Canada Launches STB Energy Efficiency Voluntary Agreement
CableLabs is excited about a new initiative announced today in Canada to address energy efficiency of set-top boxes, much like the voluntary agreements that have been established in the US and Europe. The Canadian Energy Efficiency Voluntary Agreement (CEEVA) for Set-top boxes includes the 5 largest Pay TV service providers and covers over 88% of the Pay TV market in Canada. Modeled after the successful Voluntary Agreement (VA) in the US, the Canadian service providers signed up to a very similar set of commitments:
- Beginning in 2017, at least 90% of all new set-top boxes purchased must meet ENERGY STAR version 3 levels (referred to as Tier 1 in the agreement).
- Beginning in 2018, at least 90% of all new set-top boxes purchased must meet more stringent Tier 2 levels as defined in the agreement.
- Signatories are required to submit an annual report by April 1 following each calendar year reporting period to a third-party data aggregator including STBs purchased and received during the reporting period along with their energy consumption.
- All service providers must provide public-facing energy information for the STB models within the scope of the agreement.
- Like the US VA, CEEVA also allows for innovation in the marketplace through a new feature process.
This agreement was the result of collaboration among competitors in the Pay TV space encompassing the cable, satellite, and telco markets, as well as manufacturers, regulators, and utilities. The signatories to date are:
- Cogeco Communications Inc.
- Rogers Communications
- Shaw Communications Inc.
- EchoStar Technologies
As mentioned, regulators and utilities were also involved in the discussions and negotiations. This was initially driven by Natural Resources Canada (NRCan), and also included the Ontario Ministry of Energy, the BC Ministry of Energy and Mines, Quebec’s Ministère de l'Énergie et des Ressources naturelles, and Manitoba’s Department of Growth, Enterprise and Trade. Provincial utilities included BC Hydro, Independent Electricity System Operator, Manitoba Hydro, SaskPower, and Hydro Québec. It was a full house!
Four of the five service provider signatories are cable operators and CableLabs members, and CableLabs provided significant input and support into making this voluntary agreement come to fruition. We were able to contribute our experience with the highly successful Voluntary Agreement Programs in the US, as well as align CEEVA with the US VA to realize an even larger overall benefit to the environment on both sides of the border.
In the first three years of the STB VA in the US, CableLabs has been instrumental in helping the US Pay TV industry reduce energy consumption by 9.3 TWh and avoid 6.5 million metric tons of CO2, and we look forward to helping CEEVA succeed as well!
More information about CEEVA can be found at www.energyefficiency-va.ca.
Voluntary Agreement Will Reduce Total Annual Energy Consumption and Avoid over 100,000 Tonnes of CO2 Annually
Annonce d’un accord relatif à l’efficacité énergétique des décodeurs des fournisseurs de service de télévision par abonnement et des fabricants
Debbie Fitzgerald is a Principal Architect in the Technology Policy department and leads the Energy Efficiency program at CableLabs. You can read more blogs about the Energy Efficiency initiatives at http://www.cablelabs.com/category/energy/.
Network and Service Management – The Missing Piece for NFV
Network Functions Virtualization (NFV) enables telecommunications networks to be implemented in software running on high volume industry standard servers as outlined by network operators in a seminal white paper published in 2012. NFV standards have been under development in the ETSI NFV Industry Specification Group since the early part of 2013. The ETSI NFV work provides the foundation for NFV and is being referenced by standards organizations globally, and new open source software communities have sprung up to accelerate NFV implementation. I’ve written about industry progress on NFV in previous blogs but we still have some way to go before NFV is commonplace in telecommunications networks.
The key pieces of NFV, notably Virtual Network Functions (VNFs) run on industry standard compute platforms – basically datacenters; and must be dynamically configured and connected at scale to deliver tangible value; automation is absolutely vital for success. Cloud players such as Amazon and Facebook have mastered automation within the confines of their proprietary datacenters, and as a result their operations require orders of magnitude fewer people. New products and services appear at the speed of code, and customer self-service is taken for granted. Concepts that exploit automation such as Machine Learning are being applied which is supercharging the ability of cloud operators to optimize their systems and create cool new stuff. We in the telecoms industry need to also become masters of automation or we will be left behind in the inexorable march to a software defined future.
While the ETSI NFV Industry Specification Group has worked very hard on the “nuts and bolts” of NFV with a keen eye on automation (in my book the most important benefit of NFV), the industry hasn’t made much headway on the key pre-requisite: automation of the Operations environment. Collaboration to address this essential capability is vitally important for the industry to remain competitive and deliver what our customers need in the future.
Information Modeling and Network Automation
Two very important industry initiatives are underway that will accelerate progress. The first initiative is to harmonize information modeling approaches across the telecoms industry (standards and open source). Unless Standards Development Organizations (SDOs) in the different network domains align their information modeling approaches, network operators will have to deal with an ever increasing degree of complexity as they seek to create new networks and services based on NFV. The second is a new industry-wide effort to foster collaboration on Networks and Service Management.
