NENA’s 11NENA’s 11thth Annual AnnualTechnical Development Technical Development

ConferenceConferenceAn Architecture for Next-An Architecture for Next-Generation Emergency Generation Emergency

ServicesServicesHenning SchulzrinneHenning Schulzrinne

Columbia UniversityColumbia University

OverviewOverview How does VoIP differ from landline and How does VoIP differ from landline and

wireless PSTN?wireless PSTN? IETF effortsIETF efforts

statusstatus assumptionsassumptions

Common URL for emergency servicesCommon URL for emergency services Routing emergency callsRouting emergency calls Common location formatCommon location format Configuration of local emergency call numbersConfiguration of local emergency call numbers Security issuesSecurity issues

PSTN vs. Internet TelephonyPSTN vs. Internet Telephony

Signaling & Media Signaling & Media

Signaling Signaling

Media

PSTN:

Internettelephony:

China

Belgian customer,currently visiting US

Australia

SIP trapezoidSIP trapezoid

SIP trapezoid

outbound proxy

a@foo.com: 128.59.16.1

registrar

1st request

2nd, 3rd, … request

voice trafficRTP

destination proxy(identified by SIP URI domain)

SIP addressingSIP addressing Users identified by SIP or tel URIsUsers identified by SIP or tel URIs

sip:alice@example.comsip:alice@example.com tel: URIs describe E.164 number, not tel: URIs describe E.164 number, not

dialed digits (RFC 2806bis)dialed digits (RFC 2806bis) tel URIs tel URIs SIP URIs by outbound proxy SIP URIs by outbound proxy A person can have any number of SIP A person can have any number of SIP

URIsURIs The same SIP URI can reach many The same SIP URI can reach many

different phones, in different networksdifferent phones, in different networks sequential & parallel forkingsequential & parallel forking

SIP URIs can be created dynamically:SIP URIs can be created dynamically: GRUUsGRUUs conferencesconferences device identifiers (sip:foo@128.59.16.15)device identifiers (sip:foo@128.59.16.15)

Registration binds SIP URIs (e.g., Registration binds SIP URIs (e.g., device addresses) to SIP “address-of-device addresses) to SIP “address-of-record” (AOR)record” (AOR)

tel:110 sip:sos@domain

domain 128.59.16.17via NAPTR + SRV

How does VoIP differ from How does VoIP differ from landline and wireless PSTN?landline and wireless PSTN?

Telephone companies are no Telephone companies are no longer neededlonger needed there are still carriers for DSL and there are still carriers for DSL and

cable “IP dial tone”cable “IP dial tone” but unaware of type of data but unaware of type of data

carriedcarried VSP may be in another state or VSP may be in another state or

countrycountry Corporations and universities Corporations and universities

don’t have email carriers, eitherdon’t have email carriers, either

voice service provider(RTP)

ISP(IP)

dark fiberprovider

Yaho

oM

CINY

SERN

ET

Why is VoIP ≠ wireless?Why is VoIP ≠ wireless? VoIP devices may not have phone VoIP devices may not have phone

numbers as lookup keysnumbers as lookup keys e.g., sip:hgs@cs.columbia.edue.g., sip:hgs@cs.columbia.edu

Location information for devices is civil, Location information for devices is civil, not longitude/latitudenot longitude/latitude e.g., service address for VSPse.g., service address for VSPs GPS not available (nor functional) on indoor GPS not available (nor functional) on indoor

devicesdevices plus, accuracy of 50 m (67%) or 150 m spans plus, accuracy of 50 m (67%) or 150 m spans

many buildings…many buildings… no floor informationno floor information

Cell phones don’t work in our building…Cell phones don’t work in our building… so A-GPS is unlikely to work there, eitherso A-GPS is unlikely to work there, either

Plus, wireless E911 complexity due to old Plus, wireless E911 complexity due to old signaling mechanismsignaling mechanism

50m

IETF effortsIETF efforts IETF = Internet Engineering Task ForceIETF = Internet Engineering Task Force ““The Internet Engineering Task Force The Internet Engineering Task Force (IETF)(IETF) is is

a large open international community of a large open international community of network designers, operators, vendors, and network designers, operators, vendors, and researchers concerned with the evolution of researchers concerned with the evolution of the Internet architecture and the smooth the Internet architecture and the smooth operation of the Internet. It is open to any operation of the Internet. It is open to any interested individual.”interested individual.”

