Presentation is loading. Please wait.

Presentation is loading. Please wait.

WiNOT Consortium: Proposal for TGu I1 requirement (Emergency Calls)

Published bySzebasztián Sipos Modified over 5 years ago

Similar presentations

Presentation on theme: "WiNOT Consortium: Proposal for TGu I1 requirement (Emergency Calls)"— Presentation transcript:

1 WiNOT Consortium: Proposal for TGu I1 requirement (Emergency Calls)
Month Year doc.: IEEE yy/xxxxr0 January 2006 WiNOT Consortium: Proposal for TGu I1 requirement (Emergency Calls) Date: Authors: Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures < ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at Stefano M. Faccin, Nokia John Doe, Some Company

2 Month Year doc.: IEEE yy/xxxxr0 January 2006 WiNOT consortium This presentation is made on behalf of the WiNOT (Wireless NetwOrking Technology), comprising: Intel Nokia Siemens Panasonic STMicroeletronics Cingular BenQ TeliaSonera T-Mobile Stefano M. Faccin, Nokia John Doe, Some Company

3 Month Year doc.: IEEE yy/xxxxr0 January 2006 Abstract This document describes a complete proposal for requirement I1 Stefano M. Faccin, Nokia John Doe, Some Company

4 January 2006 TGu Requirement I1 Define IEEE functionality which would be required to support an Emergency Call (e.g. E911) service as part of an overall, multi-layer solution. Specifically: Capability Advertisement Authentication issues Stefano M. Faccin, Nokia

5 January 2006 Assumptions There is a higher layer standardized protocol that will allow emergency calls or related transactions to operate. The definition of such protocols is out of scope Any validation of the emergency services will occur at the higher layer rather than at the MAC layer. For example server side authentication could be achieved via PKI. Maintenance of an existing connection is not required when emergency occurs. Any pre-existing connection to the AP is discarded prior to emergency call. Stefano M. Faccin, Nokia

6 January 2006 System Requirements Access point has a dedicated connection to emergency services. This might be: Separate physical link Dedicated VLAN Tunnelling protocol When using the emergency channel, only emergency services can be accessed Connection to the emergency channel is made prior to the IEEE802.1X controlled port Stefano M. Faccin, Nokia

7 SME Architecture To DS To 911 Svcs 911 SVC manager controls
January 2006 Architecture To DS To 911 Svcs IEEE802.1X Authenticator 911 Svc Mgr 911 SVC manager controls emergency services channel switch based on the state from association services Association Svc 802.11 MAC SME Stefano M. Faccin, Nokia

8 Four Components Advertising Authentication Connection
January 2006 Four Components Advertising Authentication Connection Support of Mobility QoS Support Stefano M. Faccin, Nokia

9 January 2006 Advertising Use a 911 capability bit in beacons, Probe Response, and Neighbor Reports Stefano M. Faccin, Nokia

10 Authentication There is no authentication or 4-way handshake
January 2006 Authentication There is no authentication or 4-way handshake MAC: open authentication may be deprecated and skipped All data frames for the STA are passed to emergency service channel once service is invoked Keys are never plumbed. Transmissions remain open and unencrypted There is no requirement for confidentiality of emergency calls If encryption is needed, such measures should be done at a higher level, not at the LAN level Stefano M. Faccin, Nokia

11 January 2006 Connection STA indicates request for emergency service by setting the 911 capabilities bit during the association request. Receipt of an association request with the 911 capability bit set immediately results in tear-down of any existing security association for the station (if the station was already associated and authenticated) Stefano M. Faccin, Nokia

12 January 2006 Support of Mobility Assume that access to the emergency services has the same LLC transparency as the DS a transition to another AP would be transparent to the session STA does not use Fast Transition (FT) when making a transition during an emergency call the procedure with new AP is as for initial connection of emergency call with previous AP FT would require key material to be exchanged (which is not available) No issues since no i authentication with key derivation is executed, therefore the delays introduced by i in transition between APs do not apply Stefano M. Faccin, Nokia

13 January 2006 QoS Support QoS would become an issue if the AP was a QAP and all the bandwidth was allocated to other stations at higher priority Proposal address QoS for EDCA and HCCA, reusing 11e concepts Details to be added Stefano M. Faccin, Nokia

