Just to add to this: I think we should state explicitly that we're
not trying to solve all security problems related to emergency
services. False dispatch is unlikely to be something that we can
reasonably address; the best we can do is say that next-generation
systems may make checking on incident reports easier. For example, a
call taker might be able to easily see the picture on a surveillance
camera for the area, to see if there smoke where there's supposed to
be a large fire. In the UK, this presumably will capture just about
any corner of the cities. (Whether that's desirable from a privacy
perspective is probably best left to other discussion forums.) From
what I can tell, good call takers also develop a hunch that the
giggling teenager may deserve an additional question or two before
sending a fire truck. Having additional site information may also
allow the call taker to ask questions. If you have the new Google
street-level views, you can ask "what store is this accident next
to?" or you can see that the supposed house fire is in an open field.
In many cases, sending a squad car to check things out is a much
better choice than not responding, since the consequences of that may
be dire.
All of this is well beyond what a protocol working group can do. We
shouldn't promise to solve all the emergency services world's
security problems.
On Aug 20, 2007, at 11:49 AM, Hannes Tschofenig wrote:
The future emergency services infrastructure might be able to
handle more media types and accept additional data. However, it is
quite likely that the PSAP operator will not be able to use these
things for a long time since the capabilities are just not
supported by end systems and in some cases it might actually be
difficult to expect the emergency caller to take pictures (given
the level of stress they are likely to experience during an
emergency situation).
Finally, an adversary can easily exploit such a system by not
attaching videos or pictures since the emergency call will not
rejected anyway.
I think the best we can hope for at the moment is that the
capabilities built into SIP are used to a maximum extent and that
the PSAP operator accepts supplementary data about the emergency
scene.
We are, to some extend, trying to capture some of these attacks.
Our focus was more on the attack against the PSAP itself when faked
location information was used. We have published a few documents on
this subject already, see http://www.tschofenig.com/wp/?p=131. We
hope to make some progress on that topic as well since it appeared
to be a difficult one.
Ciao
Hannes
Best regards,
- Christian
_______________________________________________
Ecrit mailing list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/ecrit
_______________________________________________
Gen-art mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/gen-art
