April 26, 2004April 26, 2004 Critical Issues Forum (Baltimore)Critical Issues Forum (Baltimore) 11

An Architecture for Next-An Architecture for Next-Generation Emergency Generation Emergency

ServicesServices

Henning SchulzrinneHenning SchulzrinneColumbia UniversityColumbia University

April 26, 2004April 26, 2004 22

OverviewOverview

How does VoIP differ from landline and wireless How does VoIP differ from landline and wireless PSTN?PSTN?

Getting from here to there: I1, I2 and I3Getting from here to there: I1, I2 and I3 IETF effortsIETF efforts

statusstatus assumptionsassumptions

Common URL for emergency servicesCommon URL for emergency services Routing emergency callsRouting emergency calls Common location formatCommon location format Configuration of local emergency call numbersConfiguration of local emergency call numbers Security issuesSecurity issues

April 26, 2004April 26, 2004 33

PSTN vs. Internet TelephonyPSTN vs. Internet Telephony

Signaling & Media Signaling & Media

Signaling Signaling

Media

PSTN:

Internettelephony:

China

Belgian customer,currently visiting US

Australia

April 26, 2004April 26, 2004 44

SIP trapezoidSIP trapezoid

SIP trapezoid

outbound proxy

a@foo.com: 128.59.16.1

registrar

1st request

2nd, 3rd, … request

voice trafficRTP

destination proxy(identified by SIP URI domain)

April 26, 2004April 26, 2004 55

SIP addressingSIP addressing

Users identified by SIP or tel URIsUsers identified by SIP or tel URIs sip:alice@example.comsip:alice@example.com

tel: URIs describe E.164 number, not tel: URIs describe E.164 number, not dialed digits (RFC 2806bis)dialed digits (RFC 2806bis)

tel URIs tel URIs SIP URIs by outbound proxy SIP URIs by outbound proxy A person can have any number of SIP A person can have any number of SIP

URIsURIs The same SIP URI can reach many The same SIP URI can reach many

different phones, in different networksdifferent phones, in different networks sequential & parallel forkingsequential & parallel forking

SIP URIs can be created dynamically:SIP URIs can be created dynamically: GRUUsGRUUs conferencesconferences device identifiers device identifiers

(sip:foo@128.59.16.15)(sip:foo@128.59.16.15) Registration binds SIP URIs (e.g., Registration binds SIP URIs (e.g.,

device addresses) to SIP “address-of-device addresses) to SIP “address-of-record” (AOR)record” (AOR)

tel:110 sip:sos@domain

domain 128.59.16.17via NAPTR + SRV

April 26, 2004April 26, 2004 66

How does VoIP differ from How does VoIP differ from landline and wireless PSTN?landline and wireless PSTN?

Telephone companies are no Telephone companies are no longer neededlonger needed there are still carriers for DSL and there are still carriers for DSL and

cable “IP dial tone”cable “IP dial tone” but unaware of type of data but unaware of type of data

carriedcarried VSP may be in another state or VSP may be in another state or

countrycountry Corporations and universities Corporations and universities

don’t have email carriers, eitherdon’t have email carriers, either

voice service provider

(RTP, SIP)

ISP(IP, DHCP, DNS)

dark fiberprovider

Yahoo

MC

IN

YSER

NE

T

April 26, 2004April 26, 2004 77

Why is VoIP ≠ wireless?Why is VoIP ≠ wireless? VoIP devices may not have phone VoIP devices may not have phone

numbers as lookup keysnumbers as lookup keys e.g., sip:hgs@cs.columbia.edue.g., sip:hgs@cs.columbia.edu

Location information for devices is civic, Location information for devices is civic, not longitude/latitudenot longitude/latitude e.g., service address for VSPse.g., service address for VSPs GPS not available (nor functional) on indoor GPS not available (nor functional) on indoor

devicesdevices plus, accuracy of 50 m (67%) or 150 m spans plus, accuracy of 50 m (67%) or 150 m spans

many buildings…many buildings… no floor informationno floor information

Cell phones don’t work in our building…Cell phones don’t work in our building… so A-GPS is unlikely to work there, eitherso A-GPS is unlikely to work there, either

