Secure Telephone Identity Threat Model
RFC 7375

Document Type RFC - Informational (October 2014; No errata)
Last updated 2015-10-14
Replaces draft-peterson-stir-threats
Stream IETF
Formats plain text pdf html bibtex
Stream WG state Submitted to IESG for Publication Nov 2013
Document shepherd Robert Sparks
Shepherd write-up Show (last changed 2014-06-13)
IESG IESG state RFC 7375 (Informational)
Consensus Boilerplate Yes
Telechat date
Responsible AD Richard Barnes
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
Internet Engineering Task Force (IETF)                       J. Peterson
Request for Comments: 7375                                 NeuStar, Inc.
Category: Informational                                     October 2014
ISSN: 2070-1721

                 Secure Telephone Identity Threat Model

Abstract

   As the Internet and the telephone network have become increasingly
   interconnected and interdependent, attackers can impersonate or
   obscure calling party numbers when orchestrating bulk commercial
   calling schemes, hacking voicemail boxes, or even circumventing
   multi-factor authentication systems trusted by banks.  This document
   analyzes threats in the resulting system, enumerating actors,
   reviewing the capabilities available to and used by attackers, and
   describing scenarios in which attacks are launched.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7375.

Peterson                      Informational                     [Page 1]
RFC 7375                      STIR Threats                  October 2014

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction and Scope ..........................................2
   2. Actors ..........................................................4
      2.1. Endpoints ..................................................4
      2.2. Intermediaries .............................................5
      2.3. Attackers ..................................................6
   3. Attacks .........................................................6
      3.1. Voicemail Hacking via Impersonation ........................7
      3.2. Unsolicited Commercial Calling from Impersonated Numbers ...8
      3.3. Telephony Denial-of-Service Attacks ........................9
   4. Attack Scenarios ...............................................10
      4.1. Solution-Specific Attacks .................................11
   5. Security Considerations ........................................11
   6. Informative References .........................................12
   Acknowledgments ...................................................12
   Author's Address ..................................................13

1.  Introduction and Scope

   As is discussed in the STIR problem statement [RFC7340] (where "STIR"
   refers to the Secure Telephone Identity Revisited working group), the
   primary enabler of robocalling, vishing, swatting, and related
   attacks is the capability to impersonate a calling party number.  The
   starkest examples of these attacks are cases where automated callees
   on the Public Switched Telephone Network (PSTN) rely on the calling
   number as a security measure, for example, to access a voicemail
   system.  Robocallers use impersonation as a means of obscuring
   identity.  While robocallers can, in the ordinary PSTN, block (that
   is, withhold) their calling number from presentation, callees are
   less likely to pick up calls from blocked identities; therefore,
   appearing to call from some number, any number, is preferable.

Peterson                      Informational                     [Page 2]
RFC 7375                      STIR Threats                  October 2014

   However, robocallers prefer not to call from a number that can trace
   back to the them, so they impersonate numbers that are not assigned
   to them.

   The scope of impersonation in this threat model pertains solely to
   the rendering of a calling telephone number to a callee (human user
Show full document text