OASIS Emergency Management TC

 View Only

RE: Related discussion in the IETF related EDXL, CAP, etc

  • 1.  RE: Related discussion in the IETF related EDXL, CAP, etc

    Posted 05-17-2005 16:42
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    emergency message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: RE: Related discussion in the IETF related EDXL, CAP, etc


    The GeoPriv WG of the IETF has an ongoing dialogue that may be germane to the work of the OASIS EM TC. This has to do with Threat analysis and use cases for alerts. An example is:
     
    Based on the discussion today, some notes, first on the threat model. At
    a high level, for this discussion, we care about users that place calls
    using wrong location information, for one of two purposes:

    (1) dispatching resources to a wrong place (here, resources can be
    anything from AAA towtrucks to Domino's Pizza to a fire engine) = crank
    call;

    (2) flooding call centers with lots of calls apparently from different
    individuals and different locations, to overwhelm call takers that need
    to answer the call, determine that there's no human there (but maybe a
    recording) = DOS.

    The first case relies on the ability to spoof locations, possibly on a
    small scale, while the second relies on the ability to create lots of
    different-looking calls in short order. It is easy to filter out lots of
    calls coming from the same caller and/or exact same location, so that
    type of replay attack is not as major a concern.

    We can probably agree that dealing with zombie PCs that report their
    correct location and identity, but have been owned by a worm, are beyond
    what GEOPRIV can fix and is best left to Microsoft and kin. (There are
    some things one could do at the application layer if there's an attack,
    such as some kind of Turing test to ascertain that the caller is a live
    human being. I suspect it is not easy to make this work with
    sufficiently low failure rates for children and those with limited
    command of English.)

    For both cases above, there are two related issues:

    (1) limiting the ability to perform the attack;

    (2) prosecuting the attacker, as this is likely to act as a deterrent.

    It would be helpful to converge on the threat model, without discussing
    solutions. It may well be that either threat cannot be addressed in all
    cases.
    Carl Reed, PhD
    CTO and Executive Director Specification Program
    OGC
     

    The OGC: Helping the World to Communicate Geographically
     
    ---------------------
     
     
     
    This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender  immediately by return email and delete this communication and destroy all copies.
     
     


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]