Plus, wireless E911 complexity due to old Plus, wireless E911 complexity due to old signaling mechanismsignaling mechanism

50m

April 26, 2004April 26, 2004 88

IETF effortsIETF efforts

IETF = Internet Engineering Task ForceIETF = Internet Engineering Task Force ““The Internet Engineering Task Force The Internet Engineering Task Force (IETF)(IETF) is is

a large open international community of a large open international community of network designers, operators, vendors, and network designers, operators, vendors, and researchers concerned with the evolution of researchers concerned with the evolution of the Internet architecture and the smooth the Internet architecture and the smooth operation of the Internet. It is open to any operation of the Internet. It is open to any interested individual.”interested individual.”

Efforts on 911 services go back to 2001, …Efforts on 911 services go back to 2001, … but only recent high-impact effortsbut only recent high-impact efforts individuals working both in NENA and IETF individuals working both in NENA and IETF

WGsWGs

April 26, 2004April 26, 2004 99

Current IETF draftsCurrent IETF drafts

draft-taylor-sipping-emerg-scen-01draft-taylor-sipping-emerg-scen-01 scenarios, e.g., hybrid VoIP-PSTNscenarios, e.g., hybrid VoIP-PSTN

draft-schulzrinne-sipping-emergency-arch-00draft-schulzrinne-sipping-emergency-arch-00 overall architecture for emergency callingoverall architecture for emergency calling

draft-ietf-sipping-sos-00draft-ietf-sipping-sos-00 describes ‘sos’ SIP URIdescribes ‘sos’ SIP URI

draft-rosen-dns-sos-00draft-rosen-dns-sos-00 new DNS resource records for location mappingnew DNS resource records for location mapping

April 26, 2004April 26, 2004 1010

Three stages to VoIP 911Three stages to VoIP 911spec. spec. availableavailable??

use 10-use 10-digit digit admin. admin. numbernumber??

mobilitymobility callbaccallbackk

numbenumber to r to PSAP?PSAP?

callercaller

locatiolocation to n to PSAP?PSAP?

PSAPPSAP

modificatmodificationion

ALI (DB)ALI (DB)

modificationmodificationnew servicesnew services

I1I1 nownow allowedallowed stationarstationaryy

nono nono nono nono nonenone

I2I2 Dec. Dec. 20042004

nono stationarstationaryy

nomadicnomadic

yesyes yesyes no (8 or no (8 or 10 digit)10 digit)

updateupdate nonenone

I3I3 late late 20042004

nono stationarstationaryy

nomadicnomadic

mobilemobile

yesyes yesyes IP-IP-enabledenabled

ALI not ALI not neededneeded

MSAG MSAG replaced by replaced by DNSDNS

location in-location in-bandband

GNPGNP

multimediamultimedia

international international callscalls

April 26, 2004April 26, 2004 1111

Architectural assumptions and Architectural assumptions and goals for I3goals for I3

SIP-based for interchangeSIP-based for interchange other protocols (e.g., H.323) via gatewayother protocols (e.g., H.323) via gateway

avoid complexity of multiple protocols everywhereavoid complexity of multiple protocols everywhere H.248/MGCP not used for interdomain signaling H.248/MGCP not used for interdomain signaling not not

needed hereneeded here InternationalInternational

devices bought anywhere can make emergency calls devices bought anywhere can make emergency calls anywhereanywhere

limit biases in address formats, languages, …limit biases in address formats, languages, … avoid built-in bias for “911” or “112” (mostly)avoid built-in bias for “911” or “112” (mostly) use term “ECC” (emergency call center) instead of “PSAP” use term “ECC” (emergency call center) instead of “PSAP”

MultimediaMultimedia support non-audio media if available in PSAPsupport non-audio media if available in PSAP e.g., images or video for situational awarenesse.g., images or video for situational awareness

April 26, 2004April 26, 2004 1212

Goals, cont’d.Goals, cont’d.

