1 / 19

Emergency Preparedness

Emergency Preparedness. Veselin Pehlivanov. Overview. Why Emergency Preparedness?. Disasters, terrorist attacks, and major accidents trigger tremendous telephone traffic in the landline and wireless networks

misae
Télécharger la présentation

Emergency Preparedness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VoIP Security, Prof. Schulzrinne Emergency Preparedness Veselin Pehlivanov

  2. VoIP Security, Prof. Schulzrinne Overview

  3. Why Emergency Preparedness? • Disasters, terrorist attacks, and major accidents trigger tremendous telephone traffic in the landline and wireless networks • National Security/Emergency Preparedness (NS/EP) personnel at all levels of government compete with the public for these congested landline and wireless resources • IETF Internet Emergency Preparedness Workgroup • GETS provides the means to get your landline call through • WPS provides the means to get your wireless call through

  4. Source: Government Emergency Telecommunications Service (GETS) Overview for the Parlay Group, May 22-24, 2001 Natural andTechnological Disasters Hostile ElectronicIntrusion HIGH Coordinated Attack Sabotage Electronic Warfare (Severity x Duration x Users Affected) Magnitude of Societal Effect Terrorism Civil Disorder Nuclear Accident ComputerIntruders Limited/Uncoordinated Attack Floods Tornadoes Earthquakes Wind Storms Hurricanes Structural Fires LOW LOW HIGH Probability of Occurrence Operational Environment

  5. General Requirements for ETS • Signaling – if used to convey emergency, must be able to carry labels • Labels - might be carried as part of signaling, and/or as part of the header of a data packet • Policy – separate from labels, determines mechanism(s) used to achieve or support a specific characteristic • Network Functionality - functionality to support a better than best effort should focus on probability versus guarantees • Authorization - mechanisms must be implemented so that only authorized users have access to ETS • Integrity & Authentication - the user is who it claims to be and the authorized traffic has not been tampered with • Confidentiality – may be offered due to the sensitive and urgent nature of emergency response activities

  6. IP Telephony Requirements for ETS • Telephony signaling applications used with IP telephony MUST be able to carry labels. • The ability to carry labels MUST be extensible to support various types and numbers of labels. • Telephony signaling labels SHOULD have a mapping with the various emergency related labels/markings used in other telephony based networks, such as PSTN • Application layer IP telephony capabilities MUST NOT preclude the ability to do application layer accounting • Application layer mechanisms in gateways and stateful proxies that are specifically in place to recognize ETS type labels MUST be able to support "best available" service

  7. Requirements for Resource Priority Mechanisms for SIP • Not specific to one scheme or country • Independent of particular network architecture • Invisible to network (IP) layer • Existing CSN schemes must be translatable to SIP-based systems • No loss of information • Should be extensible • Separation of policy and mechanism • The SIP indication chosen should work for any SIP method • Sensible default behavior • Should be address neutral

  8. Requirements for Resource Priority Mechanisms for SIP • Should be identity-independent • Independent of network location • Ability to support multiple different priority schemes • Ability to discover which priority mechanisms are supported • Must be possible to test the system outside of emergency conditions • Has to work with SIP third-party call control • Must be proxy visible • Rigorous authentication and authorization mechanisms • Authentication and authorization mechanisms must be able to survive attacks and defend the resources

  9. Requirements for Resource Priority Mechanisms for SIP • Any indication of the resource priority must be independent of the authentication mechanism • Should support authentication on non-trusted end systems • Must be resistant to replay attacks • Must be resistant to cut-and-paste attacks • Must be resistant to bid down attacks • Should protect confidentiality and integrity • Should be able to preserve anonymity • Should be resistant to DoS attacks • Should minimize resource use by unauthorized users • Must not amplify attacks

  10. Source: NCS Wireless Priority Service Overview Briefing, April 2008 Mobile Switch Dealing with Network Congestion in Practice Congestion,at one of many points, can block a call! Local Exchange Networks AT&T MCI SPRINT Local Exchange Networks Mobile Switch Mobile Switch Government Emergency Telecommunications Service (GETS) addresses wireline congestion Wireless Priority Service (WPS) addresses wireless congestion at call origination and call termination

