fied long ago and has surfaced again
in the ongoing debate about the accountable Internet (for example, see
Clark and Landau2).
The list of security threats in VoIP
and IM systems is naturally quite
long. Of course, research and standardization has also been ongoing,
and various countermeasures have
been developed and are waiting to
be deployed. Some specific protocols
also had to be developed to support
emergency services, such as the Lo-cation-to-Service Translation (LoST)
protocol that is used for routing emergency calls to the appropriate Public
Safety Answering Points (PSAPs).
These components introduce additional attack vectors.
The work on the next-generation emergency services infrastructure is progressing with NENA and EENA leading
the work in North America and Europe,
respectively. With the baseline technical standards coming from the IETF,
security threats have been investigated
and documented, and technical countermeasures have also been developed.
While many of these problems are being observed in today’s emergency services system, it is likely the transition
to an all-IP-based emergency services
infrastructure will invite far more attacks. There are various barriers for
dealing with these problems, namely:
˲ ˲ As long as attacks are still low
(and the amount of IP-based emergency services is still low due to either
the lack of regulation or unclear regulatory situation worldwide) there is
no incentive to resolve the problem;
˲ ˲Many Internet players seem to
lack economic incentives to deploy
infrastructure for a high level of assurances—an area that aims to be addressed by NSTIC but with uncertain
success outcome at this point in time;
˲ ˲ A lack of harmonization at the legal level. The Internet architectural
model is not well enough understood
by the regulatory community. The
temptation to follow well-established
patterns and to talk to their existing
clientele is often too big; unfortunately that work style is not a match
for today’s ecosystem.
The last item is a particular area
where further work is needed to bridge
the gap between the policy and the
technical community. Organizations
developing technical standards are typ-
ically not ideally positioned to convey
messages to policymakers on how re-
sponsibilities for the deployment have
to be shared among the different stake-
holders in the ecosystem and what non-
technical considerations need to be ad-
dressed. Due to their broader mandate,
which includes training, certification,
lobbying, and operational guidance,
emergency services communities such
as NENA and EENA are in an ideal posi-
tion to close this gap.
1. barnes, r., Cooper, a., and tschofenig, h. technical
considerations for next-generation 911—Comments
in the matter of framework for next generation 911
deployment, Ps docket no. 10-255; http://fjallfoss.fcc.
2. Clark, d., and landau, s. untangling attribution. In
Proceedings of a Workshop on Deterring CyberAttacks:
Informing Strategies and Developing Options for U.S.
3. eena. False emergency calls eena operations
files/2011_03_ 15_ 3. 1. 2.fc_v1.0.pdf.
4. FbI. don’t make the call—the new phenomenon
of ‘swatting,’ Feb. 2008; http://www.fbi.gov/news/
5. Federal Communications Commission. Framework for
next generation 911 deployment, Ps docket no. 10-255,
december 21, 2010; http://www.fcc.gov/daily_releases/
6. nena. nena executive board approves end-state vision
for next generation 9-1-1; http://www.nena.org/stories/
7. nICC. VoIP—location for emergency Calls
(architecture), nICC nd 1638 Issue 1. 1. 2, march
8. nIst. draFt electronic authentication guideline;
special Publication 800-63, June 2011; http://csrc.nist.
9. nIst. national strategy for trust Identities in
Cyberspace (nstIC); http://www.nist.gov/nstic/.
10. rosen, b. and Polk, J. best current practice for
communications services in support of emergency
calling; draft-ietf-ecrit-phonebcp- 17 (work in
progress), march 2011.
11. rosen, b. et al. Framework for emergency calling
using Internet multimedia; draft-ietf-ecrit-framework- 12 (work in progress).
12. taylor, t. et al. security threats and requirements
for emergency call marking and mapping. rFC 5069,
13. tschofenig, h., schulzrinne, h., and aboba, b.
trustworthy location information, draft-ietf-ecrit-
trustworthy-location-02 (work in progress), may 2011.
hannes Tschofenig ( email@example.com) is
employed by nokia siemens networks in Finland and
spends most of his time in the Internet engineering
task Force (IetF) with the design of Internet protocols.
he is a member of the Internet architecture board and
co-chairs the IetF web authorization Protocol (oauth)
working group. For many years he was co-chair of the
IetF emergency Context resolution with Internet
technologies (ecrit) working group.
Copyright held by author.
11th Koli Calling international
Conference on Computing
Contact: Ari Korhonen,
international Conference on
management of emergent
San francisco, CA,
Contact: William Grosky,
november 28–December 1
ACm multimedia Conference,
Contact: Kasim Selcuk Candan,
november 28–December 2
the Annual meeting of the
Australian Special interest
Group for Computer human
Contact: Duncan Stevenson,
the 44th Annual ieee/ACm
international Symposium on
Porto Alegre, Brazil,
Contact: Luigi Carro,
Computer human interaction
for the management of
Contact: Adam S. moskowitz,
international iCSt Conference
on Bio-inspired models of
network, information and
York, United Kingdom,
Contact: timmis Jonathan,
the 13th international
Conference on information
integration and Web-based
Application & Services,
hue City, Vietnam,
Contact: rahayu Wenny,