Support other communications modesSupport other communications modes IMIM maybe email latermaybe email later

Support access for callers with disabilitiesSupport access for callers with disabilities real-time textreal-time text video for sign languagevideo for sign language

Easy access to external dataEasy access to external data hazmat recordshazmat records sensor data (collision data, video images, …)sensor data (collision data, video images, …)

April 26, 2004April 26, 2004 1313

Architecture componentsArchitecture components

1.1. Common URL for emergency callsCommon URL for emergency calls

2.2. Convey local emergency number to Convey local emergency number to devicesdevices

3.3. Allow devices to obtain their Allow devices to obtain their locationlocation

4.4. Route calls to right destinationRoute calls to right destination

April 26, 2004April 26, 2004 1414

Component 1: Common URL Component 1: Common URL for emergency servicesfor emergency services

Emergency numbers may be dialed from Emergency numbers may be dialed from many different placesmany different places about 60 (national) different emergency service about 60 (national) different emergency service

numbers in the worldnumbers in the world many are used for other services elsewhere (e.g., many are used for other services elsewhere (e.g.,

directory assistance)directory assistance) End systems, proxies and gateways should End systems, proxies and gateways should

be able to tell easily that a call is an be able to tell easily that a call is an emergency callemergency call

Thus, need common identifier for callsThus, need common identifier for calls

April 26, 2004April 26, 2004 1515

Common URL for emergency Common URL for emergency callscalls

IETF draft suggests “sip:sos@home-IETF draft suggests “sip:sos@home-domain”domain” home-domain: domain of callerhome-domain: domain of caller

Can be recognized by proxies along the Can be recognized by proxies along the wayway short cut to emergency infrastructureshort cut to emergency infrastructure

If not, it reaches home proxy of subscriberIf not, it reaches home proxy of subscriber Call can be routed from there easilyCall can be routed from there easily

global access to routing information (see later)global access to routing information (see later)

April 26, 2004April 26, 2004 1616

Service identificationService identification

In some countries, In some countries, specialized numbers for specialized numbers for police, fire, …police, fire, …

We add SIP protocol We add SIP protocol header that identifies header that identifies call service:call service: Accept-Contact:

* ;service=“sos.mountain”

Generally, not user Generally, not user visiblevisible

sos.firesos.fire fire brigadefire brigade

sos.rescuesos.rescue ambulanceambulance

sos.marinesos.marine marine marine guardguard

sos.policesos.police policepolice

sos.mountasos.mountainin

mountain mountain rescuerescue

sos.testsos.test only testingonly testing

April 26, 2004April 26, 2004 1717

Other call identifiersOther call identifiers

Using SIP caller preferences/callee Using SIP caller preferences/callee capabilitiescapabilities

Caller languagesCaller languages automatically route to PSAP or call taker that automatically route to PSAP or call taker that

speaks Frenchspeaks French Accept-Language: frAccept-Language: fr

Caller media preferencesCaller media preferences automatically route to PSAP or call taker that can automatically route to PSAP or call taker that can

deal with typed textdeal with typed text Accept-Contact: *;text;requireAccept-Contact: *;text;require

April 26, 2004April 26, 2004 1818

Component 2: Translating Component 2: Translating dialed digits dialed digits

Always available: 112 and 911Always available: 112 and 911 Configuration mechanisms:Configuration mechanisms:

SIM cards (GSM phones)SIM cards (GSM phones) XCAP configurationXCAP configuration

local (outbound) proxylocal (outbound) proxy home proxyhome proxy

DNSDNS Default configuration if no other Default configuration if no other

information available:information available: 000, 08, 110, 999, 118 and 119000, 08, 110, 999, 118 and 119

April 26, 2004April 26, 2004 1919

Emergency number Emergency number configuration via DNSconfiguration via DNS

NAPTR 100 10 "u" "SOS" "/110/sips:sos.police@notfall.de/i

de.sos.arpa

country=DEDHCP server

add 110 to list ofemergency dial strings

April 26, 2004April 26, 2004 2020

Translating dialed numbers to Translating dialed numbers to emergency identifiersemergency identifiers

