AN ENCAPSULATION PROTOCOL
This protocol encrypts the IPTV packets as they traverse the cable TV network. In addition to encrypting packets that are destined for IPTV and triple-play users, the BPIþ encapsulation protocol is also used to encrypt other types of protocol information, which is used in the provisioning of cable modems, namely DHCP, Trivial File Transfer Protocol (TFTP), and various types of management messages that are transported via the MAC layer. Note that DOCSIS 3.0 provides stronger network traffic encryption compared to its predecessors through its support for the 128-bit Advanced Encryption Standard (AES) algorithm.
The protocol designed by CableLabs to secure A KEY MANAGEMENT PROTOCOL the distribution of keying data between the CMTS and cable modems is called Baseline Privacy Key Management (BPKM). Standard technologies such as digital certificates and public-key encryption algorithms are used by BPKM tosecure key communications across the HFC network. Note that MAC management messages discussed previously are used to transport the BPKM protocolinformation.
DOCSIS 3.0 uses BPIþ to secure initialization of a cable modem onto the network. The BPIþ security process commences when the modem identifies acommunications channel. At this stage the modem sends an authentication information message to the CMTS. The details contained in this message are described in Table 2.5.Once the authentication information message arrives at the CMTS, it is verifiedand the CMTS responds back to the cable modem using an authorization reply message. This message includes identification details and an encrypted key.
The BPIþ also uses a technique called source address verification to eliminateIP spoofing by in-home networking devices. To enforce this security policy DOCSIS 3.0 specifies that any network packets that originate from a device whoseIP source address has not been assigned by the IPTV service provider is discarded.
EuroDOCSIS The European cable industry has developed its ownstandards for high speed data transfer across a cable TV network. For the most partthe technical details follow the DOCSIS system very closely. The primary difference between the two standards is the difference in channel widths. European cable Structure of BPIþ Authentication Information Message Item of Information Purpose Identifiers The identifiers include the cable modems hardware address and details about the manufacturer.
Public key This security component is incorporated into the device during manufacturing.
Digital certificate The use of a digital certificate allows the modem to be authenticated by the CMTS and restricts network access to authorized devices. Digital certificates are supplied to “trusted vendors”who incorporate it into DOCSIS modems during manufacturing.
Cryptographic algorithm descriptor This provides the CMTS with information on the authentication and data encryption algorithms supported by the cable modem.
Security association identifier (SAID) This item of information identifies the security information, which is shared between theCMTS and one or more of its client cablemodems.
This protocol encrypts the IPTV packets as they traverse the cable TV network. In addition to encrypting packets that are destined for IPTV and triple-play users, the BPIþ encapsulation protocol is also used to encrypt other types of protocol information, which is used in the provisioning of cable modems, namely DHCP, Trivial File Transfer Protocol (TFTP), and various types of management messages that are transported via the MAC layer. Note that DOCSIS 3.0 provides stronger network traffic encryption compared to its predecessors through its support for the 128-bit Advanced Encryption Standard (AES) algorithm.
The protocol designed by CableLabs to secure A KEY MANAGEMENT PROTOCOL the distribution of keying data between the CMTS and cable modems is called Baseline Privacy Key Management (BPKM). Standard technologies such as digital certificates and public-key encryption algorithms are used by BPKM tosecure key communications across the HFC network. Note that MAC management messages discussed previously are used to transport the BPKM protocolinformation.
DOCSIS 3.0 uses BPIþ to secure initialization of a cable modem onto the network. The BPIþ security process commences when the modem identifies acommunications channel. At this stage the modem sends an authentication information message to the CMTS. The details contained in this message are described in Table 2.5.Once the authentication information message arrives at the CMTS, it is verifiedand the CMTS responds back to the cable modem using an authorization reply message. This message includes identification details and an encrypted key.
The BPIþ also uses a technique called source address verification to eliminateIP spoofing by in-home networking devices. To enforce this security policy DOCSIS 3.0 specifies that any network packets that originate from a device whoseIP source address has not been assigned by the IPTV service provider is discarded.
EuroDOCSIS The European cable industry has developed its ownstandards for high speed data transfer across a cable TV network. For the most partthe technical details follow the DOCSIS system very closely. The primary difference between the two standards is the difference in channel widths. European cable Structure of BPIþ Authentication Information Message Item of Information Purpose Identifiers The identifiers include the cable modems hardware address and details about the manufacturer.
Public key This security component is incorporated into the device during manufacturing.
Digital certificate The use of a digital certificate allows the modem to be authenticated by the CMTS and restricts network access to authorized devices. Digital certificates are supplied to “trusted vendors”who incorporate it into DOCSIS modems during manufacturing.
Cryptographic algorithm descriptor This provides the CMTS with information on the authentication and data encryption algorithms supported by the cable modem.
Security association identifier (SAID) This item of information identifies the security information, which is shared between theCMTS and one or more of its client cablemodems.
0 comments:
Post a Comment