Secure Telephone Identity Threat Model
RFC 7375
Document | Type | RFC - Informational (October 2014; No errata) | |
---|---|---|---|
Author | Jon Peterson | ||
Last updated | 2015-10-14 | ||
Replaces | draft-peterson-stir-threats | ||
Stream | Internet Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Robert Sparks | ||
Shepherd write-up | Show (last changed 2014-06-13) | ||
IESG | IESG state | RFC 7375 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Richard Barnes | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) J. Peterson Request for Comments: 7375 NeuStar, Inc. Category: Informational October 2014 ISSN: 2070-1721 Secure Telephone Identity Threat Model Abstract As the Internet and the telephone network have become increasingly interconnected and interdependent, attackers can impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes, or even circumventing multi-factor authentication systems trusted by banks. This document analyzes threats in the resulting system, enumerating actors, reviewing the capabilities available to and used by attackers, and describing scenarios in which attacks are launched. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7375. Peterson Informational [Page 1] RFC 7375 STIR Threats October 2014 Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction and Scope ..........................................2 2. Actors ..........................................................4 2.1. Endpoints ..................................................4 2.2. Intermediaries .............................................5 2.3. Attackers ..................................................6 3. Attacks .........................................................6 3.1. Voicemail Hacking via Impersonation ........................7 3.2. Unsolicited Commercial Calling from Impersonated Numbers ...8 3.3. Telephony Denial-of-Service Attacks ........................9 4. Attack Scenarios ...............................................10 4.1. Solution-Specific Attacks .................................11 5. Security Considerations ........................................11 6. Informative References .........................................12 Acknowledgments ...................................................12 Author's Address ..................................................13 1. Introduction and Scope As is discussed in the STIR problem statement [RFC7340] (where "STIR" refers to the Secure Telephone Identity Revisited working group), the primary enabler of robocalling, vishing, swatting, and related attacks is the capability to impersonate a calling party number. The starkest examples of these attacks are cases where automated callees on the Public Switched Telephone Network (PSTN) rely on the calling number as a security measure, for example, to access a voicemail system. Robocallers use impersonation as a means of obscuring identity. While robocallers can, in the ordinary PSTN, block (that is, withhold) their calling number from presentation, callees are less likely to pick up calls from blocked identities; therefore, appearing to call from some number, any number, is preferable. Peterson Informational [Page 2] RFC 7375 STIR Threats October 2014 However, robocallers prefer not to call from a number that can trace back to the them, so they impersonate numbers that are not assigned to them. The scope of impersonation in this threat model pertains solely to the rendering of a calling telephone number to a callee (human user or automaton) at the time of call setup. The primary attack vector is therefore one where the attacker contrives for the calling telephone number in signaling to be a chosen number. In this attack,Show full document text