RFC 7375

Secure Telephone Identity Threat Model, October 2014

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Author:
J. Peterson
Stream:
IETF
Source:
stir (rai)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7375

Discuss this RFC: Send questions or comments to the mailing list stir@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7375


Abstract

As the Internet and the telephone network have become increasingly interconnected and interdependent, attackers can impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes, or even circumventing multi-factor authentication systems trusted by banks. This document analyzes threats in the resulting system, enumerating actors, reviewing the capabilities available to and used by attackers, and describing scenarios in which attacks are launched.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search