Presentation is loading. Please wait.

Presentation is loading. Please wait.

Emergency Services Chitra S VOIP Security Fall 2008.

Published byKeven Chivers Modified over 10 years ago

Similar presentations

Presentation on theme: "Emergency Services Chitra S VOIP Security Fall 2008."— Presentation transcript:

1 Emergency Services Chitra S VOIP Security Fall 2008

2 2 Contents Problem with existing emergency model ECRIT Terminology used in emergency context Location-URI mapping and emergency call flow Emergency service identifiers – URN Location to Service Translation and LCP Typical Implementation Security Threats References Demo

3 3 Challenges - Problems with Existing Mechanism PSTN SystemIP based System Supports voice and textNeed to support real time multimedia: video, text, voice Organized locally or nationally Internet crosses national boundaries Few regionally limited telecom providers International standards for equipment and software needed Approximate routing often works (same switch, call number) Approximation does not work: Application/voice provider has no clue about location Internet access provider knows about location but dont know about emergency calls Tunneling mechanisms mask underlying topology

4 4 Emergency Context Resolution with Internet Technologies Internet technologies available to – describe location – manage call routing WG shows how to use these to enable communication in emergency context Solutions presented independent of – jurisdiction – central authority Multiple delegations within a jurisdiction can be handled independently

5 5 Terminology PSAP Voice Service Provider (ASP/VSP) Mapping server Facility where emergency calls are received under the responsibility of a public authority ESRP Geographic identification attached to a region Location Routing support entity that maps a location to a PSAP URI 911 112 String of digits used to reach the emergency service (0-9,*,#) Emergency number resolving a location to one or more PSAP URI Mapping Identifies an emergency service urn:service:sos.police Emergency service identifier/ URN An organization that provides IP network-layer services to its customers or users. Service provider that provides voice related services based on IP IAP Location info

6 6 Location Mapping and Call Routing Application/ Voice Service Provider Emergency caller ESRP Mapping Service PSAP Internet Access Provider Location Information Location Information (1) Might be available at the end host itself (2)Can also be obtained from ISP (3) Consult mapping service to determine appropriate PSAP + dial string (4) Might use aid of emergency call routing infrastructure elements that are call routing support entities (5) Location information is used for subsequent mapping requests (6) Consult mapping service to determine where to route call (7) For infrastructure based routing support entity needs to forward call to PSAP (8) May directly interact with PSAP where UE invokes mapping and initiates connection without relying on routing support entities

7 7 Emergency Call Flow Identify Emergency Call Determine Location Route to Correct PSAP Present call to call taker Dialing sequence for a given location is provided by mapping server. Location is central to operation of emergency services Routing determines the most appropriate PSAP for the location Call taker helps dispatch of an emergency responder

8 8 Identify Emergency Call - URN URN helps define global well known service URN identifies services independent of the protocol that is used to request or deliver the service The service URN is a protocol element and is generally not expected to be visible to humans e.g. callers still dial 911 Hierarchical, case-insensitive labels separated by period e.g. URN:service:sos.police URNs are not routable, Translate the service URN into a routable URI

9 9 Location-to-Service Translation Protocol for mapping service identifier and location information to a service URI Resolved recursively or iteratively. Supports caching Servers are identified using U-NAPTR/DDDS e.g. lostserver.example.com Query message: Location Information and service URN LoST Client LoST Server Query response: Uniform Resource Identifier (URI) Authoritative LoST Server Forward Query Get response

10 10 LoST Queries,,, Common Triggers are when: – client initially starts up or attaches to a network – client detects it is outside bounds of service region – SIP message arrives at a proxy performing location based call routing – Cached mapping information has expired – Invoking a particular service

11 11 End System Location Configuration Location may be specified as civic or geospatial value UA can obtain this from access network using Location Configuration Protocols (LCP) Mandatory to implement all LCPs established in I- D.ietf-ecrit-phonebcp Location information should be refreshed when the cache value expires Devices should get routing location immediately after obtaining local network configuration information Location Validation is required by some jurisdictions

12 12 Location Configuration Protocol DHCP Dynamic Host Configuration Protocol Civic/geospatial UA uses via REQUEST/ INFORM messages HELD HTTP Enabled Location Delivery Civic/geospatial Uses caller IP as identifier Returns location value or reference LLDP Link Layer Discovery Protocol Civic/Geospatial Location information directly from L2 network infrastructure Location Server Location Recipient Query with location info Location Dereferencing Client Location Configuration Protocol Location Formats http://www.emergency-services-coordination.info/2008Oct/slides/esw5-geopriv.ppt

13 13 SIP Registrar LIS LoST Servers Placing an Emergency Call ProxyESRPPSAP1 Caller PSAP2 PSAP3 LIS LoST Servers SIP Registrar Call taker LCP Request LCP Response SIP Register 200 OK LoST Query LoST Response Caller-Proxy INVITE Proxy ESRP INVITE ESRP-PSAP INVITE

14 14 https://mentor.ieee.org/802.11/file/07/11-07-0794-00-000u-nena-i3-archr-overview.ppt A Typical Implementation – NENA Architecture

