     
Title:              ULCS Address Verification 
PDR Reference:                99040002 
Originator Reference:         ONS-SV4-01
SARPs Document Reference:     Doc. 9705, 4.3.3.4.1.2.1(b) 
Status:                  REJECTED
Severity:                n/a
PDR Revision Date:       19/04/99 (SUBMITTED -> REJECTED) 
PDR Submission Date:          02/04/99
Submitting State/Organization:     USA 
Submitting Author Name:       Moulton, James
Submitting Author E-mail Address:  moulton@ons.com 
Submitting Author Supplemental Contact Information:
          22636 Glenn Drive Suite 305
          Sterling, VA 20164
          USA
SARPs Date:              First edition - 1998 
SARPs Language:               English
     
Summary of Defect:
Sub-volume IV does not utilize the calling address information passed as 
part of the P-CONNECT.ind primitive in verifying the calling address found 
in the AARQ.
When an AARQ is generated, the calling peer-id may be present.  If that 
information is present in the pdu, it is not verified against any 
addressing information passed in the establishment of the connection.  This 
allows a user to masquerade as someone else.
     
Assigned SME:            SME 4 (A. Kerr)
     
Proposed SARPs amendment:
Add to 4.3.3.4.1.2.1(b) verify that the id is consistent with the PSAP 
address of the calling system.
     
SME Analysis:
The flexibility as described is intentional.  There is not necessarily a 
one-to-one relationship between calling peer id and calling PSAP address. 
For example, there could be multiple redundant systems sequentially using 
the same PSAP, or peer-id can be used without Sys-id to refer to all 
applications of a given type at a given location.  Also, the responder does 
not necessarily know the full peer-id/Sys-id of the association initiator, 
therefore is not always able to perform the suggested check.
WG3/SG3 Palo Alto Apr 99: There are no security provisions in Package 1. 
Implementations are free to perform additional checking if they wish.  Peer 
entity authentication in Package 2 will provide the required counter to 
masquerade attacks.  Additional guidance material to be added to expand on 
the above analysis.
     
Impact on Interoperability:
No effect on bits-on-the-wire.  The additional proposed check could in some 
cases lead to denial of service.
     
SME Recommendation to CCB:    REJECTED
     
CCB Decision:       n/a (REJECTED, with additional guidance)