GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning.

Slides:



Advertisements
Similar presentations
Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Advertisements

ECRIT Direct Calling draft-winterbottom-ecrit-direct-01 James Winterbottom, Martin Thomson, Hannes Tschofenig, Henning Schulzrinne 1draft-winterbottom-ecrit-direct-01.
SAVI Requirements and Solutions for ISP IPv6 Access Network ISP-access-01.txt.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
1 Basic Installation and GUI Tech Basic Installation and GUI : Objectives  Installing the Quadro  Configuring the Quadro  Installing IP phones.
Layer 2 Tunneling Protocol (L2TP)
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.
NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.
Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.
Cooperation in Wireless Networks Andrea G. Forte Henning Schulzrinne November 14, 2005.
1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Remote Networking Architectures
ECRIT interim meeting - May Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.
Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.
Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;
– Chapter 5 – Secure LAN Switching
Application-Layer Mobility Using SIP Henning Schulzrinne, Elin Wedlund Mobile Computing and Communications Review, Volume 4, Number 3 Presenter: 許啟裕 Date:
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
November st IETF MIP6 WG Mobile IPv6 Bootstrapping Architecture using DHCP draft-ohba-mip6-boot-arch-dhcp-00 Yoshihiro Ohba, Rafael Marin Lopez,
1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.
 An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Requirements, Terminology and Framework for Exigent Communications H. Schulzrinne, S. Norreys, B. Rosen, H. Tschofenig.
1 Location Hiding Henning Schulzrinne Laura Liess Hannes Tschofenig.
Identities and Network Access Identifier in M2M Page 1 © GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.
HELD Location Acquisition Solution James Winterbottom Andrew Corporation March 2007.
Discovery issues in atoca Brian Rosen. We need to handle several cases Some alerts are broadcast via some access network specific mechanism (multicast,
November 2006IETF67 - GEOPRIV1 A Location Reference Event Package for the Session Initiation Protocol (SIP) draft-schulzrinne-geopriv-locationref-00 Henning.
Carrying Location Objects in RADIUS Hannes Tschofenig, Farid Adrangi, Avi Lior, Mark Jones.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
Implications of Trust Relationships for NSIS Signaling (draft-tschofenig-nsis-casp-midcom.txt) Authors: Hannes Tschofenig Henning Schulzrinne.
Protecting First-Level Responder Resources in an IP-based Emergency Services Architecture 13 th April 2007, THE FIRST INTERNATIONAL WORKSHOP ON RESEARCH.
Location Measurements Martin Thomson, IETF-77 draft-thomson-geopriv-held-measurements Location Generator Location Server Device Target Location Recipient.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 68 - ANCP WG March 18-23, 2007 draft-ietf-ancp-security-threats-00.txt.
DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.
7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes.
GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-03.txt Hannes Tschofenig, Henning.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Emergency Context Resolution with Internet Technologies (ecrit) Hannes Tschofenig, Marc Linsner IETF 66, Montreal, June 2006.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
V4 traversal for IPv6 mobility protocols - Scenarios Mip6trans Design Team MIP6 and NEMO WGs, IETF 63.
WholeSale Model 10. WholeSale Model This feature enables the Nomadix device to act as an L2TP Access Concentrator (LAC) and initiate single or multiple.
Firewalls, Network Address Translators(NATs), and H.323
Suresh Krishnan Secure Proxy ND Suresh Krishnan
ECRIT WG IETF-75 Trustworthy Location Bernard Aboba
Introduction Wireless devices offering IP connectivity
RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-03 Henning Schulzrinne March 2007 IETF68 - GEOPRIV.
Carrying Location Objects in RADIUS
Location Configuration at Layer 7
PPPoE Internet Point to Point Protocol over Ethernet
Hannes Tschofenig Henning Schulzrinne M. Shanmugam
Securing the CASP Protocol
Application Layer Mobility Management Scheme for Wireless Internet
RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-03 Henning Schulzrinne March 2007 IETF68 - GEOPRIV.
COMPUTER NETWORKS CS610 Lecture-38 Hammad Khalid Khan.
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Lecture 4a Mobile IP 1.
Global One Communications
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Presentation transcript:

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne IETF 66, Montreal, June 2006

Design Team Henning Schulzrinne Barbara Stark Marc Linsner James Winterbottom Martin Thomson Rohan Mahy Brian Rosen Jon Peterson Hannes Tschofenig

Idea Obtain –location information (by value and by reference) –subscription URI from the access network. Do this independent from the underlying link layer and network topology.

Scenario: DSL Environment | | | | Access Network Provider | | | | | | | | | | | | | | | NTE | | | | Node | | | | | | | | | | | | | | | LIS | | | | | | | | +---| | | | | | | | | | | | Device with | | | | | | | | NAPT and | | | | | DHCP server | | | | | | Access Network | | | | | Provider demarc | | | | | | | | | | | | End | | | | Host | | | | | | |Customer Premises Networks | | |

Scenarios (cont.) WiMax-like Fixed Access –Feeding/Fixed Wireless Access Scenario Wireless Access

Location Information Server (LIS) Discovery DNS Multicast Packet interception/Redirection Security aspects related to discovery procedure.

Identifier for Location Determination Properties: –Known by the End Host –Possibility for Location Determination –Security Properties A number of identifiers being discussed. IP address seems to be the only reasonable identifier...

Location-by-Reference and Location Subscriptions Location-by-Reference: –Avoid sending the location itself. Location Subscription: –Enable node to use SIP mechanisms to subscribe for location of someone.

Authenticated Calls and Signed Location Information Mechanisms to limit DoS attacks What do you sign? –PIDF-LO or civic/geo-info –What identity do you sign?

Requirements (1/5) L7-1: In a DSL environment the location is that of the NTE/NAPT, e.g., the DSL or cable modem. Any devices behind a NAT box or other in- home device is reported as being at the location of the NTE/NAPT. L7-2: The system should work even if end systems move, either with or without change of network attachment point or network address.

Requirements (2/5) L7-3: There is no business or trust relationship between the provider of application-layer (e.g., SIP, XMPP, H.323) services and the network operating the LIS. L7-4: There is generally a trust relationship between the LIS and the L2/L3 provider.

Requirements (3/5) L7-5: Residential NAT devices and NTEs in an DSL environment cannot be modified to support additional protocols, to pass additional information through DHCP, etc. L7-6: If the L2 and L3 provider for the same host are different entities, they cooperate and can establish trust relationships for the purposes needed to determine end system locations.

Requirements (4/4) L7-7: Networks do not always require network access authentication (example: many open community wireless networks). The solution must not assume prior network access authentication. L7-8: End systems may not know the precise properties of their residential NAT and the network topology of the access network, but can determine their IP address(es) via other mechanisms.

Requirements (5/5) L7-9: Multiple devices, located in different physical locations, may share the same L2/L3 credentials ("account", "user name/password") with the L2/L3 provider and LIS. L7-10: At least one end of a VPN is aware of the VPN. In an enterprise scenario, the enterprise side will provide the LIS used by the client and can thereby detect whether the LIS request was initiated through a VPN tunnel.

Security Framework Threat model: Whom do we trust when it comes to obtaining location information? Different types of adversaries need to be considered: –off-path –on-path –active –passive

Security Requirements We want to prevent that... An end system can be pretend to be in an arbitrary location. An end system can pretend to be in a location it was at a while ago. An attacker can observe Alice's location and use it to generate its own location information. An attacker can observe Alice's location. An attacker can observe both Alice's location and her L7 identifier. Alice and Bob, located at different location, can collude and swap location objects and pretend to be in each other's location.

Questions.. Comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.