Protecting First-Level Responder Resources in an IP-based Emergency Services Architecture 13 th April 2007, THE FIRST INTERNATIONAL WORKSHOP ON RESEARCH.

Slides:

Advertisements

Similar presentations

March 2008IETF 71 (Philadelphia) - ECRIT1 Unauthenticated emergency communications Henning Schulzrinne Gabor Bajko S. McCann Hannes Tschofenig draft-schulzrinne-ecrit-unauthenticated-access-02.

Advertisements

ECRIT Direct Calling draft-winterbottom-ecrit-direct-01 James Winterbottom, Martin Thomson, Hannes Tschofenig, Henning Schulzrinne 1draft-winterbottom-ecrit-direct-01.

Internet Standards- Emergency Services Hannes Tschofenig Mail comments to and/or

Emergency Services Chitra S VOIP Security Fall 2008.

Internet Real-Time Lab, Columbia University NG9-1-1 Prototype Demo Jong Yul Kim, Wonsang Song, and Henning Schulzrinne.

1 5 th SDO Emergency Services Workshop October 2008 “sos” URI parameter for marking emergency requests Milan Patel 5 th SDO Emergency Services Workshop.

Out of Jurisdiction Emergency Routing draft-winterbottom-ecrit-priv-loc-01.txt James Winterbottom, Hannes Tschofenig, Laura Liess.

Risks with IP-based Emergency Services draft-ietf-ecrit-trustworthy-location.

Origins of ECRIT IETF has been working on location since 2000 –Spatial BoF, eventually GEOPRIV chartered in 2001 GEOPRIV provides location information.

Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.

Internet Real-Time Lab, Columbia University Emergency Calling for VoIP Wonsang Song, Jong Yul Kim, and Henning Schulzrinne.

Draft-ietf-ecrit-location-hiding-req Location Hiding: Problem Statement and Requirements Henning Schulzrinne, Laura Liess, Hannes Tschofenig, Barbara Stark,

Internet E-911 System Henning Schulzrinne and Knarig Arabshian Department of Computer Science Columbia University

Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.

Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.

SDO Emergency Services Coordination Workshop (ESW06) 1 Emergency Service Identifiers Presented by Henning Schulzrinne Columbia University

An SAIC Company Telcordia View of NENA Progress on VoIP Migration Plan Telcordia Contacts: Nadine Abbott (732) An SAIC Company.

March 2006IETF65 - ECRIT1 Emergency Service Identifiers draft-ietf-ecrit-service-urn-01 Henning Schulzrinne Columbia University

Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA.

Location Hiding: Problem Statement, Requirements, (and Solutions?) Richard Barnes IETF 71, Philadelphia, PA, USA.

SDO Emergency Services Coordination Workshop (ESW06) Report Hannes Tschofenig IETF 67, San Diego, November 2006.

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

Ernst Langmantel Technical Director, Austrian Regulatory Authority for Broadcasting and Telecommunication (RTR GmbH) The opinions expressed in this presentation.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Emergency calls related work done in IETF Gabor Bajko May 22, 2006.

SDO Emergency Services Coordination Workshop (ESW06) 1 A Location-to-Service Translation Protocol (LoST) & Mapping Protocol Architecture Ted Hardie Andrew.

NENA Next Generation Architecture

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Status and Development of VoIP based emergency calls Alexander Mayrhofer, nic.at GmbH The 1st European Security and Safety Summit Brussels, June 2007.

Draft-rosen-ecrit-emergency- framework-00 Brian Rosen NeuStar CPa

1 Location Hiding Henning Schulzrinne Laura Liess Hannes Tschofenig.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning.

CP-a Emergency call stage 2 requirements - A presentation of the requirements from 3GPP TS Keith Drage.

A Routing Extension for HELD draft-winterbottom-ecrit-priv-loc-04 James Winterbottom Hannes Tschofenig Laura Liess.

November 2005IETF64 - ECRIT1 Emergency Service Identifiers draft-ietf-sipping-sos-01 draft-schulzrinne-sipping-service-01 Henning Schulzrinne Columbia.

PSAP Callback draft-ietf-ecrit-psap-callback Phone BCP Status Usage Scenarios.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks Haitham Cruickshank University of Surrey workshop on Ubiquitous.

1 911 Background  Traditional 911 ~6,000 PSAPs in the US Selective routers route calls to correct PSAP –Operated by carriers –Relies on DB of fixed subscriber.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

Emergency call assurance. Highest-level goals Protect PSAP resources –network resources –call takers Protect first-responder resources –unnecessary dispatch.

ECRIT Basic Reqs draft-stastny-ecrit-requirements Richard Stastny Brian Rosen IETF62 Minneapolis.

ECRIT - Getting Certain URIs, and Alternatives to Getting Emergency Dialstring(s) draft-polk-ecrit-lost-server-uri-00 draft-polk-dhc-ecrit-uri-psap-esrp-00.

Emergency Context Resolution with Internet Technologies BOF (ecrit) Jon Peterson, Hannes Tschofenig BOF Chairs.

Public Safety Answering Point (PSAP) Callbacks draft-ietf-ecrit-psap-callback-02.txt H. Schulzrinne, H. Tschofenig, M. Patel.

ECRIT IETF 70 December 2007 Vancouver Hannes Tschofenig Marc Linsner Roger Marshall.

August 2005IETF63 - SIMPLE1 Solving the identity crisis draft-ietf-geopriv-common-policy-05 Henning Schulzrinne Aki Niemi Hannes Tschofennig Jonathan Rosenberg.

Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats-01.txt Hannes Tschofenig, Henning Schulzrinne, Murugaraj.

