Proposal for Emergency Services Requirement

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0450r0 Submission March 2006 Eleanor Hepworth, Siemens Roke ManorSlide 1 Proposal for Emergency Service Support Notice: This document.
Advertisements

802.11u and Emergency Services
Emergency Call Support
Beacon Measurement on Pilot Frames
Use of KCK for TGr Management Frame Protection
Secure 3-Party Protocol
[ Interim Meetings 2006] Date: Authors: July 2005
Resource Request/Response Discussion
Which Management Frames Need Protection?
Emergency Services signalling for WLAN
Emergency Call number support
TGu/TGv Joint Session Date: Authors: July 2005 July 2005
Lightweight Mesh Point – A confusing term
LB73 Noise and Location Categories
LB73 Noise and Location Categories
Waveform Generator Source Code
Japanese Emergency Call Regulation
TGu Closing Report Date: Authors: November 2005
New Twist on More Data Bit
Attendance and Documentation for the March 2007 Plenary
3GPP Extended Date: Authors: July 2005 July 2005
Motion to accept Draft p 2.0
Protected SSIDs Date: Authors: March 2005 March 2005
Some Operator Requirements on Management
3GPP liaison report July 2006
Proposal for a Generic Emergency Call Support
Pre-Authentication Authentication of Management Frames
TGp Closing Report Date: Authors: March 2006 Month Year
Emergency Call Motion Date: Authors: January 2006
Contribution on Location Privacy
Liaison Request from TIA TR-41.4
Proposal for User Plane Cluster
Diagnostics and Troubleshooting
Lightweight Mesh Point – A confusing term
R8E4 and XML Date: January 12th 2006 Authors: January 2006
TGp Closing Report Date: Authors: March 2006 Month Year
Reflector Tutorial Date: Authors: July 2006 Month Year
TGu Closing Report Date: Authors: September 2005
Proposal for Emergency Services Requirement
ADS Study Group Mid-week Report
Protection Assurance Method
TGu-changes-from-d0-01-to-d0-02
LB73 Noise and Location Categories
Impact of KTP Non-definition
WAPI Position Paper Sept 2005 Sept 2005 IEEE WG
Document Motions Date: Authors: November 2005 November 2005
Off-channel selection
Liaison to TIA TR-41.4 from IEEE
Lightweight Mesh Point – A confusing term
Liaison Request from TIA TR-41.4
STA Location for emergency call support in SSPN interface
Proposed Changes for LB81 Comments
EC Motions – July 2005 Plenary
Location Capability Negotiation
EAP Method Requirements for Emergency Services
Lightweight Mesh Point – A confusing term
Transition Nowhere Date: Authors: Sept 2005 Sept 2005
Use of More Data Field Date: Authors: Nov 2005 Month Year
Requirement Motions Date: Authors: July 2005 July 2005
TGu Motions Date: Authors: May 2006 May 2006
TGu Requirements Check
Multiple Networks Date: Authors: July 2005 July 2005
IMS Emergency Call Requirements & Emergency Call number support
Reserve Option Contradiction
WiNOT Consortium: Proposal for TGu I1 requirement (Emergency Calls)
Lightweight Mesh Point – A confusing term
WAPI Position Paper Sept 2005 Sept 2005 IEEE WG
Use of KCK for TGr Management Frame Protection
Use of KCK for TGr Management Frame Protection
Ready to transition/ Clear to transition
Presentation transcript:

Proposal for Emergency Services Requirement Month Year doc.: IEEE 802.11-yy/xxxxr0 March 2006 Proposal for Emergency Services Requirement Date: 2006-01-16 Authors: Notice: This document has been prepared to assist IEEE 802.11. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.11. Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures <http:// ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair <stuart.kerry@philips.com> as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE 802.11 Working Group. If you have questions, contact the IEEE Patent Committee Administrator at <patcom@ieee.org>. Stefano M. Faccin, Nokia John Doe, Some Company

Month Year doc.: IEEE 802.11-yy/xxxxr0 March 2006 Abstract This document describes a complete proposal for requirement I1 . These slides refer to document 06/0288r1. Stefano M. Faccin, Nokia John Doe, Some Company

March 2006 TGu Requirement I1 Define IEEE 802.11 functionality which would be required to support an Emergency Call (e.g. E911) service as part of an overall, multi-layer solution. Specifically: Capability Advertisement Authentication issues Stefano M. Faccin, Nokia

Clarifications Need to distinguish between March 2006 Clarifications Need to distinguish between IEEE 802.11 emergency services  direct support in IEEE 802.11 of such services, independently of what solutions are adopted at higher protocol layers support of higher layer emergency services  if the user dials “911” in a VoIP application (e.g. SIP based), the VoIP application may simply setup a SIP call, in which case it is transparent to 802.11. This would result in the establishment of a higher layer emergency service. In other cases, the terminal may react by dropping the connections for the VoIP application, and use the 802.11 emergency calls solution. Stefano M. Faccin, Nokia

March 2006 Key components Three key components of a TGu emergency services solution are: Network selection – determining whether the network provides support for emergency services. This is an extension of the network selection process. Network join – the STA needs to be able to join the network without any user credentials Admission control and traffic conditioning – the emergency services traffic needs to be admitted to the network as a high priority, and given appropriate QoS treatment. In addition, the AP needs to limit the use of the emergency service network access to emergency service traffic. Stefano M. Faccin, Nokia