14 January 2006 Analysis wrt G1 G1: All proposals (whichever requirements they address) shall describe how they minimize battery consumption for mobile devices. Discovery/advertising: Discovery in beacons enables passive discovery => power saving is possible Discovery through probing may impact power saving, but is necessary in several scenarios Connection: power saving is not relevant Stefano M. Faccin, Nokia

15 Analysis wrt G2: Threats and solutions
January 2006 Analysis wrt G2: Threats and solutions G2: All proposals (whichever requirements they address) shall describe the security Station using emergency services is completely unauthenticated Any station can forge emergency calls, but this is not worst than current cellular system when there is no SIM Authentication of caller may be needed at higher level if so required by the higher level solution and if the station/user has credentials Authentication and credential at higher layer are used to identify the calling party to emergency services, not the information at layer (e.g. MAC address) Stefano M. Faccin, Nokia

16 Analysis wrt G2: Threats and solutions (cont.d)
January 2006 Analysis wrt G2: Threats and solutions (cont.d) Fake call to emergency services could cause disconnect of legitimate station a normally authenticated station would be disconnected by a rogue station issuing a E911 call with same MAC address however, the authenticated station will share credentials with the AP and these can be used to prevent an E911 call until the station has disassociated first this raises the stakes for the TGw "lock-out" problem since a locked out station would also be unable to make an emergency call. same threat already exists and will be dealt with in TGw / TGu Stefano M. Faccin, Nokia

17 Analysis wrt G2: Threats and solutions (cont.d)
January 2006 Analysis wrt G2: Threats and solutions (cont.d) Modification of association request from an unassociated/unauthenticated station could force station to connect to emergency service by mistake Attack: a man in the middle captures an association request and sets the E911 bit before forwarding to the AP This will not be detected since the association request is not MICed. However, the point is that the result is benign Not a security risk to the network Stefano M. Faccin, Nokia

18 Advantages of approach
January 2006 Advantages of approach Very simple approach No “Special case” authentication No tagging of data frames to enable their traversal of AP Protected data channel inaccessible during emergency calls Easily retrofitted Does not interact with existing i or r mechanisms Performed in connection with association request handling at lower layer than security association management. Stefano M. Faccin, Nokia

19 January 2006 Questions? Stefano M. Faccin, Nokia

Download ppt "WiNOT Consortium: Proposal for TGu I1 requirement (Emergency Calls)"

Similar presentations

Doc.: IEEE 802.11-06/0027r0 Submission January 2006 Slide 1 WiNOT Consortium: Proposal for online enrollment cluster Notice: This document has been prepared.

Doc.: IEEE /0027r0 Submission January 2006 Slide 1 WiNOT Consortium: Proposal for online enrollment cluster Notice: This document has been prepared.
Emergency Call Support

Emergency Call Support
Proposal for SSPN Interface Cluster

Proposal for SSPN Interface Cluster
Beacon Measurement on Pilot Frames

Beacon Measurement on Pilot Frames
Use of KCK for TGr Management Frame Protection

Use of KCK for TGr Management Frame Protection
Submission on comments to +HTC frames

Submission on comments to +HTC frames
[ Interim Meetings 2006] Date: Authors: July 2005

[ Interim Meetings 2006] Date: Authors: July 2005
Resource Request/Response Discussion

Resource Request/Response Discussion
Which Management Frames Need Protection?

Which Management Frames Need Protection?
Emergency Call number support

Emergency Call number support
TGu/TGv Joint Session Date: Authors: July 2005 July 2005

TGu/TGv Joint Session Date: Authors: July 2005 July 2005
LB73 Noise and Location Categories

LB73 Noise and Location Categories
LB73 Noise and Location Categories

LB73 Noise and Location Categories
Waveform Generator Source Code

Waveform Generator Source Code
TGu Closing Report Date: Authors: November 2005

TGu Closing Report Date: Authors: November 2005
TGr Architectural Entities

TGr Architectural Entities
Motion to accept Draft p 2.0

Motion to accept Draft p 2.0
Protected SSIDs Date: Authors: March 2005 March 2005

Protected SSIDs Date: Authors: March 2005 March 2005
Some Operator Requirements on Management

Some Operator Requirements on Management
3GPP liaison report July 2006

3GPP liaison report July 2006

Similar presentations

Ads by Google