“9-1-1” no.no. URIURI serviceservice

911911 sossos sossos

110110 sossos sos.policesos.police

112112 sossos sos.firesos.fire

On many telephone-like systems, only numbers are available number translation

sips:sos@example.com

April 26, 2004April 26, 2004 2121

GEOPRIV and SIMPLE GEOPRIV and SIMPLE architecturesarchitectures

targetlocationserver

locationrecipient

rulemaker

presentity

caller

presenceagent

watcher

callee

GEOPRIV

SIPpresence

SIPcall

PUBLISHNOTIFY

SUBSCRIBE

INVITE

publicationinterface

notificationinterface

ruleinterface

INVITE

April 26, 2004April 26, 2004 2222

Component 3: Determining Component 3: Determining locationslocations

Conveyed via DHCP from IP-level providerConveyed via DHCP from IP-level provider Formats:Formats:

geospatial (longitude, latitude, altitude or floor)geospatial (longitude, latitude, altitude or floor) civic (country, administrative units, street)civic (country, administrative units, street)

Provider usually knowsProvider usually knows Does not depend on being a voice service providerDoes not depend on being a voice service provider

802.11 triangulation802.11 triangulation GPS (for mobile devices)GPS (for mobile devices) Via configuration protocol (XCAP)Via configuration protocol (XCAP)

relies on VSP having accurate service location relies on VSP having accurate service location informationinformation

User-configured (last resort)User-configured (last resort)

April 26, 2004April 26, 2004 2323

Enhancing DHCP for Enhancing DHCP for locationslocations

use MAC address backtracing to get location informationuse MAC address backtracing to get location information can use existing DHCP servers and clientscan use existing DHCP servers and clients

DHCPserver

458/17 Rm. 815458/18 Rm. 816

DHCP answer:sta=DC loc=Rm815lat=38.89868 long=77.03723

8:0:20:ab:d5:d

CDP + SNMP8:0:20:ab:d5:d 458/17

April 26, 2004April 26, 2004 2424

Conveying location along the Conveying location along the call pathcall path

INVITE sip:sos@example.comFrom: sip:alice@example.comTo: sip:sos@example.comContent-Type: multipart/mixed

<gp:locationinfo><loc:civil> <c:a1>PA</c:a1> <c:a2>University Park</c:a2> <c:zip>10025</c:zip></loc:civil></gp:location-info>

on boot

placing emergency

call

April 26, 2004April 26, 2004 2525

GEOPRIV geospatial formatGEOPRIV geospatial format

GEOPRIV = IETF GEOPRIV = IETF working group working group for geospatial for geospatial privacyprivacy

Location within Location within call signalingcall signaling not ALI not ALI

referencereference Based on GML Based on GML

mark-upmark-up

<?xml version="1.0" encoding="UTF-8"?> <presence xmlns="urn:ietf:params:xml:ns:pidf" xmlns:gp="urn:ietf:params:xml:ns:pidf:geopriv10" xmlns:gml="urn:opengis:specification:gml:schema-xsd:feature:v3.0" entity="pres:geotarget@example.com"> <tuple id="sg89ae"> <timestamp>2003-06-22T20:57:29Z</timestamp> <status> <gp:geopriv> <gp:location-info> <gml:location> <gml:Point gml:id="point96" srsName="epsg:4326"> <gml:coordinates>31:56:00S 115:50:00E</gml:coordinates> </gml:Point> </gml:location> </gp:location-info> <gp:usage-rules> <gp:retransmission-allowed>no</gp:retransmission-allowed> <gp:retention-expiry>2003-06-23T04:57:29Z</gp:retention-expiry> </gp:usage-rules> </gp:geopriv> </status> </tuple> </presence>

April 26, 2004April 26, 2004 2626

GEOPRIV civic formatGEOPRIV civic format

Based on NENA XML Based on NENA XML elementselements

Except internationalized Except internationalized administrative divisions:administrative divisions:

AA11

national subdivisions (state, region, national subdivisions (state, region, province, prefecture)province, prefecture)

AA22

county, parish, gun (JP), district (IN)county, parish, gun (JP), district (IN)

AA33

city, township, shi (JP)city, township, shi (JP)

