Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECRIT WG IETF-75 Trustworthy Location Bernard Aboba

Published byGeorgiana Davis Modified over 6 years ago

Similar presentations

Presentation on theme: "ECRIT WG IETF-75 Trustworthy Location Bernard Aboba"— Presentation transcript:

1 ECRIT WG IETF-75 Trustworthy Location Bernard Aboba
draft-tschofenig-ecrit-trustworthy-location Bernard Aboba Wednesday July 29, 2009 Please join the Jabber room:

2 Some Recent Headlines The problem of “prank” emergency calls is
The problem of “prank” emergency calls is substantial and quite serious.

3 Identity and Location Many (most?) “swatting” cases involve both identity spoofing and location spoofing. On the wired PSTN, caller-ID spoofing effectively enables location spoofing. However, trustworthiness of identity and location are independent issues. Examples: Emergency calls made over a wireless network providing trusted location but unauthenticated access Experience with unloaded and/or inactive SIM cards in Germany: Situations where location is not available to the PSAP (e.g. Austria)

4 Additional Issues with VOIP
Potential for authentication at multiple layers (link layer, voice) Popularity of anonymous/unauthenticated access (e.g. hot spots) Lack of relationship between link/network layer identity (e.g. IP addr, MAC addr, NAI) and SIP AoR Additional attack vectors

5 Threat Models External attacker Malicious infrastructure
The attacker is located between the end host and the location server or between the end host and the PSAP. Malicious infrastructure The attacker gains control of the emergency call routing elements (the LIS, the LoST infrastructure or call routing elements) Malicious end host The end host acts maliciously, whether under the control of the owner or not (e.g. acting as a bot).

6 Location Spoofing Attacks
Place shifting: the attacker claims to be at a location (either inside or outside the uncertainty band) that is significantly different from their own. Time shifting: the attacker claims to currently be at a previously visited location. Location theft: the attacker claims someone else’s location as their own. This can include collusion (e.g. location swapping).

7 NENA i2 Requirements for “Trustworthy Location”
Attribution to a Specific Trusted Source Section 3.7: The i2 solution proposes a Location Information Server (LIS) be the source for distributing location information within an access network. Furthermore the validity, integrity and authenticity of this information are directly attributed to the LIS operator. Implications Where location depends on information contributed by parties trusted by neither the access, voice or LIS operator, this condition cannot be met. Trustworthiness is a property of a system, not a protocol.

8 Example LLDP-MED endpoint move detection notifications providing data to a LIS implementing HELD. Location data based on client LLDP announcements, not source IP or MAC addresses. Enables an end-run around return reachability PIDF-LO (even when signed!) cannot provide “trustworthy location” since location is attributable to the client, not the LIS!

9 Potential Solutions Location signing (Section 5.1)
Location by reference (Section 5.2) Proxy adding location (Section 5.3)

10 Location Signing From NENA-i2 Section 3.7:
The location object should be digitally signed. The certificate for the signer (LIS operator) should be rooted in VESA. For this purpose, VPC and ERDB operators should issue certs to LIS operators. The signature should include a timestamp. Where possible, the Location Object should be refreshed periodically, with the signature (and thus the timestamp) being refreshed as a consequence. Antispoofing mechanisms should be applied to the Location Reporting method.

11 LbyR Dereference Models
Authorization by possession Anyone in possession of the LbyR can obtain location Incompatible with location hiding Authorization via Access Control Lists (ACLs) Only those enabled for access can obtain location

12 Operational Concerns Credential & ACL management Digital timestamping
Are VPC and ERDB operators prepared to operate as Certificate Authorities? What are the pre-requisites for certificate issuance? How do PSAPs manage ACLs and LbyR credentials? Digital timestamping Are LIS operators required to support time synchronization? Is it possible for personnel to reset the clock? Anti-spoofing What mechanisms need to be put in place to enable “attribution to the LIS”? What prevents “cutting and pasting” of signed PIDF-LOs or LbyRs?

13 Some Closing Questions
Is the NENA i2 notion of “attribution to the LIS” achievable in practice? If not, what is an alternative definition of “trustworthy location”? “Auditability after the fact”? Determination of “Prank call” probability with an acceptable rate of false positives?

14 Feedback?

Download ppt "ECRIT WG IETF-75 Trustworthy Location Bernard Aboba"

Similar presentations

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
28-May-07 802.1 Interim - Geneva 802.1AB-Rev Proposal for Device Specific Location Delivery over Wireless LAN.

28-May Interim - Geneva 802.1AB-Rev Proposal for Device Specific Location Delivery over Wireless LAN.
IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.

IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.

Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.
LoST draft-ietf-ecrit-lost-02 ECRIT Working Group IETF 67 7 November 2006 Andrew Newton Henning Schulzrinne Hannes Tschofenig Ted Hardie.

LoST draft-ietf-ecrit-lost-02 ECRIT Working Group IETF 67 7 November 2006 Andrew Newton Henning Schulzrinne Hannes Tschofenig Ted Hardie.
Detection of Network Attachment (DNA) in IPv4 Bernard Aboba Microsoft Draft-aboba-dhc-nad-ipv4-00.txt DNA BOF IETF 57 Vienna, Austria Monday, July 15,

Detection of Network Attachment (DNA) in IPv4 Bernard Aboba Microsoft Draft-aboba-dhc-nad-ipv4-00.txt DNA BOF IETF 57 Vienna, Austria Monday, July 15,
Www.opendaylight.org Secure Network Bootstrapping Infrastructure May 15, 2014.

Secure Network Bootstrapping Infrastructure May 15, 2014.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Risks with IP-based Emergency Services draft-ietf-ecrit-trustworthy-location.

Risks with IP-based Emergency Services draft-ietf-ecrit-trustworthy-location.
STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.

STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.
Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.

Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.

Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
An SAIC Company Telcordia View of NENA Progress on VoIP Migration Plan Telcordia Contacts: Nadine Abbott (732) 699-6901 An SAIC Company.

An SAIC Company Telcordia View of NENA Progress on VoIP Migration Plan Telcordia Contacts: Nadine Abbott (732) An SAIC Company.

Similar presentations

Ads by Google