Network Working Group T. Taylor, Ed.
Request for Comments: 5069 Nortel
Category: Informational H. Tschofenig
Nokia Siemens Networks
H. Schulzrinne
Columbia University
M. Shanmugam
Detecon
January 2008
Security Threats and Requirements for
Emergency Call Marking and Mapping
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Abstract
This document reviews the security threats associated with the
marking of signalling messages to indicate that they are related to
an emergency, and with the process of mapping locations to Universal
Resource Identifiers (URIs) that point to Public Safety Answering
Points (PSAPs). This mapping occurs as part of the process of
routing emergency calls through the IP network.
Based on the identified threats, this document establishes a set of
security requirements for the mapping protocol and for the handling
of emergency-marked calls.
Taylor, et al. Informational [Page 1]RFC 5069 ECRIT Security Requirements January 2008Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Marking, Mapping, and the Emergency Call Routing Process . . . 3
3.1. Call Marking . . . . . . . . . . . . . . . . . . . . . . . 3
3.2. Mapping . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Objectives of Attackers . . . . . . . . . . . . . . . . . . . 4
5. Potential Attacks . . . . . . . . . . . . . . . . . . . . . . 5
5.1. Attacks Involving the Emergency Identifier . . . . . . . . 5
5.2. Attacks Against or Using the Mapping Process . . . . . . . 5
5.2.1. Attacks Against the Emergency Response System . . . . 6
5.2.2. Attacks to Prevent a Specific Individual from
Receiving Aid . . . . . . . . . . . . . . . . . . . . 7
5.2.3. Attacks to Gain Information about an Emergency . . . . 7
6. Security Requirements Relating to Emergency Marking and
Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1. Normative References . . . . . . . . . . . . . . . . . . . 10
9.2. Informative References . . . . . . . . . . . . . . . . . . 10
1. Introduction
Legacy telephone network users can summon help for emergency services
(such as an ambulance, the fire department, and the police) using a
well known number (e.g., 911 in North America, 112 in Europe). A key
factor in the handling of such calls is the ability of the system to
determine caller location and to route the call to the appropriate
Public Safety Answering Point (PSAP) based on that location. With
the introduction of IP-based telephony and multimedia services,
support for emergency calling via the Internet also has to be
provided. Two core components of IP-based emergency calling include
an emergency service identifier and a mapping protocol. The
emergency service identifier indicates that the call signaling
establishes an emergency call, while the mapping protocol translates
the emergency service identifier and the caller's geographic location
into an appropriate PSAP URL.
Attacks against the Public Switched Telephone Network (PSTN) have
taken place for decades. The Internet is seen as an even more
hostile environment. Thus, it is important to understand the types
of attacks that might be mounted against the infrastructure providing
emergency services and to develop security mechanisms to counter
those attacks. While this can be a broad topic, the present document
restricts itself to attacks on the mapping of locations to PSAP URIs
and attacks based on emergency marking. Verification by the PSAP
Taylor, et al. Informational [Page 2]RFC 5069 ECRIT Security Requirements January 2008
datatracker.ietf.org