AA44

city division, borough, city district, ward, city division, borough, city district, ward, chou (JP)chou (JP)

AA55

neighborhood, blockneighborhood, block

AA66

streetstreet

<country>US</country><A1>NJ</A1><A2>Bergen</A2><A3>Leonia</A3><A6>Westview</A6><STS>Ave</STS><HNO>313</HNO><NAM>Schulzrinne</NAM><ZIP>07605-1811</ZIP>

April 26, 2004April 26, 2004 2727

Location-based call routing – Location-based call routing – UA knows its locationUA knows its location

GPS

48° 49' N 2° 29' E

INVITE sips:sos@

DHCP

outboundproxy server

48° 49' N 2° 29' E Paris fire department

April 26, 2004April 26, 2004 2828

Location-based call routing – Location-based call routing – network knows locationnetwork knows location

IP

48° 49' N 2° 29' E

TOA

include locationinfo in 302

INVITE sips:sos@ INVITE sips:sos@paris.gendarme.fr

map location to (SIP) domain

outbound proxy

April 26, 2004April 26, 2004 2929

A quick review of DNSA quick review of DNS

DNS = mapping from hierarchical names to DNS = mapping from hierarchical names to resource recordsresource records commonly, but not necessarily IP addressescommonly, but not necessarily IP addresses

Authoritative server for each domain operated by Authoritative server for each domain operated by domaindomain e.g., columbia.edu server is owned & operated by e.g., columbia.edu server is owned & operated by

Columbia University Columbia University

pc.example.com leonia.nj.uscaches results

leonia.nj.us?

April 26, 2004April 26, 2004 3030

A quick review of DNSA quick review of DNS

Thus, globally visible database, with delegated Thus, globally visible database, with delegated control of contentcontrol of content

Replication of DNS servers mandatoryReplication of DNS servers mandatory at least 2, often moreat least 2, often more automatically synchronizedautomatically synchronized

Robustness by cachingRobustness by caching typically life time of 24 hourstypically life time of 24 hours end system may not notice outage of authoritative serverend system may not notice outage of authoritative server

Host security Host security modification control modification control DNS security (DNSsec) to ensure authenticity of DNS security (DNSsec) to ensure authenticity of

contentcontent

April 26, 2004April 26, 2004 3131

How does the PSAP find the How does the PSAP find the caller’s location?caller’s location?

Largest difference to existing E911 systemLargest difference to existing E911 system In-band, as part of call setupIn-band, as part of call setup

carried in body of setup messagecarried in body of setup message rather than by reference into external databaserather than by reference into external database

May be updated during callMay be updated during call moving vehiclesmoving vehicles late availability of information (GPS acquisition late availability of information (GPS acquisition

delay)delay) Also possible: subscribe to location information Also possible: subscribe to location information

April 26, 2004April 26, 2004 3232

Using DNS for determining Using DNS for determining PSAPsPSAPs

Define new domain, e.g., sos.arpaDefine new domain, e.g., sos.arpa .arpa used for infrastructure functions.arpa used for infrastructure functions

top-level queries done only rarelytop-level queries done only rarely results are cached at clientresults are cached at client

*.us.sos.arpa

*.sos.arpa

*.nj.us.sos.arpa

firedept.leonia.nj.gov

leonia.nj.us.sos.arpa?

April 26, 2004April 26, 2004 3333

Obtaining all sub-regionsObtaining all sub-regions

us.sos.arpa nj.us.sos.

arpa

us.sos.arpus.sos.arpaa

PTPTRR

al.us.sos.arpal.us.sos.arpaa

us.sos.arpus.sos.arpaa

PTPTRR

ak.us.sos.arak.us.sos.arpapa

us.sos.arpus.sos.arpaa

PTPTRR

nj.us.sos.arpnj.us.sos.arpaa

…… PTPTRR

……

CN=usA1=njA2=bergenA3=leonia

nj.us.sos.arpanj.us.sos.arpa PTRPTR sussex.nj.us.sos.arsussex.nj.us.sos.arpapa

nj.us.sos.arpanj.us.sos.arpa PTRPTR passaic.nj.us.sos.arpassaic.nj.us.sos.arpapa

nj.us.sos.arpanj.us.sos.arpa PTRPTR bergen.nj.us.sos.arbergen.nj.us.sos.arpapa

…… PTRPTR ……

April 26, 2004April 26, 2004 3434

What about geo addresses?What about geo addresses?

