emergency services chitra s voip security fall 2008

Emergency Services

Chitra S

VOIP Security

Fall 2008

2

Contents

Problem with existing emergency model ECRIT Terminology used in emergency context Location-URI mapping and emergency call flow Emergency service identifiers – URN Location to Service Translation and LCP Typical Implementation Security Threats References Demo

3

Challenges - Problems with Existing Mechanism

PSTN System IP based System

Supports voice and text Need to support real time multimedia: video, text, voice

Organized locally or nationally

Internet crosses national boundaries

Few regionally limited telecom providers

International standards for equipment and software needed

Approximate routing often works

(same switch, call number)

Approximation does not work:

Application/voice provider has no clue about location

Internet access provider knows about location but don’t know about emergency calls

Tunneling mechanisms mask underlying topology

4

Emergency Context Resolution with Internet Technologies

Internet technologies available to – describe location– manage call routing

WG shows how to use these to enable communication in emergency context

Solutions presented independent of – jurisdiction – central authority

Multiple delegations within a jurisdiction can be handled independently

5

Terminology

PSAP

Voice Service Provider (ASP/VSP)

Mapping server

Facility where emergency calls are received under the responsibility of a public authority

ESRP

Geographic identification attached to a region

Location

Routing support entity that maps a location to a PSAP URI

911112

String of digits used to reach the emergency service (0-9,*,#)

Emergencynumber

resolving a location to one or more PSAP URIMapping

Identifies an emergency service

urn:service:sos.police

Emergency service identifier/ URN

An organization that provides IP network-layer services to its customers or users.

Service provider that provides voice related services based on IP

IAPLocation info

6

Location Mapping and Call Routing

Application/ VoiceService Provider

Emergency caller

ESRP

MappingService

PSAP

Internet AccessProvider

Location Information

LocationInformation

(1) Might be available at the end host itself

(2)Can also be obtained from ISP

(3) Consult mapping service to determine appropriate PSAP +

dial string

(4) Might use aid of emergency call routing infrastructure elements that are call routing support entities

(5) Location information is used for subsequent mapping requests

(6) Consult mapping service to determine where to route call

(7) For infrastructure based routing support entity needs to forward call to PSAP

(8) May directly interact with PSAP where UE invokes mapping and initiates connection without relying on routing support entities

7

Emergency Call Flow

IdentifyEmergency

Call

DetermineLocation

Route to Correct PSAP

Present callto calltaker

Dialing sequence for a given location is provided by mapping server.

Location is central to operation of emergency services

Routing determines the most appropriate PSAP for the location

Call taker helps dispatch of an emergency responder

8

Identify Emergency Call - URN

URN helps define global well known service URN identifies services independent of the protocol that

is used to request or deliver the service The service URN is a protocol element and is generally

not expected to be visible to humanse.g. callers still dial 911

Hierarchical, case-insensitive labels separated by periode.g. URN:service:sos.police

URNs are not routable, Translate the service URN into a routable URI

9

Location-to-Service Translation

Protocol for mapping service identifier and location information to a service URI

Resolved recursively or iteratively. Supports caching Servers are identified using U-NAPTR/DDDS

e.g. lostserver.example.comQuery message: Location Information and service URN

LoST Client

LoST Server

Query response: UniformResource Identifier (URI)

AuthoritativeLoST Server

Forward Query

Get response

10

LoST Queries

<findService>, <getServiceBoundary>, <listServices>, <listServicesByLocation>

Common Triggers are when:– client initially starts up or attaches to a network– client detects it is outside bounds of service region– SIP message arrives at a proxy performing location based

call routing– Cached mapping information has expired– Invoking a particular service

11

End System Location Configuration

Location may be specified as civic or geospatial value UA can obtain this from access network using

Location Configuration Protocols (LCP) Mandatory to implement all LCPs established in I-

D.ietf-ecrit-phonebcp Location information should be refreshed when the

cache value expires Devices should get routing location immediately after

obtaining local network configuration information Location Validation is required by some jurisdictions

