Presentation is loading. Please wait.

Presentation is loading. Please wait.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning.

Published byOphelia Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning."— Presentation transcript:

1 GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne IETF 66, Montreal, June 2006

2 Design Team Henning Schulzrinne Barbara Stark Marc Linsner James Winterbottom Martin Thomson Rohan Mahy Brian Rosen Jon Peterson Hannes Tschofenig

3 Idea Obtain –location information (by value and by reference) –subscription URI from the access network. Do this independent from the underlying link layer and network topology.

4 Scenario: DSL Environment +---------------------------+ +----------+ | | | +-------+-------------------+ | Access Network Provider | | | | | | | | | +-------------+ | | +--------+ | | | | NTE | | | | Node | | | | +-------------+ | | +--------+ +----------+ | | | | | | | | | LIS | | | | | | | | +---| | | | | +--------------+ | | | +----------+ | | | | Device with | | | | | | | | NAPT and | | +-------+-------------------+ | | | DHCP server | | | | | +--------------+ | Access Network | | | | | Provider demarc | | | | | | | +------+ | | | | | End | | +--------------------------+ | | Host | | | +------+ | | | |Customer Premises Networks | | | +---------------------------+

5 Scenarios (cont.) WiMax-like Fixed Access –Feeding/Fixed Wireless Access Scenario Wireless Access

6 Location Information Server (LIS) Discovery DNS Multicast Packet interception/Redirection Security aspects related to discovery procedure.

7 Identifier for Location Determination Properties: –Known by the End Host –Possibility for Location Determination –Security Properties A number of identifiers being discussed. IP address seems to be the only reasonable identifier...

8 Location-by-Reference and Location Subscriptions Location-by-Reference: –Avoid sending the location itself. Location Subscription: –Enable node to use SIP mechanisms to subscribe for location of someone.

9 Authenticated Calls and Signed Location Information Mechanisms to limit DoS attacks What do you sign? –PIDF-LO or civic/geo-info –What identity do you sign?

10 Requirements (1/5) L7-1: In a DSL environment the location is that of the NTE/NAPT, e.g., the DSL or cable modem. Any devices behind a NAT box or other in- home device is reported as being at the location of the NTE/NAPT. L7-2: The system should work even if end systems move, either with or without change of network attachment point or network address.

11 Requirements (2/5) L7-3: There is no business or trust relationship between the provider of application-layer (e.g., SIP, XMPP, H.323) services and the network operating the LIS. L7-4: There is generally a trust relationship between the LIS and the L2/L3 provider.

12 Requirements (3/5) L7-5: Residential NAT devices and NTEs in an DSL environment cannot be modified to support additional protocols, to pass additional information through DHCP, etc. L7-6: If the L2 and L3 provider for the same host are different entities, they cooperate and can establish trust relationships for the purposes needed to determine end system locations.

13 Requirements (4/4) L7-7: Networks do not always require network access authentication (example: many open community wireless networks). The solution must not assume prior network access authentication. L7-8: End systems may not know the precise properties of their residential NAT and the network topology of the access network, but can determine their IP address(es) via other mechanisms.

14 Requirements (5/5) L7-9: Multiple devices, located in different physical locations, may share the same L2/L3 credentials ("account", "user name/password") with the L2/L3 provider and LIS. L7-10: At least one end of a VPN is aware of the VPN. In an enterprise scenario, the enterprise side will provide the LIS used by the client and can thereby detect whether the LIS request was initiated through a VPN tunnel.

15 Security Framework Threat model: Whom do we trust when it comes to obtaining location information? Different types of adversaries need to be considered: –off-path –on-path –active –passive

16 Security Requirements We want to prevent that... An end system can be pretend to be in an arbitrary location. An end system can pretend to be in a location it was at a while ago. An attacker can observe Alice's location and use it to generate its own location information. An attacker can observe Alice's location. An attacker can observe both Alice's location and her L7 identifier. Alice and Bob, located at different location, can collude and swap location objects and pretend to be in each other's location.

17 Questions.. Comments?

Download ppt "GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning."

Similar presentations

Mobile IP.. 45-7028-115-6. How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
ECRIT Direct Calling draft-winterbottom-ecrit-direct-01 James Winterbottom, Martin Thomson, Hannes Tschofenig, Henning Schulzrinne 1draft-winterbottom-ecrit-direct-01.

ECRIT Direct Calling draft-winterbottom-ecrit-direct-01 James Winterbottom, Martin Thomson, Hannes Tschofenig, Henning Schulzrinne 1draft-winterbottom-ecrit-direct-01.
SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.

SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
1 Basic Installation and GUI Tech 130. 2 Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.

1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP)
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.

Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.

July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.
Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.

Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.
Cooperation in Wireless Networks Andrea G. Forte Henning Schulzrinne November 14, 2005.

Cooperation in Wireless Networks Andrea G. Forte Henning Schulzrinne November 14, 2005.
1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.

Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Remote Networking Architectures

Remote Networking Architectures
ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.
Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.

Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Similar presentations

Ads by Google