Secure Telephone Identity Threat Model
RFC 7375
Internet Engineering Task Force (IETF) J. Peterson
Request for Comments: 7375 NeuStar, Inc.
Category: Informational October 2014
ISSN: 2070-1721
Secure Telephone Identity Threat Model
Abstract
As the Internet and the telephone network have become increasingly
interconnected and interdependent, attackers can impersonate or
obscure calling party numbers when orchestrating bulk commercial
calling schemes, hacking voicemail boxes, or even circumventing
multi-factor authentication systems trusted by banks. This document
analyzes threats in the resulting system, enumerating actors,
reviewing the capabilities available to and used by attackers, and
describing scenarios in which attacks are launched.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7375.
Peterson Informational [Page 1]
RFC 7375 STIR Threats October 2014
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction and Scope ..........................................2
2. Actors ..........................................................4
2.1. Endpoints ..................................................4
2.2. Intermediaries .............................................5
2.3. Attackers ..................................................6
3. Attacks .........................................................6
3.1. Voicemail Hacking via Impersonation ........................7
3.2. Unsolicited Commercial Calling from Impersonated Numbers ...8
3.3. Telephony Denial-of-Service Attacks ........................9
4. Attack Scenarios ...............................................10
4.1. Solution-Specific Attacks .................................11
5. Security Considerations ........................................11
6. Informative References .........................................12
Acknowledgments ...................................................12
Author's Address ..................................................13
1. Introduction and Scope
As is discussed in the STIR problem statement [RFC7340] (where "STIR"
refers to the Secure Telephone Identity Revisited working group), the
primary enabler of robocalling, vishing, swatting, and related
attacks is the capability to impersonate a calling party number. The
starkest examples of these attacks are cases where automated callees
on the Public Switched Telephone Network (PSTN) rely on the calling
number as a security measure, for example, to access a voicemail
system. Robocallers use impersonation as a means of obscuring
identity. While robocallers can, in the ordinary PSTN, block (that
is, withhold) their calling number from presentation, callees are
less likely to pick up calls from blocked identities; therefore,
appearing to call from some number, any number, is preferable.
Peterson Informational [Page 2]
RFC 7375 STIR Threats October 2014
However, robocallers prefer not to call from a number that can trace
back to the them, so they impersonate numbers that are not assigned
to them.
The scope of impersonation in this threat model pertains solely to
the rendering of a calling telephone number to a callee (human user
or automaton) at the time of call setup. The primary attack vector
is therefore one where the attacker contrives for the calling
telephone number in signaling to be a chosen number. In this attack,
Show full document text