RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

From: Brian Rosen ^lt;>
Date: Tue Feb 27 2007 - 08:00:36 EST


One of the security tenants we live with is that nearly all security
mechanisms can be breached if the attacker is skilled enough, or spends
enough money. The attack I want to prevent is a script kiddie sending cops
on a wild goose chase. They do this now with pay phones. With VoIP, we
make it MUCH easier to mount this attack. I want to get the cost of the
attack high enough that it takes a major organized effort costing
significant sums.

Signatures do that.

It IS possible to spoof ANI today. It's much easier now than it was even a
couple years ago, which is a problem to the emergency call system. Until
we "broke" ANI, PSAPs were pretty immune to spoof of location except from
highly organized and well financed groups or very highly skilled hackers.
With IP endpoints, we have lowered the bar to trivial spoof far too low. We
need to raise it, and signatures will raise it. We can argue how high the
bar gets raised, but without signatures, pretty much anyone who can program
can cause an emergency call to appear like it comes from anywhere they want
it to. That bar is too low.

I'm happy to discuss alternate ways to prevent trivial forgery of location.
I'm not at all happy to drop signatures as a viable way to do that unless
you can show that a trivial attack works in the presence of a signature

It is a fact that PSAPs believe what they are told. Regardless of what the
automatic mechanisms say about location, they go where the caller tells them
to go. However, they do know how to handle suspicious calls. They do know
how to back track. They know how to send back up units. Suspicion is
something they know how to deal with.


> -----Original Message-----
> From: Marc Linsner []
> Sent: Monday, February 26, 2007 11:20 PM
> To: 'Dawson, Martin'
> Subject: RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-
> LOdigitalsignatures)
> Martin,
> In-line...
> >
> > Properly applied signature security means that each call
> > needs to come from a corresponding physical presence in the
> > area of coverage of the PSAP.
> This statement is incorrect. A LO, signed or not, is a stand alone piece
> of
> data that can be launched from *anywhere*.
> -Marc-
> _______________________________________________
> Geopriv mailing list

Geopriv mailing list
Received on Tue, 27 Feb 2007 08:00:36 -0500

This archive was generated by hypermail 2.1.8 : Tue Feb 27 2007 - 08:00:45 EST