7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes.

Slides:

Advertisements

Similar presentations

Additional Data related to an Emergency Call draft-ietf-ecrit-additional-data-00.txt Hannes Tschofenig Brian Rosen.

Advertisements

Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.

Brian Rosen Chair, Long Term Definition WG.  i1 = document older strategies for VoIP into  i2 = standard way to support VoIP on current E9-1-1.

LoST draft-ietf-ecrit-lost-02 ECRIT Working Group IETF 67 7 November 2006 Andrew Newton Henning Schulzrinne Hannes Tschofenig Ted Hardie.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

IETF 61 (November 2004) ECRIT1 Requirements and Architecture for Emergency Calling draft-schulzrinne-sipping-emergency-arch draft-schulzrinne-sipping-emergency-req.

March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.

Draft-ietf-ecrit-location-hiding-req Location Hiding: Problem Statement and Requirements Henning Schulzrinne, Laura Liess, Hannes Tschofenig, Barbara Stark,

Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.

Trade-offs and open issues with path discovery and transport or not all requirements are orthogonal… Henning Schulzrinne Columbia University

Integrated Security Model for SNMPv3 (ISMS) pronounced "is" "miss" David T. Perkins & Wes Hardaker 60 th IETF August 6, 2004.

March 2006IETF65 - ECRIT1 Emergency Service Identifiers draft-ietf-ecrit-service-urn-01 Henning Schulzrinne Columbia University

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

Ernst Langmantel Technical Director, Austrian Regulatory Authority for Broadcasting and Telecommunication (RTR GmbH) The opinions expressed in this presentation.

SDO Emergency Services Coordination Workshop (ESW06) 1 A Location-to-Service Translation Protocol (LoST) & Mapping Protocol Architecture Ted Hardie Andrew.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Monitoring for network security and management Cyber Solutions Inc.

Computer Security: Principles and Practice

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

1 Location Hiding Henning Schulzrinne Laura Liess Hannes Tschofenig.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning.

BGP Man in the Middle Attack Jason Froehlich December 10, 2008.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

A Routing Extension for HELD draft-winterbottom-ecrit-priv-loc-04 James Winterbottom Hannes Tschofenig Laura Liess.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

NEA Requirement I-D IETF 68 – Prague Paul Sangster Symantec Corporation.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne.

Web Caching and Replication Presented by Bhushan Sonawane.

Some use cases and requirements for handover Information Services Greg Daley MIPSHOP Session IETF 64.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

RDMAP/DDP Security Draft draft-ietf-rddp-security-00.txt Jim Pinkerton, Ellen Deleganes, Allyn Romanow, Bernard Aboba.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Emergency Context Resolution with Internet Technologies BOF (ecrit) Jon Peterson, Hannes Tschofenig BOF Chairs.

Protecting First-Level Responder Resources in an IP-based Emergency Services Architecture 13 th April 2007, THE FIRST INTERNATIONAL WORKSHOP ON RESEARCH.

ECRIT IETF 70 December 2007 Vancouver Hannes Tschofenig Marc Linsner Roger Marshall.

Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats-01.txt Hannes Tschofenig, Henning Schulzrinne, Murugaraj.

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

ECRIT requirements update draft-schulzrinne-ecrit-requirements-01 IETF 63 Aug 02, 2005 Roger Marshall

Emergency Context Resolution with Internet Technologies (ecrit) Hannes Tschofenig, Marc Linsner IETF 65.

Extensions to the Emergency Services Architecture for dealing with Unauthenticated and Unauthorized Devices draft-ietf-ecrit-unauthenticated-access-03.txt.

Stein-64 Slide 1 PW security requirements PWE3 – 64 th IETF 10 November 2005 Yaakov (J) Stein.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-03.txt Hannes Tschofenig, Henning.

DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.

Emergency Context Resolution with Internet Technologies (ecrit) Hannes Tschofenig, Marc Linsner IETF 66, Montreal, June 2006.

RMTP-II Security Considerations Brian Whetten GlobalCast Communications.

DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Sheng Jiang (Speaker) Xu Chen Xuan Song Huawei Neighbor Cache Protection in Neighbor Discover Protocol draft-jiang-v6ops-nc-prtection-01 IETF 77 V6OPS.

ECRIT - IETF 62 (March 2005) - Minneapolis 1 Requirements for Emergency Calling draft-schulzrinne-sipping-emergency-req-01 draft-ietf-sipping-sos-01 Henning.

Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.

ECRIT WG IETF-75 Trustworthy Location Bernard Aboba

Phil Hunt, Hannes Tschofenig

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

J. Bradley Sanso H. Tschofenig

Configuring and Troubleshooting Routing and Remote Access

Location Configuration at Layer 7

Hannes Tschofenig, Henning Schulzrinne, Bernard Aboba

ECRIT Architectural Considerations

draft-ietf-ecrit-rough-loc

Emergency Service Identifiers draft-ietf-ecrit-service-urn-01

Hannes Tschofenig Henning Schulzrinne M. Shanmugam

Henning Schulzrinne Hannes Tschofenig

Albeado - Enabling Smart Energy

Presentation transcript:

7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes Tschofenig, Tom Taylor IETF 64

7/11/2005ECRIT Security Considerations2 Emergency Call Routing Attack Points ??? ?? Call router Mapping client Mapping server PSAPPSAP Location provider Emergency responders Impersonation DOS Interception Modification Database corruption Threats: - disclosure - targeted DOS - mass DOS Impersonation - malicious dispatch Configuration corruption

7/11/2005ECRIT Security Considerations3 Architecture Determines Threat Perception If mapping is done at user client configuration time –lowers likelihood that attacks on mapping server are effective –raises likelihood that attack on user client itself would be effective If mapping is done at call time, and mapping client is a proxy –raises likelihood that attacks on mapping server would be effective –attack on user client itself less likely to be effective

7/11/2005ECRIT Security Considerations4 Authentication Issues Is it worth authenticating the mapping server? –if mapping is done at user agent configuration time? –if mapping is done by user agent at call time? –if mapping client is a proxy on the call path?

7/11/2005ECRIT Security Considerations5 Backup

7/11/2005ECRIT Security Considerations6 Current Draft Scope Threats –integrity and privacy –PSAP DOS –PSAP impersonation –mapping server DOS –mapping server impersonation Discussion of potential counter-measures Constraints on counter-measures –cost in terms of performance –deployment issues –regulatory and legal requirements Derived requirements

7/11/2005ECRIT Security Considerations7 Points Raised in List Discussion Performance burden of proposed measures –channel security –object signing What does user do if authentication fails? Need for security distinction between location by value and by reference Proposed DOS detection at mapping server doesn't work –all requests are anonymous –multiple requests from same IP address can be a valid condition Proposed countermeasures make impractical assumptions regarding trust anchors –depending on what responsibilities are given to the user client Object signing not enough to prevent replay

7/11/2005ECRIT Security Considerations8 More Points... Section 5.5 (Distributed Directory Security) out of scope Section 5.6 (Query-Response Verification) probably expendable Need security discussion of two more topics –location delivery –PSAP boundaries