Towards achieving these goals, in January 2016, CableLabs hosted the first multi-SDO and Open Source workshop on Information Modeling which was widely regarded as the moment when the industry realized the value of harmonization. Aligning Information Modeling approaches is a critical first step to achieving network automation (see the blog by my colleague Tetsuya Nakamura). Information models are the “templates” needed to orchestrate compute resources into a meaningful configuration. In the cloud environment, these templates are used routinely, and we need to use them as well, but unlike cloud operators who work in a proprietary, mostly homogeneous environment, telecoms network operators work in a heterogeneous environment spanning many different network domains and referencing standards coming from many different SDOs. Applying cloud technologies in such an environment is extremely complex. Fortunately, SDOs and Open Source communities have recognized this challenge and an unprecedented era of cross-industry collaboration is getting underway.
Multi-SDO Collaboration is not simple, or it would be routine. The first barrier is the focus of individual SDOs on a narrow domain. Other barriers are culture and modus-operandi, and leadership teams motivated by agenda and timelines specific to their domain. Not to mention the dreaded IPR which can stymie even the most worthy of collaborations.
Second Multi-SDO Information Modeling Workshop
To build and maintain momentum, Deutsche Telekom hosted the second Multi-SDO Information Modelling workshop in Bonn-Germany last month. I co-chaired the event with Klaus Martiny at Deutsche Telekom and Michael Brenner at GigaSpaces, and my CableLabs colleague Tetsuya Nakamura played a key role in organization. The workshop dovetailed with another milestone event, the first cross-industry workshop on Networks and Service Management organized by Deutsche Telekom which addressed the broader challenges for automating telecoms networks.
Participants from the following organizations presented their views on harmonizing information modeling: 3GPP (SA5), ARIA, Broadband Forum, ETSI NFV, IETF, IISOMI, ITU-T, MEF, NGMN, OASIS/TOSCA, ONF, OSM, OPEN-O, ON.Lab/CORD, and TM-Forum.
The discussions were intense and extremely positive. Clearly the spirit of collaboration and a sense of common purpose are as strong now as they were after the CableLabs hosted first workshop which bodes well for maintaining momentum on alignment. Follow-up collaborative activities are structured around a set of key topics which we identified as high priority to be addressed with named owners from different organizations who will be accountable for progress. A public WiKi has been created for anyone to follow progress. Activities include:
- Looking at Federated Information Models as a way to get to a Common Information Model.
- Aligning nomenclature amongst the different organizations in relation to Information Modeling and Data Modeling.
- Collecting Use Cases and Business Requirements as a way to bind the effort towards a practical goal.
- Creating and maintaining central repositories for the numerous information models and data models in use across the industry together with descriptive meta-data and open source tooling.
Achieving harmonization is vitally important for the industry to enable automation of the NFV operations environment so we are setting an aggressive timescale to build momentum through 2017.
What CableLabs is doing in this space
We have a number of activities around NFV and SDN that we are executing on behalf of MSOs. For example, CableLabs is progressing an intensive study of virtualized provisioning of the cable access network to enable programmability, our NFV/SDN reference platform is based on OPNFV and we are looking ahead to support 5G using an end-to-end virtualized architecture that includes low latency edge compute nodes located at the cable head-end. In addition, we are seeking to accelerate NFV/SDN interoperability through our subsidiary Kyrio which has built an interop lab where vendors can work together with operators to validate interoperability for their SDN and NFV solutions.
The NFV journey is only just beginning and 5G will be the first new wave of technology to be designed from the ground up using NFV and SDN technologies. The cable industry, with our low latency access network, is in a leadership position to advance these technologies for the benefit of MSOs and their customers globally.
Insights from the 50th Consumer Electronics Show #CES2017
This year’s CES was another record breaking event and was well attended by cable industry representatives. The event staff reports over 177,000 people attended to view nearly 2.5 million square feet of exhibit space. Over the next several weeks, analysts and pundits will contemplate the trends and shifts that are ongoing in the industry. In the meantime, here are some thoughts on a few key areas.
Everything is being connected in dozens of ways. Connected everything is going to drive huge bandwidth consumption while also presenting interesting challenges. Wireless connectivity options abound, from traditional WiFi and Bluetooth to a plethora of ecosystem scale consortia options such as ZigBee, ZWave, Thread, and ULE Alliance. Cellular based connectivity is expanding with companies using lightweight modems to easily connect new products such as health device hubs and pet monitors to cloud services. With so many options, however, providing a consistent and securable home and business environment will remain challenging — no one hub will seamlessly connect all the devices and services that are out there, and no one security appliance will keep consumer networks safe.
There is a huge focus on health and wellness, with several hundred companies exhibiting in the Health & Wellness and Fitness & Technology Marketplaces. These focus areas were well exhibited by the large manufacturers such as Samsung, Sony, Intel, and Qualcomm as well. In discussions with product managers, however, it’s clear that we might not have learned too many lessons about the need to secure medical and fitness devices and services. Many vendors continue to integrate minimal security, relying on unsecured Bluetooth connectivity to a hub that often does not leverage any form of strong identity for authentication. Fortunately, the Open Connectivity Foundation will continue to provide a path for addressing this shortfall, and membership in the Foundation significantly increased this week. Moreover, several vendors are leveraging IoTivity which will provide clean paths to secure implementations for connected environments.
Smart, highly connected homes were also a major theme, again with hundreds of vendors showing completely integrated solutions, hubs, and thousands of end devices. Connected lightbulbs remained a continuous and omnipresent idea, as were security systems. However, it’s clear there is not any winning market strategy here yet. With dozens of vendors offering complete solutions and even more offering different controllers, it seems the market is fragmented! On the other hand, Brian Markwalter of CTA advises they expect to see 63% CAGR for the smart home market in 2017. It seems this is a great opportunity for service providers to pave the way to some convergence and integration simplification for home owners.
It’s hard to go to CES and not leave very optimistic about the future. There is so much good stuff coming that is going to impact all of us. From better screens to more agile and secure health care devices to safer cars to anything else you can imagine. And, there are so many ways to add value to mundane items just by connecting them to a network. Given Metcalfe’s law (“the value of a telecommunications network is proportional to the square of the number of connected users of the system”), the value of the cable network appears to be headed for much higher with the growth of so many connected devices. And, it’s clear that we’re going to need all the bandwidth to the home that DOCSIS can bring! Our challenge is ensuring easy and flexible use through good strategies and standards for interoperability and security.
2017 Innovation Predictions
It’s that time of year for me to give my innovation predictions.
My top three predictions for 2017 are:
- Mixed Reality
- IoT Security
- Flexible Displays
Please take a look at the video where I elaborate on these three predictions.
Best wishes for a great year.
It's that time of year for me to give the predictions of the top three innovations coming in 2017. Now, I've been doing these predictions for many many years and actually have a pretty good track record. I've made most, I've missed a few. But also, I like to go out on a limb and give some predictions that kind of, maybe, push the envelope a little bit.
What's the number one prediction for 2017? It's around augmented reality, virtual reality, but more importantly, mixed reality. Mixed reality is really this combination of AR and VR where you actually see data and information that you can act upon. This kind of an experience is going to be really mind-blowing for people. It's really a great opportunity for content creators to think differently about the content they produce but also about the storytelling, the way of telling stories, and the way of making information interesting and actionable. So stay tuned, this is going to be a very exciting area. The first part of the year we're going to see more work in the hardware technologies. As we get into the latter half of the year, it's really going to be exciting to see some of this new content that is going to become available.
What's the second prediction? Second prediction is IoT: the Internet of Things is going to continue to be the hot area for 2017. Now, we've seen this introduction of IoT devices really explode in 2016. But one of the concerns that's really come out is security. The ability for hackers or people who are not friendly to be able to access IoT devices in consumers' homes has really become front-page news. So the question I have is, the technology is there, it's going to continue to expand, it's continued to be interesting. But as an industry, the security area has to be addressed before I predict broad consumer adoption of IoT devices. We're going to see IoT in everything from home security, home monitoring, heating, air conditioning, home appliances. We're also going to see some IoT devices and interesting areas like home health: healthcare devices that allow your doctors to monitor your healthcare, maybe after procedures or whatever, in your home and that just reinforces this one critical area which is around security to make this technology broadly available.
The third area is around display devices. Now, if you go back and you look at my predictions in previous years, I've talked about 3D the year it became a hot issue at some of the trade shows. We've talked about 4K. 4K high dynamic range (HDR) which is broadly going to be just a boon area for this year. In fact in 2016, in going into the holiday season, it became really very prevalent for people to buy these new kinds of TVs. What is left to be done in display technologies? What's left to be done is around flexible displays. Flexible displays being built on new kinds of materials such as this mylar, which is the backing material that's being used in some of the flexible displays that you'll see come available in the first part of 2017. This allows for displays to be manufactured that are one millimeter thick that literally you can attach to your wall as if it were wallpaper. What does this mean for the broad marketplace? When you have that kind of technology -- very low-cost but very flexible -- from the standpoint of how it gets used, we will see flexible displays on TVs as obvious, but also transforming things like whiteboards, collaboration technologies, technologies used in the classroom, advertising displays in retail and billboards. You'll be able to get these kinds of displays at such a low cost that you can literally transform every flat surface you see and turn that into a new kind of display for use of all kinds of ways.
So those are the three predictions for 2017. We have everything from the AR/VR/mixed reality, the Internet of Things, and these new kinds of displays.
Re-Imagining the Classroom Experience
The typical school day is evolving with new advances in technology, much of which depends on broadband connectivity. For many children and young adults, their school day begins in a classroom at a local school; for others, a school day may begin in their living room or sitting at their kitchen table. Wherever a school day begins, imagine having the opportunity for it to end in a different state, in a foreign country, or maybe even on a distant continent.
As a part of the Education Initiative Team at CableLabs and as a parent of children in public schools, I have spent time re-imagining how technology could transform our classrooms. What if we used technology to create a borderless, or even boundless educational experience? What impact could we have? What challenges would we face? What solutions might be possible?
Technology Enables Alternative Learning Experiences
By maximizing the use of technology in the classroom and beyond, endless opportunities and vast educational experiences are possible. Technology can enable traditionally schooled, homeschooled, and remote learners to join in on classroom lessons. Video communication, and potentially newer experiences offered by augmented and virtual reality solutions, can offer the ultimate virtual field trip for classrooms and schools of any size. Instead of the required reading assignments that we are all used to, e.g. read this book, write this essay, imagine high school classrooms where an alternative learning experience is assigned to supplement the required reading. For example, a teacher could coordinate a live video conference session with an author as an engaged interactive experience for students.
Newer technology and broadband connectivity, including next generation solutions such as DOCSIS® 3.1 and Full Duplex DOCSIS® 3.1, can leverage multi-location learning and collaboration. Students in the United States can participate in the global community with students from other countries, thus creating opportunities to gain knowledge of other cultures, economic strata, and quality of life. By expanding the scope and perspective of knowledge students gain from alternative learning experiences, we can develop capacity for compassion. Could the use of this technology allow us to provide a broader frame of reference for education and gear outward focus for the next generation to be successful on a global level? Could a greater international perspective in the classroom administer opportunities to solve real world issues and ultimately empower our children through project based learning and problem solving?
Utilization of video conferencing in schools is not a new concept. In fact, many schools have embraced the technology to create alternative learning situations. For example, through Skype Collaborations, teachers in Kansas learned about a water crisis in Nairobi that prevents students from coming to school. Within their science, math, and social studies classes, students in Kansas learn about the Nairobi community, the living conditions, and the resources needed to fix the water crisis faced by the school. Shortly after hearing about their circumstances, the students and teachers of the Kansas school set a goal to help the children of Nairobi get back to their classroom. By Skyping with representatives from Life Straw, the students learned about water filtration systems and how to build them with common household items. Then the students created awareness of the crisis by fundraising to obtain Life Straw Filtration systems for the Nairobi school. After watching students describe their project, it’s clear to see the passion they have gained while working towards providing a sustainable solution for those in need. Through this example, there is no question that technology, often enabled through broadband connectivity, is capable of being used for a variety of purposes.
The Role of the Cable Industry
Introducing alternative learning experiences is an opportunity for the cable industry. As an already strong partner for education, the cable industry is in a position to promote meaningful change. One idea would be to design and develop trusted solutions and enable educators to structure lesson plans outside of the normal classroom activities, take advantage of highly-trusted networks, and introduce new media types. This will enable the teachers to focus on the content of the lesson, and the tech to be more easily accessed to support learning objectives.
Appropriate use of technology within the classroom can accelerate learning while simultaneously developing empathy and altruistic perspectives that would not have been possible even ten years ago. We have the opportunity to develop a generation of individuals who are more empathetic and outwardly focused. By promoting learning without limiting the experiences in our own backyards, we can create dialogue to teach compassion, appreciation, and authenticity.
Carrier Wi-Fi is now Wi-Fi CERTIFIED Vantage™
The recent announcement by the Wi-Fi Alliance of the new certification designation, Wi-Fi CERTIFIED Vantage™, is a significant step for the industry. It is the culmination of years of collaboration within the Wi-Fi ecosystem and the result of incorporating industry established Carrier Wi-Fi requirements into industry certified Wi-Fi devices.
Wi-Fi Vantage devices will provide improved performance to users in managed Wi-Fi networks and make it easier to maintain quality connections in high usage environments including stadiums, airports, offices, campuses and home networks. Wi-Fi Vantage leverages current technologies that include Wi-Fi Alliance-certified Wi-Fi ac and Passpoint and will use subsequent releases to build upon using upcoming technologies and features. Ultimately, this accomplishment provides a mechanism for Wi-Fi operators to harden their networks to evolve from ‘best effort’ networks to operator-managed networks that will approach the reliability and functionality of mobile networks.
CableLabs is pleased to be part of the process to build this framework for Wi-Fi Vantage with Wi-Fi industry partners. We look forward to continued success in building upon the framework to benefit cable and mobile operators, the vendor community and, most importantly, consumers.
Collaboration Brings New Capabilities
Establishing solutions to the largest challenges faced by Wi-Fi operators, including cable operators, in the form of industry certifications has been the focus of CableLabs and many industry organizations. Some of the significant challenges collectively include: sticky client, secure and seamless access and connection, device provisioning, fast AP to AP handoffs in a secure SSID environment, load balancing across bands, and RF performance characterization for APs and clients.
Wi-Fi Vantage certified devices will be capable of resolving several of these challenges such as improved secure on-boarding of new clients, better customer experience when moving on a secure network, automatic discovery and attachment to roaming partner networks per operator driven network selection policy, and fast transitions across APs on secured networks to ensure subscribers receive the best performance available in the area.
Key Features of the First Release of Wi-Fi Vantage™
Wi-Fi Vantage is the technology suite operators will employ to deliver an exceptional user experience and help create the Wi-Fi preferred generation. More specifically, Wi-Fi Vantage delivers superior performance on global networks without intervention or effort from subscribers. Wi-Fi users are up and running on reliable networks with their favorite applications anywhere they roam simply by powering on their device. Wi-Fi Vantage will be the preferred service of a new generation of wireless data users by employing a number of superior service benefits including:
- Performance: Wi-Fi Vantage addresses the problem of inconsistent performance of Wi-Fi networks. Wi-Fi Vantage employs 802.11ac for the fastest throughput available on Wi-Fi technologies. Multi-band operations at 2.4 GHz, 5.0 GHz and future unlicensed bands ensure that all available spectrum is employed to deliver a superior subscriber experience.
- Device Provisioning and Operator Policy: Wi-Fi Vantage devices and provisioning systems support a single, standard interface for operators to provision and maintain user subscriptions, secure SSID profiles and network selection policy.
- Guest Network and Online Sign Up: Operators can provision and enforce policy for guest access on Wi-Fi Vantage networks and allow visitors to access guest networks without requiring visitors to sign up each time they enter a network. Operators can dynamically establish new user accounts, and create policy and customized accounts (ie. 1-day, 30-days, etc).
- Roaming: Wi-Fi Vantage will make pervasive, ubiquitous wireless connectivity a reality for users in major cities around the world.
Improving the Wi-Fi Experience
Cable operators are deploying millions of Access Points (APs) with public Service Set Identifiers, (SSID)s in their networks and linking their networks together into roaming consortiums in order to meet accelerating wireless data service demand. Wi-Fi Vantage brings the scale required to support roaming onto hundreds of roaming partner networks throughout the world with a single subscription. Wi-Fi operators can share their networks without having to provide and manage subscriptions separately. Wi-Fi devices automatically discover and attach to roaming partner networks per operator driven network selection policy.
Roaming starts at home and extends its reach to local, domestic and international networks. Cable operators and others are deploying public SSIDs in residential and small business APs to provide extensive Wi-Fi coverage for their subscribers. Wi-Fi Vantage provides network selection intelligence to help subscribers move onto their private networks while at home, and then roam onto neighborhood networks via public SSIDs on residential gateways. This roaming then extends to large operator managed outdoor metro networks, and finally, to Wi-Fi networks across nations and continents. Wi-Fi users will see their operators providing them with an integrated, extensive global Wi-Fi service.
Wi-Fi Vantage technologies provide a number of superior service elements for operators including performance, policy and provisioning and roaming. By delivering this exceptional user experience, Wi-Fi Vantage will be the preferred service of a new generation of wireless data users.
Mark Poletti is Director of Wireless Technologies at CableLabs.
3.5 GHz: The Democratization of LTE
Video Courtesy of Converge! Network Digest
The Wireless Broadband Alliance organizes Wireless Global Congress which was held November 14 – 17 in San Jose, CA. As one of the world’s leading wireless events, more than 700 attendees and over 60 speakers and panelists attended.
The main theme for this year’s conference program was “Innovation and Convergence.” The wireless industry is truly at a crossroads with the coexistence and convergence of licensed and unlicensed spectrum. I presented a paper titled “3.5 GHz – The Democratization of LTE” in the session on “Convergence and Coordinated Shared Spectrum Solution” with Neville Meijers, VP of Small Cells, Qualcomm who presented his paper on “Harmonious Integration of Unlicensed and Licensed Spectrum." Both presentations addressed the new opportunities in unlicensed spectrum with LTE based technologies using either LTE TDD or MuLTEfire.
My presentation addressed an exciting development here in the USA where the U.S. Federal Communications Commission has opened up 150 MHz of spectrum for shared use by commercial entities in the 3.5 GHz band (specifically 3.55-3.7 GHz). The innovative shared spectrum model adopted by the FCC for the Citizens Broadband Radio Service (CBRS) constitutes a bold and historic shift in spectrum allocation.
There will be 15 ten megahertz-wide channels available at a granular census tract geography across the United States suitable for LTE time division duplex (TDD) and other technologies such as MuLTEfire and License Assist Access (LAA). Perhaps more importantly, this frequency range is defined in the mobile standards by 3GPP for mobile use.
CBRS represents the first opportunity for the democratization of LTE for cable operators and other fixed operators for new innovative applications. Unlike spectrum for mobile networks which can be used to cover very wide areas, CBRS is designed for small cells in both inside and outside locations. Additionally, the use of LTE TDD avoids the need for a macro-cell anchor of cells as all the signaling is contained within the band. Effectively, LTE technology becomes available for fixed operators for the first time. The frequency for CBRS covers bands 42 and 43 of the 3GPP mobile bands and is expected to be available in smart phones within the next two years and offers exciting opportunities.
Recently, CableLabs joined the CBRS Alliance to evangelize LTE-based CBRS technology, use cases and business opportunities for our members. The CBRS Alliance believes that LTE-based solutions in the CBRS band, utilizing shared spectrum, can enable both in-building and outdoor coverage and capacity expansion at massive scale. In order to maximize CBRS’s full potential, the CBRS Alliance aims to enable a robust ecosystem towards making LTE-based CBRS solutions available.
Improving Infrastructure Security Through NFV and SDN
October was Cybersecurity Awareness Month in the US. We certainly were aware. In September, IoT cameras were hacked and used to create the largest denial of service attacks to date, well over 600Gbps. On October 21, the same devices were used in a modified attack against Dyn authoritative DNS services resulting in disruption of around 1200 websites. Consumer impacts were widely felt, as popular services such as Twitter and Reddit became unstable.
Open distributed architectures can be used to improve the security of network operators’ rapidly evolving networks, reducing the impacts of attacks and providing excellent customer experiences. Two key technologies enabling open distributed architectures are Network Function Virtualization (NFV) and Software Defined Networking (SDN). Don Clarke detailed NFV further in his blog post on ETSI NFV activities. Randy Levensalor also reviewed one of CableLabs’ NFV initiatives, SNAPS earlier this year.
Future networks based on NFV and SDN will enable simpler security processes and controls than we experience today. Networks using these technologies will be easier to upgrade and patch as security threats evolve. Encryption will be supported more easily and other security mechanisms more consistently than legacy technologies. And network monitoring to manage threats will be easier and more cost-effective.
Open distributed architectures provide the opportunity for more consistent implementation of fundamental features, process and protocols, including easier implementation of new, more secure protocols. This in turn may enable simpler implementation and deployment of security processes and controls. Legacy network infrastructure features and processes are largely characterized by proprietary systems. Even implementing basic access control lists from IP based interfaces varies widely, not only in the interfaces used to implement the control lists, but in the granularity and specificity of the controls. Some areas have improved but NFV and SDN can improve further. For example, BGP Flowspec has helped standardize blocking, rate limiting, and traffic redirection on routers. However, it has strict limits today on the number of rules practically supported on routers. NFV and SDN can provide improved scalability and greater functionality. NFV provides an opportunity to readdress this complexity by providing common methods to implement security controls. SDN offers a similar opportunity, providing standardized interfaces to implement flow tables to devices and configuration deployment through model-based configuration (e.g. using YANG and NETCONF).
Standardized features, processes, and protocols naturally lead to simpler and more rapid deployment of security tools and easier patching of applications. NFV enables the application of Develop Operations (DevOps) best practices to develop, deploy, and test software patches and updates. Physical and virtual routers and network appliances can be similarly programmatically updated using SDN. Such agile and automated reconfiguration of the network will likely make it easier to address security threats. Moreover, security monitors and sensors, firewalls, virtual private network instances, and more can be readily deployed or updated as security threats evolve.
Customer confidentiality can be further enhanced. In the past, encryption was not widely deployed for a wide range of very good economic and technical reasons. The industry has learned a great deal in deploying secure and encrypted infrastructure for DOCSIS® networks and also radio access networks (RANs). New hardware and software capabilities already used widely in data center and cloud solutions can be applied to NFV to enable pervasive encryption within core networks. Consequently, deployment of network infrastructure encryption may now be much more practical. This may dramatically increase the difficulty of conducting unauthorized monitoring, man-in-the-middle attacks and route hijacks.
A key challenge for network operators continues to be detection of malicious attacks against subscribers. Service providers use a variety of non-intrusive monitoring techniques to identify systems that have been infected by malware and are active participants in botnets. They also need to quickly identify large-scale denial of service attacks and try to limit the impacts those attacks have on customers. Unfortunately, such detection has been expensive. NFV promises to distribute monitoring functions more economically and more widely, enabling much more agile responses to threats to customers. In addition, NFV can harness specific virtualization techniques recommended by NIST (such as hypervisor introspection) to ensure active monitoring of applications. Moreover, SDN provides the potential to quickly limit or block malicious traffic flows much closer to the source of attacks.
Finally, NFV promises to allow us the opportunity to leap ahead on security practices in networks. Most of the core network technologies in place today (routing, switching, DNS, etc.) were developed over 20 years ago. The industry providing broadband services knows so much more today than when the initial broadband and enterprise networks were first deployed. NFV and SDN technologies provide an opportunity to largely clean the slate and remove intrinsic vulnerabilities. The Internet was originally conceived as an open environment – access to the Internet was minimally controlled and authentication never integrated at the protocol level. This has proven to be naïve, and open distributed architecture solutions enabled by NFV and SDN can help to provide a better, more securable infrastructure. Of course, there will continue to be vulnerabilities – and new ones will be discovered that are unique to NFV and SDN solutions.
As Cybersecurity Awareness Month closes and we start a new year focused on improving consumer experiences, CableLabs is pursuing several projects to leverage these technologies to improve the security of broadband services. We are working to define and enable key imperatives required to secure virtualized environments. We are using our expertise to influence key standards initiatives. For example, we participate in the ETSI NFV Industry Specification Group (ETSI NFV) which is the most influential NFV standards organization. In fact, CableLabs chairs the ETSI NFV Security Working Group which has advanced the security of distributed architectures substantially the past 4-years. Finally, we continue to innovate new open and distributed network solutions to create home networks that can adaptively support secure services, new methods of authentication and attestation in virtual infrastructures, and universal provisioning interfaces.
Device Security in the Internet of Things
As of the writing, some of the largest distributed denial-of-service (DDoS) attacks ever are actively disrupting major service and content providers. Many of the attacks are being reported as leveraging Internet of Things devices such as IP cameras. It’s interesting that these dramatic attacks are happening during Cybersecurity Awareness month.
How to Affect Change In Security
For many, IoT literally opens doors; for those of us in need of electronic assistance for key tasks, this is critical for daily living; with an estimated 20 billion devices online four years from now, it is a critical security requirement. CableLabs is focused on specific goals in securing Internet of Things (IoT) devices for three specific reasons: 1) our desire to protect the privacy and security of our subscribers; 2) enabling trust in the technology automating the environment we live in; and 3) the need to protect the network infrastructure supporting subscriber services. Our technical teams are actively working toward solutions for handling both the heterogeneous security models of existing devices through advanced networking techniques and in future devices through guiding standards bodies and industry coalitions in security considerations.
Who is Looking out for Your Privacy?
Subscriber privacy goes beyond personal anonymity; it includes protecting information that can be used to identify people, or their devices. Consider a mobile device, such as a Bluetooth fitness band, that broadcasts its unique identifier whenever requested (such as during any handshake to authenticate the device on various networks). That broadcast identifier could be used without the device owner’s knowledge to identify and track shoppers in a mall, protesters, or visitors at medical clinics among other concerns. Interestingly, network protection starts with device identity, and while many put this in opposition to the subscriber privacy, it does not need to be. Prior to onboarding devices into the network, which involves authentication and authorization as well as exchanging credentials and network configuration details, devices can provide temporary random identifier for new onboarding requests. After onboarding into a network, devices need an immutable, attestable, and unique identifier so that network operators can trace malicious behavior. Insecure devices that can evade identification, spoof their network address or misrepresent themselves, all while participating in botnets are a threat to everyone. Being able to rapidly trace attacks back to offending devices allows operators to more effectively coordinate with device owners in surgically tracking down and quarantining these threats.
Security – Where, When and How
Subscriber security is different from privacy and looks to ensure availability, confidentiality, and integrity. Availability is the key reason for the need for immutable identifiers within networks. When networked devices are subverted to participate in DDoS attacks, the ability to trace traffic to the corrupted devices is key. Encryption of data (in use, at rest, and in transit) is the primary means of assuring confidentiality. Since many IoT devices are constrained in processing power, it has become easy for manufacturers to overlook the need for confidentiality (data protection), arguing that the processing, storage and power costs for traditional PKI exceed device capabilities. Today, even disposable IoT devices are capable of using PKI thanks to Elliptical Curve Cryptography (ECC). ECC requires smaller keys and enables faster encryption than traditional methods have allowed – all while maintaining the same level of security assurances as traditional (RSA) cryptography. This allows not only for confidentiality, but can also be used to deliver integrity through non-repudiation (a device cannot deny it received a command/message) and message origin assurance (through signing or credential exchange). However, good ECC curve selection is very important. A final element of security is the ability for these devices to securely update their operating system, firmware, drivers, and protocol stacks. No system is perfect, and when a potential vulnerability is discovered, updating those devices already deployed will be a key part of the success of the IoT and how we interact with these tools.
These elements described above, availability, privacy, confidentiality, and integrity, all work together to develop trust. This trust comes from personal and shared experiences. The more positive security experiences consumers have with devices, the more trust is earned. Negative experiences deteriorate this trust, and this can happen disproportionally to events which built trust, and it often happens vicariously as opposed to personal experience. For example, a subscriber who reads about a personal security camera that has been visible to others on the internet, may forego the purchase of that, or similar, devices. The overall goal is to improve experiences for consumers both in future devices and to limit not only how many devices are compromised, but also limit the scope and impact of any individual vulnerability through leveraging multiple layers of defense.
Working Together Toward Network Protection
When IoT devices can be used en masse to leverage attacks targeting DNS servers, and when consumer market incentives don’t enforce security as a primary concern, industry standards bodies and consortia are typically called on to develop solutions . The Open Connectivity Foundation (OCF) is the leading IoT influence group, with over 200 leading global manufacturers and software developers (Intel, Qualcomm, Samsung, Electrolux, Microsoft and others) joining forces to ensure secure and interoperable IoT solutions. Other ecosystems are converging on OCF as well, and groups like UPnP, the AllSeen Alliance, and OneM2M have merged into the OCF organization. CableLabs and network operators including Comcast and Shaw are part of this movement, contributing code, technical security expertise, leadership, specifications, and time to make the Internet of Things safer for everyone. The Linux Foundation project, IoTivity, is being built as a platform to enable device manufacturers to more economically include security and interoperability in their products. OCF is driving toward support within IoT devices for subscriber privacy, security, and trust.
Standards organizations tend to focus on future devices, but helping manage existing devices is another area of research and exploration. The IoT security community is actively engaged not only on the future, but on the present, and how to improve consumer, manufacturer and operator experiences. A key tool to support existing IoT systems will be intermediating device/internet connections and providing bridges between ecosystems for interoperability to the ideas around using advanced networking techniques to help manage devices.
These different needs, privacy, security, trust and network protection, all combine to create a positive perspective on the IoT environment. Imagine devices which are highly available, trusted to do what they need to do, when they need to, for only whom they are intended to, and that communicate across networks securely, all while maintaining privacy. This is the focus of component and device manufacturers, network operators, integrators, academics, and practitioners alike. The convergence we are seeing around standards and open source projects is great news for all of us.
Interested in learning more? Join Brian and several others at the Inform[ED]™ Conference in New York, April 12, 2017.
Multiple Access Point Architectures and Wi-Fi Whole Home Coverage
As mentioned in a previous blog post on AP Coordination by my colleague Neeharika Allanki, homes sizes are growing and the number of client devices in a home network are increasing exponentially. There is a need for not only consistent performance in terms of throughput and connectivity, but also Wi-Fi coverage throughout the home. Consumers often need more than one Wi-Fi Access Point (AP) in the home network to provide that coverage.
Many houses in the world do not have existing wires that can be used to network these APs together, and so one of the easiest and most cost effective ways to provide whole home Wi-Fi coverage is by using Wi-Fi itself to connect together the APs in the home. The technologies available today that can do this are Mesh APs (MAPs), Repeaters or Extenders.
Wireless repeaters and extenders have been around for years due to consumers seeing the need to expand Wi-Fi coverage in their homes. While some form of wireless mesh networking has been around for more than ten years, until recently there were not products designed for the home that used mesh to connect multiple APs. In the past year, there has been a dizzying array of product announcements and introductions for home Wi-Fi coverage, with many of them using mesh networking.
Mesh Access points (MAPs) are quickly gaining traction in home networks mainly due to ease of installation (even over Repeaters/Extenders) and the promise of high throughput with whole home coverage. A mesh AP network can be defined as a self-healing, self-forming, and self-optimizing network of MAPs. Each MAP can communicate with others using smart routing protocols and thereby choose an optimal path in order to relay the data from one point to another.
As mentioned before in our AP Coordination blog, client steering (moving Wi-Fi clients to the best AP in each location) and band steering (moving and keeping Wi-Fi clients on the best band: 2.4 GHz or 5 GHz) are very important in any multi-AP solution, such as mesh or an AP + repeaters/extenders network. This is needed to ensure that each mobile client stays connected to the best AP for its current location. Without client steering, Wi-Fi clients may show connectivity to Wi-Fi, but throughput may suffer tremendously. This often shows up as the dreaded “Buffering…” message when streaming a video or a slow progress bar when loading a web page. In a fully wireless multiple AP solution, client steering and band steering is even more critical due to the throughput and latency penalty when traffic is repeated over Wi-Fi from one AP to another. As MAPs communicate with each other to form the mesh network, they implement some form of AP Coordination, and it is usually proprietary in nature.
CableLabs recently tested mesh networking solutions and AP + repeater solutions consisting of 3 APs in a 5000+ sq. ft. test house. We performed throughput, jitter, latency and coverage testing at more than twenty locations in and around the house. We found that we were able to run two streaming videos, at HD bitrates (~20Mbps), to video clients in the home while also delivering over 50Mbps to our test client. Both mesh and AP + repeater solutions were able to handle this video throughput, as well as deliver over 50Mbps throughput throughout the house and even to some areas 20’ outside the house. This is excellent news for consumers whose access to the Internet is wireless and who want that access everywhere in their homes.
CableLabs is working with vendors to define a standardized AP Coordination Protocol that would allow all APs in a home network to share information to allow them to make client steering decisions, along with other network maintenance tasks.