Securing LBO VoLTE roaming with multiple Escrow Agents

The fourth generation cellular mobile broadband, Long-Term Evolution (LTE), provides high speed Internet via Internet Protocol (IP). Today's wireless infrastructure paves the way to a connected society where high speed Internet is seamlessly available at all times for anyone to use. To achieve this, a mobile service subscriber can no longer be bound to a single network provided by a single operator. Thus, roaming constitutes a key pillar in shaping the connected society.

Local Breakout (LBO) Voice over Long-Term Evolution (VoLTE) roaming enables a mobile service subscriber to breakout from its home network, and to use network services in a visited network. LBO requires control signalling and user data to be routed over several Public Land Mobile Networks (PLMNs), thus making mobile service subscriber's the subject of Lawful Intercept (LI) across multiple networks.

This thesis project proposes a Law Enforcement Monitoring Provider (LEMP) architecture to be deployed within a cell phone. LEMP serves to distribute (and create key shares from) cryptographic keys across multiple PLMNs. The result enables LI despite the fact that there may be multiple network operators involved while preserving communication privacy.

Keywords: LTE, VoLTE, LBO, Lawful Intercept, Multiple Escrow Agents, Shamir's Secret Sharing