Store one DNS record for each Store one DNS record for each PSAPPSAP or whatever the last caller-or whatever the last caller-

visible SIP proxy isvisible SIP proxy is could be state, county, city, … could be state, county, city, …

Point to record containing PSAP Point to record containing PSAP boundaryboundary retrieved via HTTP (web)retrieved via HTTP (web) cached as neededcached as needed

Records polygon edges of PSAP Records polygon edges of PSAP service area (longitude-latitude service area (longitude-latitude tuples)tuples)

Same descent of hierarchySame descent of hierarchy at each level, search all leaves at each level, search all leaves

for matchfor match

BergenPassaicAtlantic…

April 26, 2004April 26, 2004 3535

Address hidingAddress hiding Some advocate hiding IP addresses of PSAPs Some advocate hiding IP addresses of PSAPs

(or groups of PSAPs)(or groups of PSAPs) Not clear what this meansNot clear what this means

if call made, IP address will be returned in packetsif call made, IP address will be returned in packets Can, however, have different perimetersCan, however, have different perimeters

source address of SIP and audiopackets

April 26, 2004April 26, 2004 3636

Routing layersRouting layers

firewall boundary

April 26, 2004April 26, 2004 3737

Privacy and authenticationPrivacy and authentication

Want to ensure privacy of call setup Want to ensure privacy of call setup informationinformation

prevent spoofing of call originsprevent spoofing of call origins but can’t enforce call authenticationbut can’t enforce call authentication

need to authenticate call destinationneed to authenticate call destination ideally, certificate for PSAPsideally, certificate for PSAPs but initially just verify that reached DNS-but initially just verify that reached DNS-

indicated destinationindicated destination use TLS (SSL), as in httpuse TLS (SSL), as in httpss://:// host certificates widely availablehost certificates widely available

just need a domain name and a credit cardjust need a domain name and a credit card

April 26, 2004April 26, 2004 3838

Testing emergency callsTesting emergency calls

Current E911 system has no good way to Current E911 system has no good way to test 911 reachability without interfering test 911 reachability without interfering with emergency serviceswith emergency services

With VoIP, more distributed system With VoIP, more distributed system more need for testingmore need for testing

Use SIP OPTIONS request Use SIP OPTIONS request route request, route request, but don’t reach call takerbut don’t reach call taker

Also, DNS model allows external Also, DNS model allows external consistency checkingconsistency checking e.g., nationwide 911 testing agencye.g., nationwide 911 testing agency

April 26, 2004April 26, 2004 3939

Open issuesOpen issues

Technical (protocol) issues:Technical (protocol) issues: details of DNS recordsdetails of DNS records top-level DNS domain?top-level DNS domain? how to do testing with minimal impact?how to do testing with minimal impact?

Operational issues:Operational issues: who runs sos.arpa and us.sos.arpa?who runs sos.arpa and us.sos.arpa? export of MSAG information into DNS?export of MSAG information into DNS? will DSL and cable modem carriers provide location will DSL and cable modem carriers provide location

information?information? Funding issues:Funding issues:

use IP-layer funding for 911, not voice servicesuse IP-layer funding for 911, not voice services

April 26, 2004April 26, 2004 4040

ConclusionConclusion

Good news:Good news: VoIP-based 911 is not nearly as hard as Phase VoIP-based 911 is not nearly as hard as Phase

II wirelessII wireless can be leveraged to provide simpler Phase II can be leveraged to provide simpler Phase II

services for non-VoIP terminalsservices for non-VoIP terminals PC-based end system can be maintained as isPC-based end system can be maintained as is use of COTS, across national bordersuse of COTS, across national borders

Challenges:Challenges: cannot simply add one more patch to existing cannot simply add one more patch to existing

circuit-switched 911 systemcircuit-switched 911 system