OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

emergency message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Related discussion in the IETF related EDXL, CAP, etc

The GeoPriv WG of the IETF has an ongoing dialogue that may be germane to the work of the OASIS EM TC. This has to do with Threat analysis and use cases for alerts. An example is:
Based on the discussion today, some notes, first on the threat model. At
a high level, for this discussion, we care about users that place calls
using wrong location information, for one of two purposes:

(1) dispatching resources to a wrong place (here, resources can be
anything from AAA towtrucks to Domino's Pizza to a fire engine) = crank

(2) flooding call centers with lots of calls apparently from different
individuals and different locations, to overwhelm call takers that need
to answer the call, determine that there's no human there (but maybe a
recording) = DOS.

The first case relies on the ability to spoof locations, possibly on a
small scale, while the second relies on the ability to create lots of
different-looking calls in short order. It is easy to filter out lots of
calls coming from the same caller and/or exact same location, so that
type of replay attack is not as major a concern.

We can probably agree that dealing with zombie PCs that report their
correct location and identity, but have been owned by a worm, are beyond
what GEOPRIV can fix and is best left to Microsoft and kin. (There are
some things one could do at the application layer if there's an attack,
such as some kind of Turing test to ascertain that the caller is a live
human being. I suspect it is not easy to make this work with
sufficiently low failure rates for children and those with limited
command of English.)

For both cases above, there are two related issues:

(1) limiting the ability to perform the attack;

(2) prosecuting the attacker, as this is likely to act as a deterrent.

It would be helpful to converge on the threat model, without discussing
solutions. It may well be that either threat cannot be addressed in all
Carl Reed, PhD
CTO and Executive Director Specification Program

The OGC: Helping the World to Communicate Geographically
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender  immediately by return email and delete this communication and destroy all copies.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]