The GeoPriv WG of the IETF has an ongoing dialogue that may be germane to
the work of the OASIS EM TC. This has to do with Threat analysis and use cases
for alerts. An example is:
Based on the discussion today, some notes, first on the threat model. At a high level, for this discussion, we care about users that place calls using wrong location information, for one of two purposes:
(1)
dispatching resources to a wrong place (here, resources can be anything from
AAA towtrucks to Domino's Pizza to a fire engine) = crank call;
(2)
flooding call centers with lots of calls apparently from different individuals and different locations, to overwhelm call takers that need to answer the call, determine that there's no human there (but maybe a recording) = DOS.
The first case relies on the ability to spoof
locations, possibly on a small scale, while the second relies on the ability
to create lots of different-looking calls in short order. It is easy to
filter out lots of calls coming from the same caller and/or exact same
location, so that type of replay attack is not as major a concern.
We
can probably agree that dealing with zombie PCs that report their correct
location and identity, but have been owned by a worm, are beyond what
GEOPRIV can fix and is best left to Microsoft and kin. (There are some
things one could do at the application layer if there's an attack, such as
some kind of Turing test to ascertain that the caller is a live human being.
I suspect it is not easy to make this work with sufficiently low failure
rates for children and those with limited command of English.)
For
both cases above, there are two related issues:
(1) limiting the ability
to perform the attack;
(2) prosecuting the attacker, as this is likely to
act as a deterrent.
It would be helpful to converge on the threat model,
without discussing solutions. It may well be that either threat cannot be
addressed in all cases.
Carl Reed, PhD CTO and Executive Director Specification
Program OGC
The OGC: Helping the World to Communicate Geographically
---------------------
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential or privileged information.
If you are not the intended recipient, any use, copying, disclosure,
dissemination or distribution is strictly prohibited. If you are not the
intended recipient, please notify the sender immediately by return email
and delete this communication and destroy all copies.
|