TPKT

Transport Packet

Security
Introduced in Rel-15
A standardized packet format defined in 3GPP for securely transporting Lawful Interception (LI) related information, such as intercepted content or intercept related information, from a Lawful Interception function to a Law Enforcement Monitoring Facility. It ensures structured, reliable, and secure delivery of intercepted data.

Description

The Transport Packet (TPKT) is a crucial protocol data unit within the 3GPP Lawful Interception (LI) architecture, specified primarily in TS 33.108. It defines a standardized container format for encapsulating and transporting intercepted communication content (CC) and intercept related information (IRI) across the Handover Interface (HI). The TPKT structure is designed to be independent of the underlying transport network protocol (e.g., TCP/IP, UDP, or others as agreed between operators and law enforcement), providing a consistent application-layer framing mechanism. A TPKT consists of a well-defined header and a payload section. The header contains fields such as packet length, version, and sequence numbers, which facilitate packet delineation, reassembly, and integrity checking at the receiving end.

Operationally, the Mediation Function (MF) or the Administration Function (ADMF) within the network operator's domain generates TPKTs. When a target subscriber's communications are to be intercepted, the network elements (like the GMLC, MSC, or PGW) deliver raw interception data to the MF. The MF then formats this data—which could be voice packets, SMS, packet data, or associated metadata like call details—into TPKT structures. Each TPKT payload contains a specific type of intercepted information, and multiple TPKTs may be used to stream a continuous interception session. The packets are then securely transmitted over the HI to the Law Enforcement Monitoring Facility (LEMF). At the LEMF, the TPKTs are decapsulated, and the payload is processed and presented to the authorized personnel.

The architecture of TPKT ensures several key requirements for lawful interception: reliability, sequence integrity, and support for multiplexing different interception jobs. The packet length field allows receivers to correctly identify packet boundaries even over stream-oriented transports like TCP. Sequence numbers help in detecting packet loss or reordering, which is critical for maintaining the chronological fidelity of intercepted communications. Furthermore, the TPKT format can accommodate different encoding schemes for the payload (e.g., ASN.1 encoding for IRI) as defined in the 3GPP standards. Its role is to act as the common lingua franca for interception data exchange, abstracting the complexities of various network technologies (2G, 3G, 4G, 5G) and service types into a unified transport mechanism that meets regulatory obligations.

Purpose & Motivation

The TPKT was created to solve the problem of heterogeneous and non-standardized data delivery formats in early lawful interception implementations. Prior to its standardization, different network equipment vendors and operators used proprietary formats to deliver intercepted information to law enforcement agencies (LEAs). This lack of interoperability created significant challenges for LEAs who had to manage multiple, incompatible reception systems, increasing costs and complexity. The primary motivation for defining TPKT in 3GPP was to establish a single, standardized packet format that could be used globally, ensuring that interception data from any compliant network could be received and processed by any standardized LEMF.

Its introduction in Release 15 was part of a broader effort to refine and future-proof the LI architecture for evolving network technologies, including 5G. The TPKT addresses the need for a secure, reliable, and efficient transport mechanism that guarantees the integrity and confidentiality of sensitive intercepted data as it traverses from the operator's domain to the lawful authority. It also provides a framework for handling high-volume, real-time interception data flows associated with modern high-speed services. By defining a clear packet structure, it simplifies the development of mediation and monitoring systems, reduces errors in data interpretation, and ensures that lawful interception processes adhere to legal requirements for data authenticity and auditability.

Key Features

  • Standardized packet format for Lawful Interception data transport
  • Contains header with length, version, and sequence number fields
  • Encapsulates both Intercept Related Information (IRI) and Communication Content (CC)
  • Transport-agnostic design, usable over TCP, UDP, or other protocols
  • Supports multiplexing of multiple interception sessions
  • Ensures data integrity and sequence preservation for audit trails

Evolution Across Releases

Rel-15 Initial

Introduced the TPKT as a standardized transport mechanism for LI over the Handover Interface. Defined the packet structure, header fields, and encapsulation rules to replace proprietary formats, ensuring interoperability between network operators and law enforcement agencies for 5G and legacy systems.

TS 33.108

Defining Specifications

SpecificationTitle
TS 33.108 3GPP TR 33.108