12

Location Configuration Protocol

DHCPDynamic Host Configuration Protocol

Civic/geospatial

UA uses via REQUEST/ INFORM messages

HELDHTTP Enabled

Location Delivery

Civic/geospatial

Uses caller IP as identifier

Returns location value or reference

LLDPLink Layer Discovery Protocol

Civic/Geospatial

Location information directly from L2 network infrastructure

LocationServer

LocationRecipient

Query with location info

LocationDereferencing

Client

LocationConfiguration

Protocol

LocationFormats

http://www.emergency-services-coordination.info/2008Oct/slides/esw5-geopriv.ppt

13

SIPRegistrar

LIS

LoSTServers

Placing an Emergency Call

Proxy ESRP PSAP1Caller

PSAP2

PSAP3

LIS

LoSTServers

SIPRegistrar

Calltaker

LCP RequestLCP Response

SIP Register200 OK

LoST QueryLoST Response

Caller-Proxy INVITEProxy ESRP INVITEESRP-PSAP INVITE

14

PSAPGateway

i3 PSAP

GovernmentServicesFunctions

EmergencyResponder

ServiceFunction(s)

EmergencyServicesRoutingProxy

i3 PSAP

SIP/H.323clients

Wirelessclient

SelectiveRouter

LegacyPSAP

i3 PSAP

LocationDetermination

/AcquisitionFunctions

LegacyNetworks

existing interconnection

InternetIP router

IM client

LocationValidationFunction

LIS(s)

Public AccessNetworks

Emergency ServicesIP network

DatabaseServices

LocationValidation/

Routing Data

LocationValidation/

RoutingDatabase(s)

EmergencyCall RoutingFunction(s)

ESNet(DatabaseServicesFunction)

DatabaseServices

SRGateway

Firewall

Public WebServices

PrivateWeb

Services

DNS

RootDiscoveryServices

MediaServices

LegacyNetworks

E911Gateway

LegacyPSAP

https://mentor.ieee.org/802.11/file/07/11-07-0794-00-000u-nena-i3-archr-overview.ppt

A Typical Implementation – NENA Architecture

15

Security Threats

Attackers attacking system try to: Deny system services to all users in a given area Gain fraudulent use of services by using an emergency

identifier to bypass normal authentication Divert emergency calls to non-emergency sitesAttackers attacking individuals try to: Prevent individual from receiving aid Gain information from an emergency that can be applied:

– against an individual involved or – to the profit of attacker

16

Security Threats

PSAP

Voice Service Provider (ASP/VSP)

Mapping server

ESRP

Location

Prevent individuals from receiving aid

911112

To bypass normal procedures in order to achieve fraudulent use of services

Emergencynumber

Denial of Service AttackImpersonation of ServerCorruption of DatabaseMapping

urn:service:sos.police

Emergency service identifier/ URN

LIS

To reduce effectiveness of ER system for caller(s) in an area

17

Security Threats – SuggestedSolutions

Attacks involving emergency identifier

Call routing entity to verify that the destination address is that of PSAP

Flooding Attack Mapping protocol must not create new opportunities for this

Insertion of interfering message

Mapping client should verify that response received is for the query it sent out

Man-in-middle modifi-cation of message

Mapping client should be able to authenticate source of response

Impersonation of mapping server

Mapping server discovery should prevent impersonation of mapping server

Corruption of mapping database

Information in response should allow correlation with internal logs on mapping server

18

References

Requirements for emergency context resolution with internet technologies (http://www.ietf.org/rfc/rfc5012.txt)

URN for emergency and other well know services (http://www.ietf.org/rfc/rfc5031.txt)

Security threats and requirements (http://www.ietf.org/rfc/rfc5069.txt)

LoST (http://www.ietf.org/rfc/rfc5222.txt) LoST servers using DHCP (http://www.ietf.org/rfc/rfc5223.txt) Framework for emergency calling using internet multimedia

(http://www.ietf.org/rfc/rfc5223.txt)

Backup Material

20

Mental Model

User Equipment

Emergency Response Context encloses individuals seeking help

There could be multiple, overlapping contexts Physical location of the individual is critical Emergency Response Context can change in response to

the load

Caller

Call TakerLocation Response

21

Emergency call using IP

22

Emergency call using VOIP

https://mentor.ieee.org/802.11/file/07/11-07-0794-00-000u-nena-i3-archr-overview.ppt

23

URN – IANA Considerations

Services and sub-services are maintained by IANA (rfc 2434)

The top level service labels are sos and counseling Sub services for sos include ambulance, fire etcService Reference Description--------------------------------------------------------------------counseling RFC 5031 Counseling servicescounseling.children RFC 5031 Counseling for childrencounseling.mental-health RFC 5031 Mental health counseling.suicide RFC 5031 Suicide prevention hotlinesos RFC 5031 Emergency servicessos.ambulance RFC 5031 Ambulance servicesos.animal-control RFC 5031 Animal controlsos.fire RFC 5031 Fire service

24

LoST Query

Sample LoST Query

Sample LoST Response