15 15 Security Threats Attackers attacking system try to: Deny system services to all users in a given area Gain fraudulent use of services by using an emergency identifier to bypass normal authentication Divert emergency calls to non-emergency sites Attackers attacking individuals try to: Prevent individual from receiving aid Gain information from an emergency that can be applied: – against an individual involved or – to the profit of attacker

16 16 Security Threats PSAP Voice Service Provider (ASP/VSP) Mapping server ESRP Location Prevent individuals from receiving aid 911 112 To bypass normal procedures in order to achieve fraudulent use of services Emergency number Denial of Service Attack Impersonation of Server Corruption of Database Mapping urn:service:sos.police Emergency service identifier/ URN LIS To reduce effectiveness of ER system for caller(s) in an area

17 17 Security Threats – Suggested Solutions Attacks involving emergency identifier Call routing entity to verify that the destination address is that of PSAP Flooding AttackMapping protocol must not create new opportunities for this Insertion of interfering message Mapping client should verify that response received is for the query it sent out Man-in-middle modifi- cation of message Mapping client should be able to authenticate source of response Impersonation of mapping server Mapping server discovery should prevent impersonation of mapping server Corruption of mapping database Information in response should allow correlation with internal logs on mapping server

18 18 References Requirements for emergency context resolution with internet technologies (http://www.ietf.org/rfc/rfc5012.txt)http://www.ietf.org/rfc/rfc5012.txt URN for emergency and other well know services (http://www.ietf.org/rfc/rfc5031.txt)http://www.ietf.org/rfc/rfc5031.txt Security threats and requirements (http://www.ietf.org/rfc/rfc5069.txt)http://www.ietf.org/rfc/rfc5069.txt LoST (http://www.ietf.org/rfc/rfc5222.txt)http://www.ietf.org/rfc/rfc5222.txt LoST servers using DHCP (http://www.ietf.org/rfc/rfc5223.txt)http://www.ietf.org/rfc/rfc5223.txt Framework for emergency calling using internet multimedia (http://www.ietf.org/rfc/rfc5223.txt)

19 Backup Material

20 20 Mental Model User Equipment Emergency Response Context encloses individuals seeking help There could be multiple, overlapping contexts Physical location of the individual is critical Emergency Response Context can change in response to the load Caller Call TakerLocation Response

21 21 Emergency call using IP

22 22 Emergency call using VOIP https://mentor.ieee.org/802.11/file/07/11-07-0794-00-000u-nena-i3-archr-overview.ppt

23 23 URN – IANA Considerations Services and sub-services are maintained by IANA (rfc 2434) The top level service labels are sos and counseling Sub services for sos include ambulance, fire etc Service ReferenceDescription -------------------------------------------------------------------- counseling RFC 5031 Counseling services counseling.children RFC 5031 Counseling for children counseling.mental-health RFC 5031 Mental health counseling.suicide RFC 5031 Suicide prevention hotline sos RFC 5031 Emergency services sos.ambulance RFC 5031 Ambulance service sos.animal-control RFC 5031Animal control sos.fire RFC 5031Fire service

24 24 LoST Query Sample LoST Query Sample LoST Response

Download ppt "Emergency Services Chitra S VOIP Security Fall 2008."

Similar presentations

SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
Security Issues In Mobile IP

Security Issues In Mobile IP
Emergency Communication over IP Matt Lepinski

Emergency Communication over IP Matt Lepinski
1 IEEE 802.21 Media Independent Handoff Overview of services and scenarios for 3GPP2 Stefano M. Faccin 802.21 Liaison officer to 3GPP2.

1 IEEE Media Independent Handoff Overview of services and scenarios for 3GPP2 Stefano M. Faccin Liaison officer to 3GPP2.
Communicating over the Network

Communicating over the Network
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
The Internet and the World Wide Web. Una DooneySlide 2Internet and WWW What is the Internet? This is the physical infrastructure or backbone of computers,

The Internet and the World Wide Web. Una DooneySlide 2Internet and WWW What is the Internet? This is the physical infrastructure or backbone of computers,
Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.

Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.
INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.

INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Internet Standards- Emergency Services Hannes Tschofenig Mail comments to and/or

Internet Standards- Emergency Services Hannes Tschofenig Mail comments to and/or
VoIP i2 Architecture Part II

VoIP i2 Architecture Part II
Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)
Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.

Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.

Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Doc.: IEEE 802.11-08/0115r0 Submissions January 2008 Gabor Bajko, NokiaSlide 1 Support for un-authenticated Emergency Services Date: 2008-01-11 Authors:

Doc.: IEEE /0115r0 Submissions January 2008 Gabor Bajko, NokiaSlide 1 Support for un-authenticated Emergency Services Date: Authors:
Doc.: IEEE 802.11-02/243r0 Submission March 2002 James Kempf, DoCoMo LabsSlide 1 802.11 and IP James Kempf Seamoby WG Co-chair DoCoMo Labs USA

Doc.: IEEE /243r0 Submission March 2002 James Kempf, DoCoMo LabsSlide and IP James Kempf Seamoby WG Co-chair DoCoMo Labs USA
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA TCP/IP Protocol Suite and IP Addressing Halmstad University Olga Torstensson 035-167575

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA TCP/IP Protocol Suite and IP Addressing Halmstad University Olga Torstensson

Similar presentations

Ads by Google