Presentation is loading. Please wait.

Presentation is loading. Please wait.

7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes.

Published byDayna Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes."— Presentation transcript:

1 7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes Tschofenig, Tom Taylor IETF 64

2 7/11/2005ECRIT Security Considerations2 Emergency Call Routing Attack Points sos @? ??? ?? Call router Mapping client Mapping server PSAPPSAP Location provider Emergency responders Impersonation DOS Interception Modification Database corruption Threats: - disclosure - targeted DOS - mass DOS Impersonation - malicious dispatch Configuration corruption

3 7/11/2005ECRIT Security Considerations3 Architecture Determines Threat Perception If mapping is done at user client configuration time –lowers likelihood that attacks on mapping server are effective –raises likelihood that attack on user client itself would be effective If mapping is done at call time, and mapping client is a proxy –raises likelihood that attacks on mapping server would be effective –attack on user client itself less likely to be effective

4 7/11/2005ECRIT Security Considerations4 Authentication Issues Is it worth authenticating the mapping server? –if mapping is done at user agent configuration time? –if mapping is done by user agent at call time? –if mapping client is a proxy on the call path?

5 7/11/2005ECRIT Security Considerations5 Backup

6 7/11/2005ECRIT Security Considerations6 Current Draft Scope Threats –integrity and privacy –PSAP DOS –PSAP impersonation –mapping server DOS –mapping server impersonation Discussion of potential counter-measures Constraints on counter-measures –cost in terms of performance –deployment issues –regulatory and legal requirements Derived requirements

7 7/11/2005ECRIT Security Considerations7 Points Raised in List Discussion Performance burden of proposed measures –channel security –object signing What does user do if authentication fails? Need for security distinction between location by value and by reference Proposed DOS detection at mapping server doesn't work –all requests are anonymous –multiple requests from same IP address can be a valid condition Proposed countermeasures make impractical assumptions regarding trust anchors –depending on what responsibilities are given to the user client Object signing not enough to prevent replay

8 7/11/2005ECRIT Security Considerations8 More Points... Section 5.5 (Distributed Directory Security) out of scope Section 5.6 (Query-Response Verification) probably expendable Need security discussion of two more topics –location delivery –PSAP boundaries

Download ppt "7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes."

Similar presentations

Additional Data related to an Emergency Call draft-ietf-ecrit-additional-data-00.txt Hannes Tschofenig Brian Rosen.

Additional Data related to an Emergency Call draft-ietf-ecrit-additional-data-00.txt Hannes Tschofenig Brian Rosen.
Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.

Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.
Brian Rosen Chair, Long Term Definition WG.  i1 = document older strategies for VoIP into 9-1-1  i2 = standard way to support VoIP on current E9-1-1.

Brian Rosen Chair, Long Term Definition WG.  i1 = document older strategies for VoIP into  i2 = standard way to support VoIP on current E9-1-1.
LoST draft-ietf-ecrit-lost-02 ECRIT Working Group IETF 67 7 November 2006 Andrew Newton Henning Schulzrinne Hannes Tschofenig Ted Hardie.

LoST draft-ietf-ecrit-lost-02 ECRIT Working Group IETF 67 7 November 2006 Andrew Newton Henning Schulzrinne Hannes Tschofenig Ted Hardie.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
IETF 61 (November 2004) ECRIT1 Requirements and Architecture for Emergency Calling draft-schulzrinne-sipping-emergency-arch draft-schulzrinne-sipping-emergency-req.

IETF 61 (November 2004) ECRIT1 Requirements and Architecture for Emergency Calling draft-schulzrinne-sipping-emergency-arch draft-schulzrinne-sipping-emergency-req.
March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.

March 2009 (IETF 74)IETF - P2PRG1 Security Issues and Solutions in Peer-to- peer Systems for Real-time Communications draft-schulzrinne-p2prg-rtc-security-00.
Draft-ietf-ecrit-location-hiding-req Location Hiding: Problem Statement and Requirements Henning Schulzrinne, Laura Liess, Hannes Tschofenig, Barbara Stark,

Draft-ietf-ecrit-location-hiding-req Location Hiding: Problem Statement and Requirements Henning Schulzrinne, Laura Liess, Hannes Tschofenig, Barbara Stark,
Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.

Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.
Trade-offs and open issues with path discovery and transport or not all requirements are orthogonal… Henning Schulzrinne Columbia University

Trade-offs and open issues with path discovery and transport or not all requirements are orthogonal… Henning Schulzrinne Columbia University
Integrated Security Model for SNMPv3 (ISMS) pronounced is miss David T. Perkins & Wes Hardaker 60 th IETF August 6, 2004.

Integrated Security Model for SNMPv3 (ISMS) pronounced "is" "miss" David T. Perkins & Wes Hardaker 60 th IETF August 6, 2004.
March 2006IETF65 - ECRIT1 Emergency Service Identifiers draft-ietf-ecrit-service-urn-01 Henning Schulzrinne Columbia University

March 2006IETF65 - ECRIT1 Emergency Service Identifiers draft-ietf-ecrit-service-urn-01 Henning Schulzrinne Columbia University
ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.
Ernst Langmantel Technical Director, Austrian Regulatory Authority for Broadcasting and Telecommunication (RTR GmbH) The opinions expressed in this presentation.

Ernst Langmantel Technical Director, Austrian Regulatory Authority for Broadcasting and Telecommunication (RTR GmbH) The opinions expressed in this presentation.
SDO Emergency Services Coordination Workshop (ESW06) 1 A Location-to-Service Translation Protocol (LoST) & Mapping Protocol Architecture Ted Hardie Andrew.

SDO Emergency Services Coordination Workshop (ESW06) 1 A Location-to-Service Translation Protocol (LoST) & Mapping Protocol Architecture Ted Hardie Andrew.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Monitoring for network security and management Cyber Solutions Inc.

Monitoring for network security and management Cyber Solutions Inc.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

Similar presentations

Ads by Google