Risks with IP-based Emergency Services draft-ietf-ecrit-trustworthy-location.

Slides:

Advertisements

Similar presentations

2 Introduction A central issue in supporting interoperability is achieving type compatibility. Type compatibility allows (a) entities developed by various.

Advertisements

Colombo, Sri Lanka, 7-10 April 2009 Preferential Telecommunications Service Access Networks Lakshmi Raman, Senior Staff Engineer Intellectual Ventures.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

<<Date>><<SDLC Phase>>

AARNet Copyright 2011 Network Operations Cisco Unified Communications Manager SIP Trunking Bill Efthimiou APAN33 SIP workshop February 2012.

1 5 th SDO Emergency Services Workshop October 2008 “sos” URI parameter for marking emergency requests Milan Patel 5 th SDO Emergency Services Workshop.

Out of Jurisdiction Emergency Routing draft-winterbottom-ecrit-priv-loc-01.txt James Winterbottom, Hannes Tschofenig, Laura Liess.

Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.

Managing Data Resources

Page 1 Building Reliable Component-based Systems Chapter 17 - Architectural Support for Reuse Chapter 17 Architectural Support for Reuse.

Stephen S. Yau CSE , Fall Security Strategies.

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

Design and Implementation of SIP-aware DDoS Attack Detection System.

Location Hiding: Problem Statement, Requirements, (and Solutions?) Richard Barnes IETF 71, Philadelphia, PA, USA.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.

Voice over Internet Services and Privacy. Agenda Problem Description Scope Recommendations.

our digital memory accessible tomorrow A future with no history meets a history with no future: perspectives on how much we should know.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

-framework Brian Rosen. -11 version deals with IESG comments All comment resolved one way or another One open issue – spec(t)

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

B2BUA – A New Type of SIP Server Name: Stephen Cipolli Title: System Architect Date: Feb. 12, 2004.

An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks Haitham Cruickshank University of Surrey.

Distributed Computing COEN 317 DC2: Naming, part 1.

Event Management & ITIL V3

9,825,461,087,64 10,91 6,00 0,00 8,00 Information and Communication Networks HiPath ProCenter Compact.

Draft-rosen-ecrit-emergency- framework-00 Brian Rosen NeuStar CPa

Requirements, Terminology and Framework for Exigent Communications H. Schulzrinne, S. Norreys, B. Rosen, H. Tschofenig.

Application Policy on Network Functions (APONF) G. Karagiannis and T.Tsou 1.

1 Location Hiding Henning Schulzrinne Laura Liess Hannes Tschofenig.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

CP-a Emergency call stage 2 requirements - A presentation of the requirements from 3GPP TS Keith Drage.

The State of VoIP Peering Charles Studt Director of Product Management, VoEX.

(we need your advice!) Jon Peterson MIT– December 2010 IETF & Privacy.

Presentation Overview

Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #

SIP working group IETF#70 Essential corrections Keith Drage.

California Public Utilities Commission MLTS E9-1-1 Caller Location Information Proceeding (R ) Public Workshop California Office July 27,

Security Vulnerabilities in A Virtual Environment

Core VoIP and 911 issues and alternatives Henning Schulzrinne Columbia University August 2003.

The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.

Network Reliability and Interoperability Council VII NRIC Council Meeting Focus Group 1B Network Architectures for Emergency Communications in 2010 September.

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

Protecting First-Level Responder Resources in an IP-based Emergency Services Architecture 13 th April 2007, THE FIRST INTERNATIONAL WORKSHOP ON RESEARCH.

E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.

Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats-01.txt Hannes Tschofenig, Henning Schulzrinne, Murugaraj.

1 Certification and Accreditation CS Unit 4:RISK MANAGEMENT Jesus Gonzalez Kalpana Bahunoothula Jocelyne Farah.

ECRIT requirements update draft-schulzrinne-ecrit-requirements-01 IETF 63 Aug 02, 2005 Roger Marshall

Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

Extensions to the Emergency Services Architecture for dealing with Unauthenticated and Unauthorized Devices draft-ietf-ecrit-unauthenticated-access-03.txt.

