Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning.

Published byJoseph McDowell Modified over 8 years ago

Similar presentations

Presentation on theme: "ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning."— Presentation transcript:

1 ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning Schulzrinne M. Shanmugam

2 ECRIT interim meeting - May 2005 2 Terminology Internet Access Provider (IAP) Emergency call routing support = routes calls (e.g., SIP proxy) Directory = maps location to PSAP address Asserted location information = somebody vouches for this information

3 ECRIT interim meeting - May 2005 3 Framework A(V)SP directory location provider (DHCP, …) IAP PSAP configuration information

4 ECRIT interim meeting - May 2005 4 Participant-visible threats Standard problems: –eavesdropping (privacy, interference with law enforcement) –modification of call content –preventing service to single user (burglar-cutting-phone-wire) Since no direct monetary gain, threat model focuses on disruption of emergency service to legitimate users –by causing infrastructure failure –by tying up call takers –by dispatching emergency responders Difference to most other systems –PSAP doesn’t care who you are as long as you don’t lie about the location or nature of the emergency

5 ECRIT interim meeting - May 2005 5 Layers of defense (DOS, crank calls) prevent or limit detect & filter prosecute

6 ECRIT interim meeting - May 2005 6 Threats Denial-of-service (resource exhaustion) attacks –entities affected: directory call routing infrastructure PSAP –resources network bandwidth processing human resources (call takers, first responders) Call identity spoofing –primarily to elude DOS attack prosecution

7 ECRIT interim meeting - May 2005 7 Authentication Classical requirement: “must be able to place call without authentication” Really? ≠ anonymity! Probably really want –place call without being a paying customer of IAP –thus, may still be known to service provider former customer third-party cert (e.g., some government authority) device cert (“payphone on corner of Third and Main”)

8 ECRIT interim meeting - May 2005 8 Details: security threat to one caller Confidentiality Modification to configuration information Modification of call information –call signaling –media PSAP impersonation

9 ECRIT interim meeting - May 2005 9 Details: infrastructure threats denial-of-service attacks modification of configuration information

10 ECRIT interim meeting - May 2005 10 Caller identity spoofing  authentication avoid delays during emergency call setups –avoid multiple round-trip times define authentication independent of customer relationships –e.g., might only need non-1918 IP address to determine port and customer

11 ECRIT interim meeting - May 2005 11 Location spoofing End user provided location –IAP provides assertion –limited usefulness if wide coverage area Emergency call router inserts –retrieved by V(A)SP from IAP –must be based on some identifier –IAP may sign Need to insert timestamp and identity –prevent replay and copy-and-paste attacks –identity may not be NAI IP address, MAC address primarily needed for traceability

12 ECRIT interim meeting - May 2005 12 Location spoofing threat mediation prevent wide-area spoofingavoid global attacks; avoid international jurisdictional issues accountability reasonable chance that the person can be brought to justice future calls from the same person are considered suspect prevent local-area spoofingattacker can’t pretend to be in place X prevent local-area collusionattacker can’t get friend to give him location information for X prevent local-area time cloning attacker can’t pretend to be in X now if they were in X earlier

13 ECRIT interim meeting - May 2005 13 Impersonating a PSAP Assurance of reaching an authorized or legitimate PSAP Attacker may intercept directory request or call routing request  Integrity-protect directory and signaling interactions Directory must be authoritative for information –may be hard to prove

14 ECRIT interim meeting - May 2005 14 Open issues Mixture of threat description and requirements Should requirements be merged into general requirements document (or remove security issues from general requirements document)?

Download ppt "ECRIT interim meeting - May 2005 1 Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats Hannes Tschofenig Henning."

Similar presentations

March 2008IETF 71 (Philadelphia) - ECRIT1 Unauthenticated emergency communications Henning Schulzrinne Gabor Bajko S. McCann Hannes Tschofenig draft-schulzrinne-ecrit-unauthenticated-access-02.

March 2008IETF 71 (Philadelphia) - ECRIT1 Unauthenticated emergency communications Henning Schulzrinne Gabor Bajko S. McCann Hannes Tschofenig draft-schulzrinne-ecrit-unauthenticated-access-02.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
Out of Jurisdiction Emergency Routing draft-winterbottom-ecrit-priv-loc-01.txt James Winterbottom, Hannes Tschofenig, Laura Liess.

Out of Jurisdiction Emergency Routing draft-winterbottom-ecrit-priv-loc-01.txt James Winterbottom, Hannes Tschofenig, Laura Liess.
1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.

1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.

Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.

Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.
May 2007 PRESTO (Princeton, NJ) In-network Support for VoIP and Multimedia Applications Henning Schulzrinne Dept. of Computer Science Columbia University.

May 2007 PRESTO (Princeton, NJ) In-network Support for VoIP and Multimedia Applications Henning Schulzrinne Dept. of Computer Science Columbia University.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.

July 2006IETF66 - ECRIT1 RELO: Retrieving End System Location Information draft-schulzrinne-geopriv-relo-00 Henning Schulzrinne.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.

July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.
Draft-ietf-ecrit-location-hiding-req Location Hiding: Problem Statement and Requirements Henning Schulzrinne, Laura Liess, Hannes Tschofenig, Barbara Stark,

Draft-ietf-ecrit-location-hiding-req Location Hiding: Problem Statement and Requirements Henning Schulzrinne, Laura Liess, Hannes Tschofenig, Barbara Stark,
Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.

Trustworthy Location Information draft-tschofenig-ecrit-trustworthy- location draft-tschofenig-ecrit-trustworthy- location Hannes Tschofenig, Henning Schulzrinne.
Requirements for Resource Priority Mechanisms for the Session Initiation Protocol draft-ietf-ieprep-sip-reqs-01 Henning Schulzrinne Columbia University.

Requirements for Resource Priority Mechanisms for the Session Initiation Protocol draft-ietf-ieprep-sip-reqs-01 Henning Schulzrinne Columbia University.
A “net head” view on SIP Henning Schulzrinne Columbia University IRT Lab Siemens Munich -- January 2003.

A “net head” view on SIP Henning Schulzrinne Columbia University IRT Lab Siemens Munich -- January 2003.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Similar presentations

Ads by Google