Efforts on 911 services go back to 2001, …Efforts on 911 services go back to 2001, … but only recent high-impact effortsbut only recent high-impact efforts individuals working both in NENA and IETF WGsindividuals working both in NENA and IETF WGs

Current IETF draftsCurrent IETF drafts draft-taylor-sipping-emerg-scen-01draft-taylor-sipping-emerg-scen-01

scenarios, e.g., hybrid VoIP-PSTNscenarios, e.g., hybrid VoIP-PSTN draft-schulzrinne-sipping-emergency-arch-00draft-schulzrinne-sipping-emergency-arch-00

overall architecture for emergency callingoverall architecture for emergency calling draft-ietf-sipping-sos-00draft-ietf-sipping-sos-00

describes ‘sos’ SIP URIdescribes ‘sos’ SIP URI draft-rosen-dns-sos-00draft-rosen-dns-sos-00

new DNS resource records for location mappingnew DNS resource records for location mapping

Architectural assumptions and Architectural assumptions and goalsgoals

SIP-based for interchangeSIP-based for interchange other protocols (e.g., H.323) via gatewayother protocols (e.g., H.323) via gateway

avoid complexity of multiple protocols everywhereavoid complexity of multiple protocols everywhere H.248/MGCP not used for interdomain signaling H.248/MGCP not used for interdomain signaling not not

needed hereneeded here InternationalInternational

devices bought anywhere can make emergency calls devices bought anywhere can make emergency calls anywhereanywhere

limit biases in address formats, languages, …limit biases in address formats, languages, … avoid built-in bias for “911” or “112” (mostly)avoid built-in bias for “911” or “112” (mostly) use term “ECC” instead of “PSAP” use term “ECC” instead of “PSAP”

MultimediaMultimedia support non-audio media if available in PSAPsupport non-audio media if available in PSAP

Goals, cont’d.Goals, cont’d. Support other communications modesSupport other communications modes

IMIM maybe email latermaybe email later

Support access for callers with Support access for callers with disabilitiesdisabilities real-time textreal-time text video for sign languagevideo for sign language

Common URL for emergency Common URL for emergency servicesservices

Emergency numbers may be dialed from many Emergency numbers may be dialed from many different placesdifferent places about 60 (national) different emergency service about 60 (national) different emergency service

numbers in the worldnumbers in the world many are used for other services elsewhere (e.g., many are used for other services elsewhere (e.g.,

directory assistance)directory assistance) End systems, proxies and gateways should be End systems, proxies and gateways should be

able to tell easily that a call is an emergency able to tell easily that a call is an emergency callcall

Thus, need common identifier for callsThus, need common identifier for calls

Common URL for emergency Common URL for emergency callscalls

IETF draft suggests “sip:sos@home-domain”IETF draft suggests “sip:sos@home-domain” home-domain: domain of callerhome-domain: domain of caller

Can be recognized by proxies along the wayCan be recognized by proxies along the way short cut to emergency infrastructureshort cut to emergency infrastructure

If not, it reaches home proxy of subscriberIf not, it reaches home proxy of subscriber Call can be routed from there easilyCall can be routed from there easily

global access to routing information (see later)global access to routing information (see later)

Service identificationService identification In some countries, In some countries,

specialized numbers for specialized numbers for police, fire, …police, fire, …

We add SIP protocol We add SIP protocol header that identifies header that identifies call service:call service: Accept-Contact:

* ;service=“sos.mountain”