Negotiating the Deal. New Venture Story Short narrative of factual or imagined events Emphasizes goals and merits of venture through the story Often personal.

U.S. DOT Next Generation Project: A National Framework and Deployment Plan Summit for Large Cities Chicago, IL – May 21, 2009.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Managing Data Resources File Organization and databases for business information systems.

ECRIT WG IETF-75 Trustworthy Location Bernard Aboba

Information Security, Theory and Practice.

THIS IS THE WAY ENUM Variants Jim McEachern

12th April 2007, SDO Emergency Services Workshop 2007

Hannes Tschofenig, Henning Schulzrinne, Bernard Aboba

Thoughts on VoIP and Emergency Calling

Hannes Tschofenig Henning Schulzrinne M. Shanmugam

How to Mitigate the Consequences What are the Countermeasures?

Appropriate Access InCommon Identity Assurance Profiles

Presentation transcript:

Risks with IP-based Emergency Services draft-ietf-ecrit-trustworthy-location

Status Emergency services build on top of existing IP-based communication infrastructure. – As such, they inherit the security problems from the underlying infrastructure. – But many of the same security mechanisms are applicable as well. Most severe problems are related to a special form of distributed denial of service attacks: – EENA document tries to investigate “False Emergency Calls” in a more structured way: – Swatting is a particular problem: draft-ietf-ecrit-trustworthy-location discusses these problems. – Views them from the angle of location (at least from the title although the text looks at it from a broader perspective). – But it does not offer a vision on how to deal with the problem.

False Calls

False Calls, cont.

Number of reasons for false calls. Many of them cannot be “solved” via technical means! What is our story to deal with hoax calls/swatting? Note: Problem is not unique to IP-based emergency services. Legacy networks also suffer from these problems.

Mapping Database PSAP Location Location + Service Identifier PSAP URI + emergency number Location Information Server INVITE Dial GPS Info VSP SIP Proxy INVITE

The Attribution Problem* Attribution … – Requires to identify the agent responsible for the action – Determining the identity or location of an attacker (or an attacker’s intermediary). Four aspects of attribution: – Types: if users are expected to be identified in some way, what is the source of that identity, and what can we conclude about the utility of different sorts of identity? – Timing: what are the different roles of attribution before, during and after an event? – Investigators: how might different parties exploit attribution as a part of deterrence? – Jurisdiction: what are the variations that we can expect across different jurisdictions, and how might this influence our choices in mechanism design? (*) D. Clark, S. Landau, “Untangling Attribution”, in Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing, 2010.

Types of Identity Goal: real-world identity of the emergency caller Can only be obtained via resolution steps: – SIP AoR and resolution via VSP – IP address and resolution via ISP/IAP – Entirely independent mechanism (which does not yet exist, like emergency service certificates). Requires in-person identity proofing (and higher level of assurance infrastructure) during user registration.

Location Physical location of adversary may help PSAP call taker in decision making. Spoofable to a certain degree since the location configuration steps are vulnerable to manipulation. Assumes network provided location – Rules out many practical deployments.

Timing Before the Fact: Prevention or degradation – Example: Disallow SIM-less emergency calls Ongoing: Attribution as a Part of normal Activity – Example: Education about cost of emergency services infrastructure. During the Fact: Mitigation – Example: Signal ‘false call’ warning to caller. After the Fact: Retribution – Example: Take person to court.

Our Recommendations? Can we better describe solution possibilities and their challenges. Example challenges: – identity proofing is expensive – problems with different jurisdictions being involved – Traversing links from digital identity to real-world entity and physical location is difficult (and chain easily breaks) – Knowing the location of the adversary does not immediately lead to the real-world entity There are non-technical challenges and solutions as well.