  11. Source: NCS Government Emergency Telecommunications Service Overview Briefing, April 2008 The GETS Calling Card Calling cards are in widespread use and easily understood by the NS/EP User, simplifying GETS usage GETS priority is invoked “call-by-call” 0123 4567 8910 Disaster Response Team #1 US CITY EOC GETS is a "ubiquitous" service in the Public Switched Telephone Network…if you can get a DIAL TONE, you can make a GETS call

  12. Source: NCS Government Emergency Telecommunications Service Overview Briefing, April 2008 High Probability of Completion (HPC) Features • NS/EP Call Marking • Signaling Priority • Alternate Carrier Routing • Trunk Queuing • Exemption from Network Management Controls PIN Validation Calling Party Called Party Input Destination Number Mobile Switch Mobile Switch .. .. .. .. Calls to the GETS Access Numbers are identified by local landline or mobile switch for HPC Treatment Calls route to one of the 3 GETS Carriers for: Calls complete via local landline or mobile switch Local Switch Local Switch • PIN Validation • Destination Number • Routing to destination switch • Origination to destination HPC treatment • Terminating Radio Channel Queuing in WPS FOC cellular networks • 710-627-4387 • Toll Free to each carrier (3) • Priority Telecom Service Center • User Assistance line (7 x 24) How GETS Works

  13. Source: Code of Federal Regulations Title 47, Volume 3, Part 64, Appendix A, Telecommunications Service Priority System for National Security Emergency Preparedness EOP NCS MEMBER ORGANIZATIONS FEDERAL GOVERNMENT (NON NCS) DOL FDIC SEC EPA Health Services Police Protection STATE Red Cross Governor Emergency Management Services Hospitals Police Protection LOCAL Ambulance Services Emergency Management Services Fire And Rescue Services KEY INDUSTRYSUPPORT Utility Services Food Services Transportation Services Defense Contractors GETS Users If Your Mission Supports Any Of The Following: • National Security Leadership • National Security Posture and US Population Attack Warning • Public Health, Safety, and Maintenance of Law and Order • Public Welfare and Maintenance of National Economic Posture • Emergency Response

  14. What is WPS? • An enhancement to basic wireless service that allows your National Security/Emergency Preparedness (NS/EP) calls to queue for priority service in order to complete the call • Together with GETS, WPS dramatically improves “end-to-end” call completion during emergencies • Available nationwide in most, if not all, service areas for these carriers: AT&T, Cellular South, SouthernLINC, Sprint/Nextel, Sprint PCS, T-Mobile, Verizon Wireless

  15. How WPS Works • When you need to make an official call, and you encounter congestion, simply retry your call but prefix your dialed number with *272 • e.g. *272 703-555-1234 • Everything else is automatic – your call will queue for up to 30 seconds and “grab” the next available path • If landline networks are also congested, utilize *272 plus the GETS access number to get priority in both wireless and landline networks

  16. Satellite Backup • Satellite phones provide additional backup when cellular service is not available for any reason • Good example: extended power outages can make office private branch exchanges (PBXs) inoperable, and outages that last for more than several hours can exhaust backup power supplies at cell towers • Carriers include Globalstar, Iridium, Inmarsat, etc. • Can be utilized as handheld mobile sets, in vehicles with mobile or fixed installations, and in structures with fixed antenna units

  17. Emergency Preparedness at Work • During 9/11 event 10,000 GETS calls attempted into/out of/within New York City and Washington area with 95% completion rate • GETS not just for priority on Long Distance Calls • GETS extremely useful with local congestion or damage • Extensive use for calls between end offices within NYC during 9/11 when local trunks damaged but long distance trunks still operational • Bridge with communication links swept away in Oregon floods – GETS connected shorelines via long distance back door • Nisqually Earthquake – GETS calls within area exempt from network management controls • During Blackout 8/14-15 1231 GETS calls into/out of/within affected areas with 90% + success rate

  18. VoIP Security, Prof. Schulzrinne References

  19. VoIP Security, Prof. Schulzrinne References, contd.

More Related