Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA.

Published byBrook Cooper Modified over 8 years ago

Similar presentations

Presentation on theme: "Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA."— Presentation transcript:

1 Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA

2 Problem: Two questions Location Hiding: How can a proxy tell that a call it’s processing is an emergency call, even if that call doesn’t have a location that the proxy can see? Emergency call marking: More generally, how can a proxy reliably distinguish emergency calls from non- emergency calls?

3 Authenticating to Proxies Goal: Enable a proxy in the signaling path that reliably distinguish between emergency and non-emergency calls –I.e., prevent fraudulent emergency calls Proxy will make a decision based on information taken from SIP messages Need to define: –An authenticator – the marking –An embedding into SIP messages

4 Concept prior to location hiding UAC embeds location and service URN in its INVITE message Proxy uses location and URN in a LoST lookup, verifies that returned URI is in the To: header Authenticator: location + service URN Embedding: INVITE message

5 Authenticators Authenticator: A data structure that a SIP proxy can use to verify that a call is an emergency call –MUST be bound to a particular call –MUST be non-forgeable –Each authenticator has a different model of what it means for a call to be an emergency call Three examples in this document –Location + service URN –Identity authenticators –Explicit emergency call indicators

6 Location + service URN Construction –Asserter is UAS / UAC / proxy –Insert a location object and a service URN into a SIP message Verification –Extract location object and URN –Perform LoST query –Compare mapped URI to To: header Trust model –Reliability of LoST infrastructure –LoST mapping = To:PSAP = emergency call

7 Location + service URN (cont’d) When the asserter is the UAC/Proxy, SIP message is INVITE, this is the current way Pros: –Simple to use in many use cases –Requires no additional authentication infrastructure (beyond LoST) Cons: –Fails when Asserter has no location –Fails if LoST information changes –Relies on trusted LoST infrastructure –Endpoint-centric definition of emergency call

8 Identity Authenticators Construction –Asserter is a PSAP (UAS / UAC) –Use SIP Identity or Connected-Identity to prove its identity as a PSAP Verification –Same Verifier behavior as SIP Identity Trust model –One or more PSAP credentialing authorities –Caller/callee = authenticated PSAP = emergency call

9 Identity Authenticators (cont’d) Pros –Uses existing SIP authentication mechanisms –Doesn’t rely on location in messages Cons –Requires credentialing PSAPs –For citizen-to-authority, requires postponing authentication until after INVITE –Still uses endpoint-centric definition of an emergency call

10 Explicit Indicators Construction –Asserter is authorized to assert emergency status of calls (UAC / UAS / proxy) E.g., PSAP, first responder, EMS gateway –Create a signed object that attests to the emergency status of the call Verification –Verify the signed object –Make comparisons to header fields Trust model –Trust in authorization credentialing authority –Call bearing signed object = emergency call

11 Explicit Indicators (cont’d) Pros –Most flexible definition of emergency calls –Doesn’t rely on location in messages –Allows delegation of authentication function, e.g. to gateway or authentication service Cons –Requires credentialing of emergency call marking authorities

12 SIP Embedding No specific solution here, just some requirements / desiderata –Explicit assertion / verification procedures –Minimal increase in complexity of message flows –Should allow for persisting authenticator across messages within a dialog –Should allow for all entities in the signaling path to receive authenticator

13 Embedding Examples Location + URN in INVITE message –Doesn’t work without client location Location + URN in INVITE OR 200 –Allows PSAP to assert based on location INVITE transaction or subsequent UPDATE (within a time period) –The Identity / Connected-Identity model Any message containing a given SIP header field –The RPH / explicit indicator model

14 Questions What approach do we want to take here? Can we agree on one of these authenticators, or do we need more options? –Signed LoST mappings? Do we have other requirements for a SIP embedding?

Download ppt "Proxy Authentication of the Emergency Status of SIP Calls draft-barnes-ecrit-auth-00 Richard Barnes IETF 69, Chicago, IL, USA."

Similar presentations

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.

1 © 2001, Cisco Systems, Inc. All rights reserved. © 2004, Cisco Systems, Inc. All rights reserved. Location Conveyance in SIP draft-ietf-sipping-location-requirements-02.
Indication of support for keep- alive draft-holmberg-sip-keep-03 Christer Holmberg

Indication of support for keep- alive draft-holmberg-sip-keep-03 Christer Holmberg
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
Iptel IETF 51. Agenda Bashing Agenda Bashing5m CPL and TRIP Status5m Charter Review10m TRIP for GW10m.

Iptel IETF 51. Agenda Bashing Agenda Bashing5m CPL and TRIP Status5m Charter Review10m TRIP for GW10m.
IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.

IETF 71 SIPPING WG meeting draft-ietf-sipping-pai-update-00.
Colombo, Sri Lanka, 7-10 April 2009 Preferential Telecommunications Service Access Networks Lakshmi Raman, Senior Staff Engineer Intellectual Ventures.

Colombo, Sri Lanka, 7-10 April 2009 Preferential Telecommunications Service Access Networks Lakshmi Raman, Senior Staff Engineer Intellectual Ventures.
Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.

Rfc4474bis-01 IETF 89 (London) STIR WG Jon & Cullen.
Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.
Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.
STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.

STIR Secure Telephone Identity. Context and drivers STIR Working Group Charter Problem Statement Threats Status of work Related work and links Introduction.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
From Extensibility to Evolvability Once upon a time, HTTP was simple – what happened?

From Extensibility to Evolvability Once upon a time, HTTP was simple – what happened?
SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)

SIP Greg Nelson Duc Pham. SIP Introduction Application-layer (signaling) control protocol for initiating a session among users Application-layer (signaling)
SDO Emergency Services Coordination Workshop (ESW06) 1 Emergency Service Identifiers Presented by Henning Schulzrinne Columbia University

SDO Emergency Services Coordination Workshop (ESW06) 1 Emergency Service Identifiers Presented by Henning Schulzrinne Columbia University
An SAIC Company Telcordia View of NENA Progress on VoIP Migration Plan Telcordia Contacts: Nadine Abbott (732) 699-6901 An SAIC Company.

An SAIC Company Telcordia View of NENA Progress on VoIP Migration Plan Telcordia Contacts: Nadine Abbott (732) An SAIC Company.
March 2006IETF65 - ECRIT1 Emergency Service Identifiers draft-ietf-ecrit-service-urn-01 Henning Schulzrinne Columbia University

March 2006IETF65 - ECRIT1 Emergency Service Identifiers draft-ietf-ecrit-service-urn-01 Henning Schulzrinne Columbia University
Location Hiding: Problem Statement, Requirements, (and Solutions?) Richard Barnes IETF 71, Philadelphia, PA, USA.

Location Hiding: Problem Statement, Requirements, (and Solutions?) Richard Barnes IETF 71, Philadelphia, PA, USA.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Early Media in SIP: Problem Statement, Requirements, and Analysis of Solutions draft-barnes-sip-em-ps-req-sol Richard Barnes BBN Technologies IETF 68,

Early Media in SIP: Problem Statement, Requirements, and Analysis of Solutions draft-barnes-sip-em-ps-req-sol Richard Barnes BBN Technologies IETF 68,
Pilot project proposal: AffiL Affiliated domain names for trust Dave Crocker Brandenburg InternetWorking bbiw.net

Pilot project proposal: AffiL Affiliated domain names for trust Dave Crocker Brandenburg InternetWorking bbiw.net

Similar presentations

Ads by Google