1 / 7

Extending Emergency Services Architecture for Unauthenticated and Unauthorized Devices

Explore terminology and scenarios related to unauthenticated and unauthorized emergency services for devices without proper credentials, featuring key insights on access and authorization procedures.

swhiteside
Download Presentation

Extending Emergency Services Architecture for Unauthenticated and Unauthorized Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Extensions to the Emergency Services Architecture for dealing with Unauthenticated and Unauthorized Devices draft-schulzrinne-ecrit-unauthenticated-access-01.txt

  2. Terminology • Un-initialized Device: A device without VoIP client software. • Non-service-initialized Device: A device for which there is no valid service contract with a provider of the services. Other terms: "un-activated", "un-provisioned”, “unbranded”, “non-service-initialized” device. • Unauthenticated Emergency Service: The term "unauthenticated emergency services" refers to the case where an emergency caller does not have credentials (e.g., no SIM card, no username and password, no private key) to either attach to network or for usage with a VoIP service or both. Still, the device is granted (limited) access to perform emergency calling. It is important to differentiate between the unavailability of credentials for network access and for VoIP access as the network provider and the VoIP provider are often distinct entities and therefore the user might have different credentials with the two.

  3. Terminology • Unauthorized Emergency Service: The term "unauthorized emergency services" refers to the case where a device aims to attach to the network or to use a VoIP service but the authorization procedure fails. The authorization step may fail as a consequence of triggering different procedures (such as network access authentication or registration at the VoIP providers registrar). Still, the device is granted (limited) access to perform emergency calling. It is important to differentiate between network operator and VoIP provider as they often refer to different parties and therefore the authorization decision might be executed by a different backend infrastructure. • Lack of authorization might be caused by a number of reasons, including credit exhaustion, expired accounts, locked account, missing access rights (e.g., access to the competitors enterprise network), etc.

  4. SIM-less calls were allowed for a brief period!!! Disclaimer Source: Federal Office of Communications (OFCOM), Switzerland

  5. Architecture LIS Location Access Network INVITE INVITE SIP Proxy dial dialstring SOS caller PSAP / Call Taker

  6. Impact • Specific deployment variant of the IETF emergency services architecture • Necessary to deal with fraud and DoS attacks • Mandatory SIP-based VoIP profile • Builds on lower layer functionality • Note that document does not consider the case where credentials with VSP are available but credentials to IAP/ISP are missing or authorization at IAP/ISP fails. • Authentication procedure with VSP unclear.

  7. Next Steps • Discuss terminology • Provide more details for the disclaimer • Resolve technical issues • Reflect discussions around lower-layer aspects to have at least one “workable” example. • Proposal: Consider IEEE 802.11

More Related