1 / 6

Trustworthy Location

Trustworthy Location. Hannes Tschofenig, Henning Schulzrinne , Bernard Aboba. Status. IETF#81 presentation about broader security issues related to location and caller identity in emergency calls.

rodney
Download Presentation

Trustworthy Location

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trustworthy Location Hannes Tschofenig, Henning Schulzrinne, Bernard Aboba

  2. Status • IETF#81 presentation about broader security issues related to location and caller identity in emergency calls. • Publication of write-up for the Communications of the ACM on “Security Risks in Next-Generation Emergency Services”, November 1st • http://cacm.acm.org/magazines/2011/11/138206-security-risks-in-next-generation-emergency-services/

  3. Current ToC 1. Introduction 2. Terminology 3. Threats 3.1. Location Spoofing 3.2. Identity Spoofing 4. Solution Proposals 4.1. Location Signing 4.2. Location by Reference 4.3. Proxy Adding Location 5. Operational Considerations 5.1. Attribution to a Specific Trusted Source 5.2. Application to a Specific Point in Time 5.3. Linkage to a Specific Endpoint

  4. Current Content • Classical IETF writing style. • Suitable for IETF audience • This is, however, not our main target audience for this writeup. • We want to educate those who have concerns about the next generation IP-based emergency services architecture. • We want to explain them what the threats are and what can be done about them. • We want to address some of their fears (regarding location spoofing, and other forms of DoS attacks). • CACM Article provides a better introduction into the topic. Detailed solution approaches currently in the document are more suitable for the appendix.

  5. Concerns typically raised • Big picture: We are building on top of the regular IP-based infrastructure and SIP as a communication mechanism. • Main focus: Denial of Service against the emergency services infrastructure / PSAP (and call-taker resources in particular) • Based on false emergency calls • Cast the story as an attribution problem… • Requires to identify the agent responsible for the action • Determining the identity or location of an attacker (or an attacker’s intermediary). • Important to convey that there is cost associated with every solution and that there are non-technical aspects to consider, such as education, operational considerations, and regulatory aspects.

  6. Question to Working Group • Do you agree with re-focusing the target audience of the writeup? • Requires a fair amount of work and therefore we would like to hear your thoughts first.

More Related