Internet Real-Time Lab, Columbia University NG9-1-1 Prototype Demo Jong Yul Kim, Wonsang Song, and Henning Schulzrinne.

NetCri'07 LoST: A Protocol for Mapping Geographic Locations to Public Safety Answering Points Henning Schulzrinne, Hannes Tschofenig, Andrew Newton, Ted.

Emergency Text Messaging using SIP MESSAGE draft-kim-ecrit-text-00

Extensions to the Emergency Services Architecture for dealing with Unauthenticated and Unauthorized Devices draft-ietf-ecrit-unauthenticated-access-03.txt.

7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-03.txt Hannes Tschofenig, Henning.

LoST Sync draft-ietf-ecrit-lost-sync-08.txt Henning Schulzrinne Hannes Tschofenig.

Emergency Context Resolution with Internet Technologies (ecrit) Hannes Tschofenig, Marc Linsner IETF 66, Montreal, June 2006.

ECRIT - IETF 62 (March 2005) - Minneapolis 1 Requirements for Emergency Calling draft-schulzrinne-sipping-emergency-req-01 draft-ietf-sipping-sos-01 Henning.

ECRIT WG IETF-75 Trustworthy Location Bernard Aboba

12th April 2007, SDO Emergency Services Workshop 2007

The Domain Policy DDDS Application

Location Configuration at Layer 7

Henning Schulzrinne Dept. of Computer Science Columbia University

Hannes Tschofenig, Henning Schulzrinne, Bernard Aboba

Henning Schulzrinne Stephen McCann Gabor Bajko Hannes Tschofenig

Emergency Service Identifiers draft-ietf-ecrit-service-urn-01

Hannes Tschofenig Henning Schulzrinne M. Shanmugam

Emergency call assurance

Solving the identity crisis draft-ietf-geopriv-common-policy-05

IEEE Emergency Services

Presentation transcript:

Protecting First-Level Responder Resources in an IP-based Emergency Services Architecture 13 th April 2007, THE FIRST INTERNATIONAL WORKSHOP ON RESEARCH CHALLENGES IN NEXT GENERATION NETWORKS FOR FIRSTRESPONDERS AND CRITICAL INFRASTRUCTURES’; IN CONJUNCTION WITH IEEE IPCCC 2007, NEW ORLEANS, LOUISIANA, APRIL Hannes Tschofenig, Henning Schulzrinne, Murugaraj Shanmugam, Andrew Newton

Scope  Citizen-to-Authority Emergency Services

Threat Models (1)  External adversary model: The target, e.g., an emergency caller whose location is going to be communicated, is honest and the adversary may be located between the target and the location server or between the target and the PSAP. None of the emergency service infrastructure elements act maliciously.

Threat Models (2)  Malicious emergency infrastructure adversary model: The emergency call routing elements, such as the location server, the LoST infrastructure or call routing elements, are malicious.

Threat Models (3)  Malicious target adversary model: The target itself acts maliciously. This adversary model is in the main focus of the subsequent solution approaches.

Overview  The chosen architecture impacts security.  Focus on PSAP resource exhaustion: 1.Location Spoofing 2.Call Identity Spoofing

Location Spoofing Threats  Place Shifting: Trudy, the adversary, pretends to be at an arbitrary location.  Time Shifting: Trudy pretends to be at a location she was a while ago.  Location Theft: Trudy observes Alice’s location and replays it as her own.  Location Swapping: Trudy and Malory, located in different locations, can collude and swap location information and pretend to be in each other’s location.

Location Spoofing Solution Approaches  Placement of SIP Proxy in the Access Network  Location by Reference  Location Signing

PSAP / Call Taker Mapping Server SIP proxy SOS caller (3)Location Location + Service Identifier (4) PSAP URI (5) INVITE urn:service:sos To: urn:service:sos (2) INVITE PSAP URI To: urn:service:sos (6) (1) dial dialstring LIS Placement of SIP Proxy in the Access Network  Deployment challenge  Security between SIP Proxy & PSAP: Increased number of proxies => trust problems  Does not help with the identity aspect (unless an IMS like system is used)

LIS SIP proxy PSAP / Call Taker Request Location Reference (2) Reference (3) INVITE PSAP URI To: urn:service:sos (5) INVITE PSAP URI To: urn:service:sos (6) (4) dial dialstring Location Reference  SIP Proxy does not need to be in the access network  PSAP contacts LIS and authenticates him.  Increased number of LIS => trust problems SOS caller Dereference (7) (8)

LIS SIP proxy PSAP / Call Taker Request Signed Location (2) Signed Location (3) INVITE PSAP URI To: urn:service:sos (5) INVITE PSAP URI To: urn:service:sos (6) (4) dial dialstring Location Signing  SIP Proxy does not need to be in the access network  PSAP verifies signed location object  Solution technically more challenging SOS caller

Identity Spoofing  Solution to Identity Spoofing: Authenticated Emergency Calls  Authenticated identity useful for Post-Mortem analysis (if the identity can be linked to a real-world entity)  Two types of identities:  Authentication at the ISP/ASP  Authentication at the VSP  Identities can appear in various flavors:  P-Asserted Identity  SIP Identity / SIP SAML  End-to-End Security  Ease of deployment: Provider asserted identity  Does not work nicely with unauthenticated networks* * If unauthenticated also refers to unauthenticated SIP emergency calls rather than plain unauthenticated network access.

Summary

Conclusion  Various solution proposals have been discussed for some time.  Unfortunately, a proper model for evaluation is missing to determine the tradeoff between complexity vs. benefits.  Input from the research community is appreciated.  Join the ECRIT & GEOPRIV mailing list: