| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
Dear Colleagues, I collected a little more info on the DOCSIS and DPoE security:
The data plane in DOCSIS uses two encryption keys — the data plane key (Traffic Encryption Key) and another to encrypt that key. The key length of the Traffic Encryption Key (TEK) is dependent
on the cipher algorithm used and may be 40 bits (40 bit DES), 56 bits (56 bit DES), or 128 bits (CBC mode AES128). The next spec release will include support for 256 bit (CBC mode AES256, but that is a post silicon development add to the spec, and only a MAY
normatively, so I suspect will not be implemented any time soon. The TEK is transmitted by the CMTS to the CM and is encrypted using two-key 3DES (so 2x 56-bits; in implementation, that may actually be the same key twice). One thing that is really cool in
DOCSIS is a hitless key rotation mechanism that is described in section 10.1 of DOCSIS SECv4.0.
DPoE
DPoE only uses AES128 (and I don't think we specify the mode). So its key length is 128 bits. Key exchange varies depending on whether the DPoE ONU is operating in 1Down, 10Down, or 10Bi. This
is defined in section 7 of DPoE SEC v2.0 (I didn't look today at v1.0). I believe in 1Down and 10Down the D-ONU sends the 128 bit session key in the clear to the DPoE system — this is unnecessarily insecure and not a good approach. In 10Bi, the MACSec Key
Agreement (MKA) protocol defined in 802.1x is used.
Management
There are other key exchanges used to support each of the management protocols, and we've allowed selection of a range of ciphers which use either 128 bit or 256 bit keys.
From: Glen Kramer <glen.kramer@xxxxxxxxxxxx> Attached are the slides we used to guide the discussion on the call. Thank you all who attended for providing feedback Glen From: Curtis Knittle <C.Knittle@xxxxxxxxxxxxx>
All, Reminder that we’re starting the consensus call now. -----Original Appointment----- Curtis Knittle (CableLabs) is inviting you to a scheduled Zoom meeting. CableLabs meeting requests should include a GRIP to identify the goals, the roles, the behavioral expectations and the process/agenda that will be followed. See below for details: (G)oals of this meeting: (R)oles for the participants: (I)nterpersonal norms: (P)rocess/Agenda: CableLabs Secure Zoom Meeting https://cablelabs.zoom.us/j/96581234470?pwd=Wm1Iemg2VVdsanRBcGx6MVdpaGJBUT09 Meeting ID: 965 8123 4470 Password: 190805 CableLabs is hosting this Secure Virtual Meeting for invited participants. See the options below to join this secure meeting. Zoom Client: For a full-featured and fully encrypted connection, use the above link to join the meeting via your Zoom client. Browser-Only: Use the link below to "join from your browser" if you do NOT wish to download or utilize the Zoom client. https://zoom.us/wc/join/96581234470# Audio-Only Dial-In: Use the available phone numbers. You will be prompted for the meeting ID and password before joining. One tap mobile +17209289299,,96581234470#,,#,190805# US (Denver) +16699006833,,96581234470#,,#,190805# US (San Jose) Dial by your location +1 720 928 9299 US (Denver) +1 669 900 6833 US (San Jose) +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +91 22 48 798 004 India Password: 190805 Find your local number:
https://cablelabs.zoom.us/u/awd9a6aif Join by SIP: Connect via audio-only from an remote conference room system. Join by H.323: Connect via full audio and video from a remote video conference room system. 162.255.37.11 (US West) 162.255.36.11 (US East) 69.174.57.160 (Canada) Password: 190805 Join by Skype for Business: Use this link to connect. You will need to initially start video in order to be prompted for the meeting password. https://cablelabs.zoom.us/skype/96581234470 For more information on CableLabs Secure Virtual Meeting go to: To unsubscribe from the STDS-1904-4-TF list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-1904-4-TF&A=1 |