Secure Telephone Identity Threat Model
RFC 7375

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

• Versions
• 00
• 01
• 02
• 03
• 04

Document	Type		RFC - Informational (October 2014; No errata) Was draft-ietf-stir-threats (stir WG)
	Last updated		2015-10-14
	Replaces		draft-peterson-stir-threats
	Stream		IETF
	Formats		plain text pdf html bibtex
	Reviews		GENART Last Call Review (of -03): Ready
Stream	WG state		Submitted to IESG for Publication (wg milestone: Nov 2013 - Submit threat model ... )
	Document shepherd		Robert Sparks
	Shepherd write-up		Show (last changed 2014-06-13)
IESG	IESG state		RFC 7375 (Informational)
	Consensus Boilerplate		Yes
	Telechat date
	Responsible AD		Richard Barnes
	Send notices to		(None)
IANA	IANA review state		Version Changed - Review Needed
	IANA action state		No IC

Internet Engineering Task Force (IETF)                       J. Peterson
Request for Comments: 7375                                 NeuStar, Inc.
Category: Informational                                     October 2014
ISSN: 2070-1721

                 Secure Telephone Identity Threat Model

Abstract

   As the Internet and the telephone network have become increasingly
   interconnected and interdependent, attackers can impersonate or
   obscure calling party numbers when orchestrating bulk commercial
   calling schemes, hacking voicemail boxes, or even circumventing
   multi-factor authentication systems trusted by banks.  This document
   analyzes threats in the resulting system, enumerating actors,
   reviewing the capabilities available to and used by attackers, and
   describing scenarios in which attacks are launched.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7375.

Peterson                      Informational                     [Page 1]
RFC 7375                      STIR Threats                  October 2014

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction and Scope ..........................................2
   2. Actors ..........................................................4
      2.1. Endpoints ..................................................4
      2.2. Intermediaries .............................................5
      2.3. Attackers ..................................................6
   3. Attacks .........................................................6
      3.1. Voicemail Hacking via Impersonation ........................7
      3.2. Unsolicited Commercial Calling from Impersonated Numbers ...8
      3.3. Telephony Denial-of-Service Attacks ........................9
   4. Attack Scenarios ...............................................10
      4.1. Solution-Specific Attacks .................................11
   5. Security Considerations ........................................11
   6. Informative References .........................................12
   Acknowledgments ...................................................12
   Author's Address ..................................................13

1.  Introduction and Scope

   As is discussed in the STIR problem statement [RFC7340] (where "STIR"
   refers to the Secure Telephone Identity Revisited working group), the
   primary enabler of robocalling, vishing, swatting, and related
   attacks is the capability to impersonate a calling party number.  The
   starkest examples of these attacks are cases where automated callees
   on the Public Switched Telephone Network (PSTN) rely on the calling
   number as a security measure, for example, to access a voicemail
   system.  Robocallers use impersonation as a means of obscuring
   identity.  While robocallers can, in the ordinary PSTN, block (that
   is, withhold) their calling number from presentation, callees are
   less likely to pick up calls from blocked identities; therefore,
   appearing to call from some number, any number, is preferable.

Peterson                      Informational                     [Page 2]
RFC 7375                      STIR Threats                  October 2014

   However, robocallers prefer not to call from a number that can trace
   back to the them, so they impersonate numbers that are not assigned
   to them.

   The scope of impersonation in this threat model pertains solely to
   the rendering of a calling telephone number to a callee (human user

Show full document text