Enlarging Lawful Interception Capabilities with Control-Plane Analysis for User Activity Detection

The continuous usage of end-to-end encryption in 5G and Beyond 5G (B5G) networks presents new challenges for Law Enforcement Agencies (LEAs) seeking to detect user activities without access to encrypted data. This paper presents a control-plane Lawful Interception (LI) procedure, where control-plane signaling messages are used to detect user activity without decrypting data-plane traffic. Specifically, Non-Access Stratum (NAS) signaling messages captured during Packet Data Unit (PDU) session establishment are used to identify the nature of user services (i.e., Data Network Name (DNN)). Moreover, the proposed control-plane LI procedure is validated through a proof-of-concept implementation based on Open5GS, UERANSIM, and OpenLI within a containerized testbed. Herein, validation results confirm that the analysis of control-plane data allows for the reliable identification of active user sessions. This is achieved while ensuring full compliance with LI requirements and maintaining a minimal impact on user privacy.