Generally, not user Generally, not user visiblevisible

sos.firesos.fire fire brigadefire brigadesos.rescuesos.rescue ambulanceambulancesos.marinesos.marine marine marine

guardguardsos.policesos.police policepolicesos.mountasos.mountainin

mountain mountain rescuerescue

sos.testsos.test only testingonly testing

Other call identifiersOther call identifiers Using SIP caller preferences/callee capabilitiesUsing SIP caller preferences/callee capabilities Caller languagesCaller languages

automatically route to PSAP or call taker that automatically route to PSAP or call taker that speaks Frenchspeaks French

Accept-Language: frAccept-Language: fr Caller media preferencesCaller media preferences

automatically route to PSAP or call taker that can automatically route to PSAP or call taker that can deal with typed textdeal with typed text

Accept-Contact: *;text;requireAccept-Contact: *;text;require

Translating dialed digits Translating dialed digits Always available: 112 and 911Always available: 112 and 911 Configuration mechanisms:Configuration mechanisms:

SIM cards (GSM phones)SIM cards (GSM phones) XCAP configurationXCAP configuration

local (outbound) proxylocal (outbound) proxy home proxyhome proxy

DNSDNS Default configuration if no other Default configuration if no other

information available:information available: 000, 08, 110, 999, 118 and 119000, 08, 110, 999, 118 and 119

Translating dialed numbers to Translating dialed numbers to emergency identifiersemergency identifiers

“9-1-1” 919111

sossos sossos

111100

sossos sos.policsos.policee

111122

sossos sos.firesos.fireOn many telephone-like systems, only numbers are available number translation

sips:sos@example.com

Emergency number Emergency number configuration via DNSconfiguration via DNS

NAPTR 100 10 "u" "SOS" "/110/sips:sos.police@notfall.de/i

de.sos.arpa

country=DEDHCP server

add 110 to list ofemergency dial strings

Determining locationsDetermining locations Conveyed via DHCP from IP-level providerConveyed via DHCP from IP-level provider

Formats:Formats: geospatial (longitude, latitude, altitude or floor)geospatial (longitude, latitude, altitude or floor) civil (country, administrative units, street)civil (country, administrative units, street)

Provider usually knowsProvider usually knows Does not depend on being a voice service providerDoes not depend on being a voice service provider

802.11 triangulation802.11 triangulation GPS (for mobile devices)GPS (for mobile devices) Via configuration protocol (XCAP)Via configuration protocol (XCAP)

relies on VSP having accurate service location informationrelies on VSP having accurate service location information User-configured (last resort)User-configured (last resort)

Enhancing DHCP for Enhancing DHCP for locationslocations

use MAC address backtracing to get location informationuse MAC address backtracing to get location information can use existing DHCP servers and clientscan use existing DHCP servers and clients

DHCPserver

458/17 Rm. 815458/18 Rm. 816

DHCP answer:sta=DC loc=Rm815lat=38.89868 long=77.03723

8:0:20:ab:d5:d

CDP + SNMP8:0:20:ab:d5:d 458/17

GEOPRIV geospatial formatGEOPRIV geospatial format Based on Based on

GML mark-upGML mark-up

<?xml version="1.0" encoding="UTF-8"?> <presence xmlns="urn:ietf:params:xml:ns:pidf" xmlns:gp="urn:ietf:params:xml:ns:pidf:geopriv10" xmlns:gml="urn:opengis:specification:gml:schema-xsd:feature:v3.0" entity="pres:geotarget@example.com"> <tuple id="sg89ae"> <timestamp>2003-06-22T20:57:29Z</timestamp> <status> <gp:geopriv> <gp:location-info> <gml:location> <gml:Point gml:id="point96" srsName="epsg:4326"> <gml:coordinates>31:56:00S 115:50:00E</gml:coordinates> </gml:Point> </gml:location> </gp:location-info> <gp:usage-rules> <gp:retransmission-allowed>no</gp:retransmission-allowed> <gp:retention-expiry>2003-06-23T04:57:29Z</gp:retention-expiry> </gp:usage-rules> </gp:geopriv> </status> </tuple> </presence>

GEOPRIV civil formatGEOPRIV civil format Based on NENA XML Based on NENA XML

elementselements Except internationalized Except internationalized

administrative divisions:administrative divisions:AA11

national subdivisions (state, region, national subdivisions (state, region, province, prefecture)province, prefecture)

AA22

county, parish, gun (JP), district (IN)county, parish, gun (JP), district (IN)

AA33

city, township, shi (JP)city, township, shi (JP)

AA44

city division, borough, city district, ward, city division, borough, city district, ward, chou (JP)chou (JP)

AA55

neighborhood, blockneighborhood, block

AA66

streetstreet

<country>US</country><A1>NJ</A1><A2>Bergen</A2><A3>Leonia</A3><A6>Westview</A6><STS>Ave</STS><HNO>313</HNO><NAM>Schulzrinne</NAM><ZIP>07605-1811</ZIP>

Location-based call routing – Location-based call routing – UA knows its locationUA knows its location

GPS

48° 49' N 2° 29' E

INVITE sips:sos@

DHCP

outboundproxy server

48° 49' N 2° 29' E Paris fire department

Location-based call routing – Location-based call routing – network knows locationnetwork knows location

IP

48° 49' N 2° 29' E

TOA

include locationinfo in 302

INVITE sips:sos@ INVITE sips:sos@paris.gendarme.fr

map location to (SIP) domain

outbound proxy

A quick review of DNSA quick review of DNS DNS = mapping from hierarchical names to DNS = mapping from hierarchical names to

resource recordsresource records commonly, but not necessarily IP addressescommonly, but not necessarily IP addresses

Authoritative server for each domain operated by Authoritative server for each domain operated by domaindomain e.g., columbia.edu server is owned & operated by e.g., columbia.edu server is owned & operated by

Columbia University Columbia University

pc.example.com leonia.nj.uscaches results

leonia.nj.us?

How does the PSAP find the How does the PSAP find the caller’s location?caller’s location?

Largest difference to existing E911 systemLargest difference to existing E911 system In-band, as part of call setupIn-band, as part of call setup

carried in body of setup messagecarried in body of setup message rather than by reference into external databaserather than by reference into external database

May be updated during callMay be updated during call moving vehiclesmoving vehicles late availability of information (GPS acquisition late availability of information (GPS acquisition

delay)delay) Also possible: subscribe to location information Also possible: subscribe to location information

GEOPRIV and SIMPLE GEOPRIV and SIMPLE architecturesarchitectures

target locationserver

locationrecipient

rulemaker

presentity

caller

presenceagent watcher

callee

GEOPRIV

SIPpresence

SIPcall

PUBLISHNOTIFY

SUBSCRIBE

INVITE

publicationinterface

notificationinterface

ruleinterface

INVITE

A quick review of DNSA quick review of DNS Thus, globally visible database, with delegated Thus, globally visible database, with delegated

control of contentcontrol of content Replication of DNS servers mandatoryReplication of DNS servers mandatory

at least 2, often moreat least 2, often more automatically synchronizedautomatically synchronized

Robustness by cachingRobustness by caching typically life time of 24 hourstypically life time of 24 hours end system may not notice outage of authoritative serverend system may not notice outage of authoritative server

Host security Host security modification control modification control DNS security (DNSsec) to ensure authenticity of DNS security (DNSsec) to ensure authenticity of

contentcontent

Using DNS for determining Using DNS for determining PSAPsPSAPs

Define new domain, e.g., sos.arpaDefine new domain, e.g., sos.arpa .arpa used for infrastructure functions.arpa used for infrastructure functions

top-level queries done only rarelytop-level queries done only rarely results are cached at clientresults are cached at client

*.us.sos.arpa

*.sos.arpa

*.nj.us.sos.arpa

firedept.leonia.nj.gov

leonia.nj.us.sos.arpa?

