LISSF

Lawful Interception State Storage Function

Security
Introduced in Rel-16
A standardized function for storing and managing the state information required for lawful interception (LI) operations in 3GPP networks. It ensures that interception-related data, such as target identities and active intercept requests, is persistently stored and available across network functions, supporting regulatory compliance and lawful access.

Description

The Lawful Interception State Storage Function (LISSF) is a core component within the 3GPP Lawful Interception (LI) architecture, specifically defined from Release 16 onwards. It operates as a centralized state repository, decoupling the storage of LI-related state information from the individual network functions that perform the interception, such as the Lawful Interception Function (LIF) or various Application Functions (AFs). This architectural separation is a key principle of modern, cloud-native network design. The LISSF stores critical data including the identities of targets under interception (e.g., IMSI, SUPI, MSISDN), the details of the authorized interception warrants, the current activation status of intercepts, and associated metadata required for session correlation and data delivery to the Law Enforcement Monitoring Facility (LEMF).

From a functional perspective, the LISSF provides a standardized state management service to other LI entities. When a new lawful interception authorization is received, the relevant administrative function (e.g., the Administration Function, ADMF) writes the target and warrant information into the LISSF. Subsequently, network functions like the Access Network, Core Network, or service delivery platforms query the LISSF to determine if a particular user session or service data unit is subject to interception. This query-response mechanism allows intercepting functions to apply the correct interception rules without needing to maintain complex, distributed state themselves. The LISSF ensures consistency and persistence of this state, which is crucial for intercept continuity during user mobility, handovers, or network function failures.

Its role is integral to achieving reliable and compliant LI in 5G System (5GS) and evolved networks. By providing a single source of truth for interception state, it simplifies the implementation of LI capabilities across a disaggregated and virtualized network environment. It supports interfaces defined in 3GPP TS 33.127 and TS 33.128, ensuring interoperability between different vendor implementations. The LISSF is a foundational element for enabling lawful access in a manner that aligns with network function statelessness principles, where the compute (intercepting function) and state (LISSF) are separated for improved scalability, resilience, and operational flexibility.

Purpose & Motivation

The LISSF was introduced to address the challenges of implementing Lawful Interception in modern, cloud-native 5G networks based on service-based architectures (SBA). Previous 3GPP releases relied on integrated LI state management within individual network elements, which became complex and inefficient in a disaggregated environment with stateless network functions. The move towards microservices and containerized functions, where instances can be dynamically created and destroyed, necessitated a centralized, external state storage mechanism to ensure intercept sessions were not lost during scaling events or failures.

Its creation was motivated by the need for a standardized, resilient, and scalable approach to LI state management. Without the LISSF, each network function would need to implement its own persistent storage and synchronization mechanisms for LI data, leading to duplication, potential inconsistencies, and increased development overhead. The LISSF solves this by providing a common service, simplifying the LI logic within intercepting functions and ensuring that the state of an active interception is maintained independently of the lifecycle of any specific network function instance. This is critical for meeting regulatory obligations that require reliable and uninterrupted interception capabilities, even as the underlying network infrastructure becomes more software-defined and elastic.

Key Features

  • Centralized storage for lawful interception state (target IDs, warrant info, activation status)
  • Decouples state persistence from stateless intercepting network functions
  • Provides standardized query interface for network functions to check interception status
  • Ensures intercept continuity during user mobility and network function failures
  • Supports the cloud-native, service-based architecture principles of 5G
  • Enables simplified implementation and compliance verification for LI

Evolution Across Releases

Rel-16 Initial

Initial introduction of the LISSF concept and architecture within the 5G Lawful Interception framework. Defined its role as a state storage repository separate from the intercepting functions, specifying its interfaces and the basic data model for storing interception-related information to support the stateless design of 5G Core Network functions.

TS 33.127TS 33.128

Defining Specifications

SpecificationTitle
TS 33.127 3GPP TR 33.127
TS 33.128 3GPP TR 33.128