate TLS 1.3 in the coming years, and as a market leader, SS8’s platform is already fully compatible with the enhanced security protocol.

Adapting to Evolving Standards

The security of encryption is significantly improved in TLS 1.3. The new standard eliminates ciphers that are no longer considered secure, makes encryption faster, and helps prevent certain other vulnerabilities such as “man-in-the-middle” cyberattacks. These advances reflect a general tightening of privacy protections in public networks, but they can also interfere with legitimate goals such as lawful interception. More specifically, pervasive encryption prevents access by law enforcement agencies (LEAs) to message contents, requiring investigations to refocus on message metadata and other breadcrumbs.

Using SS8’s Intellego XT’s powerful analytics engine, isolated data points can be woven together to reveal new insights. Investigators can map a suspect of interest’s actions and movements, helping them establish patterns of life, particularly with the addition of location intelligence. Often, this fusion of siloed information has significant implications. For example, any digital interaction by a person, from internet browsing to turning on a connected clothes dryer, might confirm that a person is in a home at the time officers serve a warrant.

Interactions with other individuals may suggest that additional subjects or devices need to be investigated. The SS8 platform provides comprehensive insights to help draw such conclusions, and the support tools to execute on them –  such as capabilities to obtain search warrants or other legal authorization to extend the scope of the investigation. To do so, it must be fully interoperable with network functions, regardless of the encryption technology they use. As the telecom industry continues to adopt TLS 1.3 in the coming years, SS8 helps position LEAs for uninterrupted insights.

Tactics for Extended Intelligence

Using advanced fusion and analytics tools, SS8 helps LEAs enhance their ability to create mission and situational intelligence from limited information. The SS8 platform has evolved in parallel with advances in network encryption, adapting to the need to extract comprehensive lawful intelligence from communications data without reading message payloads. For example, deep packet inspection can provide the applications and devices being used, as well as which parties are communicating with each other. This functionality is fully integrated into SS8’s Intellego XT, contributing to greater investigative insights for LEAs.

The SS8 platform also uses heuristics analysis to interpret information from encrypted data streams. This technique detects patterns within a message flow’s metadata and compares them against known digital signatures, which not only helps identify the applications being used, but the mode of communication such as chat, messaging, voice, or video. Like antivirus software providers, SS8 continually updates these signatures and transparently synchs all field deployments. Heuristics also provide more than just metadata analysis, such as timestamps and endpoint IP addresses.

Anticipating telecom industry trends and needs is a strategic imperative at SS8, and more than 20 years of industry leadership attests to that commitment. The SS8 platform is not only fully enabled for TLS 1.3, but other industry changes like the continuing adoption of distributed networks and cloud computing as well. More broadly, SS8 assumes a strategic role to help identify and address opportunities to improve encryption within lawful intelligence workflows. That effort includes both extending the scope of encryption where it is lacking, implementing privacy measures such as hashed identifiers to monitor suspects of interest, and promoting the adoption of up-to-date security standards like TLS 1.3. As network traffic volumes and speeds continue to increase, techniques such as these offer better protection of lawful intelligence data flows, which will be critical to the integrity of investigations, the safety of their participants, and the prevention of criminal activity.

About Franklin Recio

Franklin Recio has been with SS8 since its foundation. He has been involved in multiple roles including project management, services, sales, and product development. Currently, he’s in charge of Global Field Services implementation and the Acceler8 Alliances program to expand the relationships with other members of the ecosystem. Franklin has an engineering bachelor’s degree in Electronic Communications and a master’s degree in Upper Management and International Development. Currently, he’s pursuing a Ph.D. in Strategic Analysis and Sustainable Development at the Anahuac-Mayab University in Mexico. Learn more about Franklin on his LinkedIn profile here.

About SS8 Networks

As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that help save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.

Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.

LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.

Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.

To learn more, contact us at info@ss8.com.

Tweet Us @SS8       Follow Us LinkedIn

SS8 Newsletter

LATEST WEBINAR

THE DATA SILO DILEMMA FOR LAW ENFORCEMENT

How to Ingest, Filter and Query 5G Volumes

Webinar Presented by Kevin McTiernan

CLICK HERE to watch!