250 likes | 566 Vues
Emergency Services. Chitra S VOIP Security Fall 2008. Contents. Problem with existing emergency model ECRIT Terminology used in emergency context Location-URI mapping and emergency call flow Emergency service identifiers – URN Location to Service Translation and LCP
E N D
Emergency Services Chitra S VOIP Security Fall 2008
Contents • Problem with existing emergency model • ECRIT • Terminology used in emergency context • Location-URI mapping and emergency call flow • Emergency service identifiers – URN • Location to Service Translation and LCP • Typical Implementation • Security Threats • References • Demo
Emergency Context Resolution with Internet Technologies • Internet technologies available to • describe location • manage call routing • WG shows how to use these to enable communication in emergency context • Solutions presented independent of • jurisdiction • central authority • Multiple delegations within a jurisdiction can be handled independently
Terminology An organization that provides IP network-layer services to its customers or users. resolving a location to one or more PSAP URI Mapping IAP Location info Mapping server Identifies an emergency service Service provider that provides voice related services based on IP String of digits used to reach the emergency service (0-9,*,#) Emergency service identifier/ URN Voice Service Provider (ASP/VSP) urn:service:sos.police 911 112 Emergency number ESRP Routing support entity that maps a location to a PSAP URI Location PSAP Geographic identification attached to a region Facility where emergency calls are received under the responsibility of a public authority
Location Mapping and Call Routing (3) Consult mapping service to determine appropriate PSAP + dial string (1) Might be available at the end host itself (5) Location information is used for subsequent mapping requests Internet Access Provider Mapping Service Emergency caller Location Information (6) Consult mapping service to determine where to route call Application/ Voice Service Provider Location Information (2)Can also be obtained from ISP (4) Might use aid of emergency call routing infrastructure elements that are call routing support entities ESRP PSAP (8) May directly interact with PSAP where UE invokes mapping and initiates connection without relying on routing support entities (7) For infrastructure based routing support entity needs to forward call to PSAP
Identify Emergency Call Determine Location Route to Correct PSAP Present call to call taker Emergency Call Flow Dialing sequence for a given location is provided by mapping server. Location is central to operation of emergency services Call taker helps dispatch of an emergency responder Routing determines the most appropriate PSAP for the location
Identify Emergency Call - URN • URN helps define global well known service • URN identifies services independent of the protocol that is used to request or deliver the service • The service URN is a protocol element and is generally not expected to be visible to humans e.g. callers still dial 911 • Hierarchical, case-insensitive labels separated by period e.g. URN:service:sos.police • URNs are not routable, • Translate the service URN into a routable URI
Forward Query LoST Server Authoritative LoST Server LoST Client Query response: Uniform Resource Identifier (URI) Get response Location-to-Service Translation • Protocol for mapping service identifier and location information to a service URI • Resolved recursively or iteratively. • Supports caching • Servers are identified using U-NAPTR/DDDS e.g. lostserver.example.com Query message: Location Information and service URN
LoST Queries • <findService>, <getServiceBoundary>, <listServices>, <listServicesByLocation> • Common Triggers are when: • client initially starts up or attaches to a network • client detects it is outside bounds of service region • SIP message arrives at a proxy performing location based call routing • Cached mapping information has expired • Invoking a particular service
End System Location Configuration • Location may be specified as civic or geospatial value • UA can obtain this from access network using Location Configuration Protocols (LCP) • Mandatory to implement all LCPs established in I-D.ietf-ecrit-phonebcp • Location information should be refreshed when the cache value expires • Devices should get routing location immediately after obtaining local network configuration information • Location Validation is required by some jurisdictions
Location Configuration Protocol LocationServer LocationRecipient LocationDereferencing LocationFormats Query with location info LocationConfigurationProtocol Client http://www.emergency-services-coordination.info/2008Oct/slides/esw5-geopriv.ppt
Placing an Emergency Call LIS SIP Registrar LIS SIP Registrar LoST Query LoST Response LoST Servers LoST Servers PSAP3 SIP Register 200 OK Call taker Proxy ESRP PSAP1 Caller Caller-Proxy INVITE Proxy ESRP INVITE ESRP-PSAP INVITE PSAP2 LCP Request LCP Response
A Typical Implementation – NENA Architecture https://mentor.ieee.org/802.11/file/07/11-07-0794-00-000u-nena-i3-archr-overview.ppt
Security Threats Attackers attacking system try to: • Deny system services to all users in a given area • Gain fraudulent use of services by using an emergency identifier to bypass normal authentication • Divert emergency calls to non-emergency sites Attackers attacking individuals try to: • Prevent individual from receiving aid • Gain information from an emergency that can be applied: • against an individual involved or • to the profit of attacker
Security Threats Denial of Service Attack Impersonation of Server Corruption of Database Mapping LIS Mapping server To bypass normal procedures in order to achieve fraudulent use of services Emergency service identifier/ URN Voice Service Provider (ASP/VSP) urn:service:sos.police 911 112 Emergency number ESRP Prevent individuals from receiving aid Location PSAP To reduce effectiveness of ER system for caller(s) in an area
References • Requirements for emergency context resolution with internet technologies (http://www.ietf.org/rfc/rfc5012.txt) • URN for emergency and other well know services (http://www.ietf.org/rfc/rfc5031.txt) • Security threats and requirements (http://www.ietf.org/rfc/rfc5069.txt) • LoST (http://www.ietf.org/rfc/rfc5222.txt) • LoST servers using DHCP (http://www.ietf.org/rfc/rfc5223.txt) • Framework for emergency calling using internet multimedia (http://www.ietf.org/rfc/rfc5223.txt)
Caller Location Call Taker Response Mental Model • Emergency Response Context encloses individuals seeking help • There could be multiple, overlapping contexts • Physical location of the individual is critical • Emergency Response Context can change in response to the load User Equipment
Emergency call using VOIP https://mentor.ieee.org/802.11/file/07/11-07-0794-00-000u-nena-i3-archr-overview.ppt
Services and sub-services are maintained by IANA (rfc 2434) The top level service labels are sos and counseling Sub services for sos include ambulance, fire etc Service Reference Description -------------------------------------------------------------------- counseling RFC 5031 Counseling services counseling.children RFC 5031 Counseling for children counseling.mental-health RFC 5031 Mental health counseling.suicide RFC 5031 Suicide prevention hotline sos RFC 5031 Emergency services sos.ambulance RFC 5031 Ambulance service sos.animal-control RFC 5031 Animal control sos.fire RFC 5031 Fire service URN – IANA Considerations
LoST Query Sample LoST Query Sample LoST Response