Secure Telephone Identity Threat Model
RFC 7375, “Secure Telephone Identity Threat Model”, is an Informational document published in October 2014 by J. Peterson. The canonical text is published by the RFC Editor.
Abstract
As the Internet and the telephone network have become increasingly interconnected and interdependent, attackers can impersonate or obscure calling party numbers when orchestrating bulk commercial calling schemes, hacking voicemail boxes, or even circumventing multi-factor authentication systems trusted by banks. This document analyzes threats in the resulting system, enumerating actors, reviewing the capabilities available to and used by attackers, and describing scenarios in which attacks are launched.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 7375 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7374 Service Discovery Usage for REsource LOcation And Discovery
- RFC 7376 Problems with Session Traversal Utilities for NAT Long-Term Authentication for Traversal Using Relays around NAT
- RFC 7373 Textual Representation of IP Flow Information Export Abstract Data Types
- RFC 7377 IMAP4 Multimailbox SEARCH Extension
- RFC 7372 Email Authentication Status Codes
- RFC 7378 Trustworthy Location
- RFC 7371 Updates to the IPv6 Multicast Addressing Architecture
- RFC 7379 Problem Statement and Goals for Active-Active Connection at the Transparent Interconnection of Lots of Links Edge