Obtaining all sub-regionsObtaining all sub-regions

us.sos.arpa nj.us.sos.

arpa

us.sos.arpus.sos.arpaa

PTPTRR

al.us.sos.arpal.us.sos.arpaa

us.sos.arpus.sos.arpaa

PTPTRR

ak.us.sos.arak.us.sos.arpapa

us.sos.arpus.sos.arpaa

PTPTRR

nj.us.sos.arpnj.us.sos.arpaa

…… PTPTRR

……

CN=usA1=njA2=bergenA3=leonia

nj.us.sos.arpanj.us.sos.arpa PTRPTR sussex.nj.us.sos.arsussex.nj.us.sos.arpapa

nj.us.sos.arpanj.us.sos.arpa PTRPTR passaic.nj.us.sos.arpassaic.nj.us.sos.arpapa

nj.us.sos.arpanj.us.sos.arpa PTRPTR bergen.nj.us.sos.arbergen.nj.us.sos.arpapa

…… PTRPTR ……

What about geo addresses?What about geo addresses? Store one DNS record for Store one DNS record for

each PSAPeach PSAP or whatever the last caller-or whatever the last caller-

visible SIP proxy isvisible SIP proxy is could be state, county, city, … could be state, county, city, …

New POLY resource recordNew POLY resource record Records polygon edges of Records polygon edges of

PSAP service area PSAP service area (longitude-latitude tuples)(longitude-latitude tuples)

Same descent of hierarchySame descent of hierarchy at each level, search all at each level, search all

leaves for matchleaves for match BergenPassaicAtlantic…

Address hidingAddress hiding Some advocate hiding IP addresses of Some advocate hiding IP addresses of

PSAPs (or groups of PSAPs)PSAPs (or groups of PSAPs) Not clear what this meansNot clear what this means

if call made, IP address will be returned in packetsif call made, IP address will be returned in packets Can, however, have different perimetersCan, however, have different perimeters

source address of SIP and audiopackets

Routing layersRouting layers

firewall boundary

Privacy and authenticationPrivacy and authentication Want to ensure privacy of call setup Want to ensure privacy of call setup

informationinformation prevent spoofing of call originsprevent spoofing of call origins

but can’t enforce call authenticationbut can’t enforce call authentication need to authenticate call destinationneed to authenticate call destination

ideally, certificate for PSAPsideally, certificate for PSAPs but initially just verify that reached DNS-but initially just verify that reached DNS-

indicated destinationindicated destination use TLS (SSL), as in httpuse TLS (SSL), as in httpss://:// host certificates widely availablehost certificates widely available

just need a domain name and a credit cardjust need a domain name and a credit card

Testing emergency callsTesting emergency calls Current E911 system has no good way to Current E911 system has no good way to

test 911 reachability without interfering test 911 reachability without interfering with emergency serviceswith emergency services

With VoIP, more distributed system With VoIP, more distributed system more need for testingmore need for testing

Use SIP OPTIONS request Use SIP OPTIONS request route request, route request, but don’t reach call takerbut don’t reach call taker

Also, DNS model allows external Also, DNS model allows external consistency checkingconsistency checking e.g., nationwide 911 testing agencye.g., nationwide 911 testing agency

Open issuesOpen issues Technical (protocol) issues:Technical (protocol) issues:

details of DNS recordsdetails of DNS records top-level DNS domain?top-level DNS domain? how to do testing with minimal impact?how to do testing with minimal impact?

Operational issues:Operational issues: who runs sos.arpa and us.sos.arpa?who runs sos.arpa and us.sos.arpa? export of MSAG information into DNS?export of MSAG information into DNS? will DSL and cable modem carriers provide location will DSL and cable modem carriers provide location

information?information? Funding issues:Funding issues:

use IP-layer funding for 911, not voice servicesuse IP-layer funding for 911, not voice services

ConclusionConclusion Good news:Good news:

VoIP-based 911 is not nearly as hard as Phase VoIP-based 911 is not nearly as hard as Phase II wirelessII wireless

can be leveraged to provide simpler Phase II can be leveraged to provide simpler Phase II services for non-VoIP terminalsservices for non-VoIP terminals

PC-based end system can be maintained as isPC-based end system can be maintained as is use of COTS, across national bordersuse of COTS, across national borders

Challenges:Challenges: cannot simply add one more patch to existing cannot simply add one more patch to existing

circuit-switched 911 systemcircuit-switched 911 system