1 / 9

Emergency call assurance

Emergency call assurance. Highest-level goals. Protect PSAP resources network resources call takers Protect first-responder resources unnecessary dispatch No worse than today local attack vs. non-local discourage abuse. Threats. (D) DDOS (bots) (L) from within local service area

lindarbutler
Download Presentation

Emergency call assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Emergency call assurance

  2. Highest-level goals • Protect PSAP resources • network resources • call takers • Protect first-responder resources • unnecessary dispatch • No worse than today • local attack vs. non-local • discourage abuse

  3. Threats • (D) DDOS (bots) • (L) from within local service area • (R) outside local area • (C) Hoax/crank calls (humans) • (L) at correct location • (R) at another (fake) location

  4. Discouragement • Distinguish bots from humans • including silent calls • Catch likely remote (bogus) calls • Catch perpetrators after the call • discourages crank calls

  5. Tools and impact can be signature or transitive trust (reference) • Coarse-grained location assertion • e.g., IP address, provider POP, DSLAM, ... • addresses D/R • Fine-grained location • e.g., geo, street address • can be by value (“signing”) or reference • address C/L • Coarse-grained identity • provider (VSP) • addresses C/R? • Fine-grained identity • responsible party (caller) name & address • may not be useful if outside jurisdiction • addresses D/L, C/L, C/R (some)

  6. Nothing is perfect • Unlikely that every legitimate call will have the “good” bits set (signed, recognizable signer, trusted reference, ...) • Realistic goal is that “almost all” good calls are verifiable • rest is treated as suspicious when call taker resources are available • similar to payphone calls today • and will be lower priority during overload (“ranking”) • Thus, don’t need perfection in any single technique • combination of techniques likely works better • choose easiest-to-deploy • every call should have one at least one “is good” indicator

  7. Deployment scenarios, from easy to hard • ISP = VSP • includes large enterprise • well-known (to PSAP) VSP, well-known ISP • well-known VSP with strong customer authentication • e.g., credit card address (“can sue”) • could be emergency-only VSP • well-known ISP with authentication • well-known ISP without authentication • “unauthenticated network access” • e.g., guest on corporate or home hot spot or public WiFi • unknown ISP/VSP • e.g., out of area (“Sierra Leonian VSP”)

  8. Concerns: Delegation • identity assurance: subscriber identity within service provider • SIP identity, PAI • location signing: within enterprise (room/building level) • ISP customers gets signed LO • includes in calls • or private key to sign own LOs? • enterprise as trusted CA?

  9. Questions: Value or Reference? • sign LO • fine-grained • or get LO from trusted/verifiable source via TLS? • e.g., corporate LIS

More Related