Presentation is loading. Please wait.

Presentation is loading. Please wait.

Location Measurements Martin Thomson, IETF-77 draft-thomson-geopriv-held-measurements Location Generator Location Server Device Target Location Recipient.

Published byMaryann Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "Location Measurements Martin Thomson, IETF-77 draft-thomson-geopriv-held-measurements Location Generator Location Server Device Target Location Recipient."— Presentation transcript:

1 Location Measurements Martin Thomson, IETF-77 draft-thomson-geopriv-held-measurements Location Generator Location Server Device Target Location Recipient Rule Maker 1

2 Geopriv/Internet Location Options for positioning are limited in the current architecture ◦ HELD, DHCP provide purely network-based positioning  Wiremap tracing  Network based timing ◦ Device-based positioning is purely autonomous  GPS  User-provided location 2

3 Co-operative Positioning Location Generator Device Access Network The LG can retrieve information from the network The LG has knowledge of the network topology The Device can take measurements 3 Cooperation between LIS/LG and Device enables more positioning options: A-GPS, radio timing (RTT, TDOA), radio camera

4 Security Problems Using measurements to: A.gain someone else’s location B.extract information about network topology C.indirectly spoof location 4

5 Problem A: Get Someone Else’s Location Attacker somehow gets measurements for a victim The LIS authorizes a request based on identity The LIS does not check that the measurement is valid and produces the victim’s location Limitations: in most cases, it’s quite hard to get measurements for someone else ◦ This is easy only if you know the victim’s location ◦ Additional measures might be necessary for some cases  e.g. LLDP exposes information that might be used 5

6 Problem B: Network Topology Mapping Based on the previous method By repeatedly guessing measurements an attacker might acquire a map of the network ◦ Matching measurements to locations ◦ Determining network coverage and other potentially sensitive information Limited by the same mechanisms Place a rate limit on requests from clients 6

7 Problem C: Lying by Proxy It’s one thing to lie about your location It’s another thing entirely to get someone else to do your lying for you Measurements can be spoofed to coerce a LIS/LG to provide a falsified location ◦ Any credibility granted to the LIS/LG above that of the Device is thereby gained ◦ It’s straightforward to spoof measurements 7

8 Option 1: “We don’t need no water…” Existing location systems are trivially spoofed…and no one seems to care Location information is largely produced for ultimate use by Targets (navigation, etc…) ◦ There is no gain in spoofing for these applications These systems aren’t a fair comparison ◦ A number of factors limit the feasibility of spoofing in existing systems ◦ Locked hardware, difficulty of implementation, advanced knowledge, limited and controlled device deployments The Internet community is resourceful enough to overcome these inconveniences 8

9 Option 2: Check your inputs Measurements can be checked ◦ Just as we have mandated for identifiers Works for A, B, and C Doesn’t work for all types of measurements ◦ A network-based location service cannot check every type of measurement ◦ Would invalidate many methods ◦ …and severely constrain others 9

10 Option 3: Sanity check outputs Compare the result of using measurements with an independently obtained location It’s only possible to get a more accurate result if you can tolerate some uncertainty Limits scope of attacks, doesn’t prevent them LG determined location Bad: outside uncertainty Probably ok 10

11 Option 4: Assign blame Make it clear when location information is based on information that wasn’t checked ◦ Create new labels for PIDF-LO that identify the nature of the source (LIS/Device/Other) ◦ Could be used to address shortcomings of the previous option Could also include verified data that is appropriately labelled Decisions on trust are handled by recipients ◦ Recipients exercise option 1 at their discretion ◦ More accurate location is available 11

12 Actions draft-thomson-geopriv-held-measurements ◦ Describes one protocol mechanism for exchanging measurements ◦ A framework for providing measurements Aside from the problem presented today ◦ The set of measurements and the protocol interactions need definition ◦ Is this work headed in the right direction? Location Generator Device 12

Download ppt "Location Measurements Martin Thomson, IETF-77 draft-thomson-geopriv-held-measurements Location Generator Location Server Device Target Location Recipient."

Similar presentations

Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.

Brief-out: Isolation Working Group Topic discussion leader: Ken Birman.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Operating System Security

Operating System Security
Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.

Call Server LIS VPC ESGW SR Manhattan PSAP LO=Wall St Route=Manhattan PSAP The Location Object (LO) is provided in the call setup information to the Call.
Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Access Control Methodologies

Access Control Methodologies
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.

Module 20 Troubleshooting Common SQL Server 2008 R2 Administrative Issues.
Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University

RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
CORDRA Philip V.W. Dodds March 2004. The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Similar presentations

Ads by Google