March 2006 Assumptions It is assumed that there is a high layer standardized protocol (or protocol suite) for making emergency calls or using any other emergency services. Any authentication or encryption of the emergency services can occur at the higher layer rather than at the MAC layer. Maintenance of an existing connection is not required when the STA needs to make use of the emergency services. A pre-existing association with the AP could be discarded prior to the emergency call. Typically, in today’s networks supporting emergency services, there is no need and no interest in maintaining the current services and connections, since the priority is on the establishment of emergency services. The access point separates the backhaul of emergency services traffic from other traffic. This may be in the form of a separate physical link, dedicated VLAN, tunnelling protocol, etc. When using the emergency communications access only emergency services can be accessed. Access point has a dedicated connection to emergency services. This might be: Separate physical link Dedicated VLAN Tunnelling protocol Stefano M. Faccin, Nokia

SME Architecture To DS To 911 Svcs 911 SVC manager controls March 2006 Architecture To DS To 911 Svcs IEEE802.1X Authenticator 911 Svc Mgr 911 SVC manager controls emergency services channel switch based on the state from association services Association Svc 802.11 MAC SME Stefano M. Faccin, Nokia

Four Components Advertising Authentication Connection March 2006 Four Components Advertising Authentication Connection Support of Mobility Traffic Handling Stefano M. Faccin, Nokia

March 2006 Advertising Use a 911 capability bit in beacons, Probe Response, and Neighbor Reports Stefano M. Faccin, Nokia

Authentication There is no authentication or 4-way handshake March 2006 Authentication There is no authentication or 4-way handshake 802.11 MAC: open authentication may be deprecated and skipped All data frames for the STA are passed to emergency service channel once service is invoked Keys are never plumbed. Transmissions remain open and unencrypted There is no requirement for confidentiality of emergency calls If encryption is needed, such measures should be done at a higher level, not at the LAN level Stefano M. Faccin, Nokia

March 2006 Connection If TGw is supported, the STA performs an authenticated de-association. If TGw is not supported, the STA simply de-associates STA indicates request for emergency service by setting an “emergency services capabilities bit” during the association request in the Association Request frame. Setting the bit guarantees acceptance of the association request by the AP (subject to protocol compatibility) and no 802.11i 4-way handshake is required since no keys have been created due to authentication and therefore no encryption keys need to be setup between the STA and the AP. Receipt of an association request with the 911 capability bit set immediately results in tear-down of any existing security association for the station (if the station was already associated and authenticated) Stefano M. Faccin, Nokia

March 2006 Support of Mobility Assume that access to the emergency services has the same LLC transparency as the DS a transition to another AP would be transparent to the session Support of mobility in the direct signaling solution can take advantage of Fast Transition (FT), since support for FT in non-RSN is being revised. Support of mobility in VAP-solutions can also take advantage of FT. Stefano M. Faccin, Nokia

Traffic Handling Segregation of E911 traffic: Filtering March 2006 Traffic Handling Segregation of E911 traffic: all data frames generated by an STA that has asserted emergency services during the association request are bridged to a specific VLAN or routed to a specific router that only handles emergency call setup. In this way, there would be not point for a bad guy (BG) in connecting except for making the emergency call. Filtering In order to avoid abusive use of this proposed emergency services mechanisms, the AP should provide filtering mechanisms to limit the user traffic to only that necessary to make an emergency call. If such filtering is not in place then a malicious user may be able to get priority use of an access point, and be able to transfer arbitrary data without authentication. Any charging mechanisms would also be evaded. Such mechanisms are however out of scope Stefano M. Faccin, Nokia

March 2006 Analysis wrt G1 G1: All proposals (whichever requirements they address) shall describe how they minimize battery consumption for mobile devices. Discovery/advertising: Discovery in beacons enables passive discovery => power saving is possible Discovery through probing may impact power saving, but is necessary in several scenarios Connection: power saving is not relevant Stefano M. Faccin, Nokia

Analysis wrt G2: Threats and solutions March 2006 Analysis wrt G2: Threats and solutions G2: All proposals (whichever requirements they address) shall describe the security Station using emergency services is completely unauthenticated Any station can forge emergency calls, but this is not worst than current cellular system when there is no SIM Authentication of caller may be needed at higher level if so required by the higher level solution and if the station/user has credentials Authentication and credential at higher layer are used to identify the calling party to emergency services, not the information at 802.11 layer (e.g. MAC address) Stefano M. Faccin, Nokia

Analysis wrt G2: Threats and solutions (cont.d) March 2006 Analysis wrt G2: Threats and solutions (cont.d) Fake call to emergency services could cause disconnect of legitimate station a normally authenticated station would be disconnected by a rogue station issuing a E911 call with same MAC address however, the authenticated station will share credentials with the AP and these can be used to prevent an E911 call until the station has disassociated first this raises the stakes for the TGw "lock-out" problem since a locked out station would also be unable to make an emergency call. same threat already exists and will be dealt with in TGw / TGu Stefano M. Faccin, Nokia

Analysis wrt G2: Threats and solutions (cont.d) March 2006 Analysis wrt G2: Threats and solutions (cont.d) Modification of association request from an unassociated/unauthenticated station could force station to connect to emergency service by mistake Attack: a man in the middle captures an association request and sets the E911 bit before forwarding to the AP This will not be detected since the association request is not MICed. However, the point is that the result is benign Not a security risk to the network Stefano M. Faccin, Nokia

Advantages of approach March 2006 Advantages of approach Very simple approach No “Special case” authentication No tagging of data frames to enable their traversal of AP Protected data channel inaccessible during emergency calls Easily retrofitted Does not interact with existing 802.11i or 802.11r mechanisms Performed in connection with association request handling at lower layer than security association management. Stefano M. Faccin, Nokia