10G Integrity: The DOCSIS® 4.0 Specification and Its New Authentication and Authorization Framework

Massimiliano Pala
Principal Security Architect

Simon Krauss
Deputy General Counsel

May 28, 2020

One of the pillars of the 10G platform is security. Simplicity, integrity, confidentiality and availability are all different aspects of Cable’s 10G security platform. In this work, we want to talk about the integrity (authentication) enhancements, that have been developing for the next generation of DOCSIS® networks, and how they update the security profiles of cable broadband services.

DOCSIS (Data Over Cable Service Interface Specifications) defines how networks and devices are created to provide broadband for the cable industry and its customers. Specifically, DOCSIS comprises a set of technical documents that are at the core of the cable broadband services. CableLabs manufacturers for the cable industry, and cable broadband operators continuously collaborate to improve their efficiency, reliability and security.

With regards to security, DOCSIS networks have pioneered the use of public key cryptography on a mass scale – the DOCSIS Public Key Infrastructure (PKIs) are among the largest PKIs in the world with half billion active certificates issued and actively used every day around the world.

Following, we introduce a brief history of DOCSIS security and look into the limitations of the current authorization framework and subsequently provide a description of the security properties introduced with the new version of the authorization (and authentication) framework which addresses current limitations.

A Journey Through DOCSIS Security

The DOCSIS protocol, which is used in cable’s network to provide connectivity and services to users, has undergone a series of security-related updates in its latest version DOCSIS 4.0, to help meet the 10G platform requirements.

In the first DOCSIS 1.0 specification, the radio frequency (RF) interface included three security specifications: Security System, Removable Security Module and Baseline Privacy Interface. Combined, the Security System plus the Removable Security Module Specification became Full Security (FS).

Soon after the adoption of public key cryptography that occurred in the authorization process, the cable industry realized that a secure way to authenticate devices was needed; a DOCSIS PKI was established for DOCSIS 1.1-3.0 devices to provide cable modems with verifiable identities.

With the DOCSIS 3.0 specification, the major security feature was the ability to perform the authentication and encryption earlier in the device registration process, thus providing protection for important configuration and setup data (e.g., the configuration file for the CM or the DHCP traffic) that was otherwise not protected. The new feature was called Early Authorization and Encryption (EAE), it allows to start Baseline Privacy Interface Plus (BPI) even before the device is provisioned with IP connectivity.

The DOCSIS 3.1 specifications created a new Public Key Infrastructure *(PKI) to handle the authentication needs for the new class of devices. This new PKI introduced several improvements over the original PKI when it comes to cryptography – a newer set of algorithms and increased key sizes were the major changes over the legacy PKI. The same new PKI that is used today to secure DOCSIS 3.1 devices will also provide the certificates for the newer DOCSIS 4.0 ones.

The DOCSIS 4.0 version of the specification introduces, among the numerous innovations, an improved authentication framework (BPI Plus V2) that addresses the current limitations of BPI Plus and implements new security properties such as full algorithm agility, Perfect Forward Secrecy (PFS), Mutual Message Authentication (MMA or MA) and Downgrade Attacks Protection.

Baseline Privacy Plus V1 and Its Limitations

In DOCSIS 1.0-3.1 specifications, when Baseline Privacy Plus (BPI+ V1) is enabled, the CMTS directly authorizes a CM by providing it with an Authorization Key, which is then used to derive all the authorization and encryption key material. These secrets are then used to secure the communication between the CM and the CMTS. In this security model, the CMTS is assumed trusted and its identity is not validated.

BPI Plus Authentication Flow

Figure 1: BPI Plus Authorization Exchange

The design of BPI+ V1 dates back more than just few years and in this period of time, the security and cryptography landscapes have drastically changed;  especially in regards to cryptography. At the time when BPI+ was designed, the crypto community was set on the use of the RSA public key algorithm, while today, the use of elliptic-curve cryptography and ECDSA signing algorithm is predominant because of its efficiency, especially when RSA 3072 or larger keys are required.

A missing feature in BPI+ is the lack of authentication for the authorization messages. In particular, CMs and CMTS-es are not required to authenticate (i.e., sign) their own messages, making them vulnerable to unauthorized manipulation.

In recent years, there has been a lot of discussion around authentication and how to make sure that compromises of long-term credentials (e.g., the private key associated with an X.509 certificate) do not provide access to all the sessions from that user in the clear (i.e., enables the decryption of all recorded sessions by breaking a single key) – because BPI+ V1 directly encrypts the Authorization Key by using the RSA public key that is in the CM’s device certificate, it does not support Perfect Forward Secrecy.

To address these issues, the cable industry worked on a new version of its authorization protocol, namely BPI Plus Version 2. With this update, a protection mechanism was required to prevent downgrade attacks, where attackers to force the use of the older, and possibly weaker, version of the protocol. In order to address this possible issue, the DOCSIS community decided that a specific protection mechanism was needed and introduced the Trust On First Use (TOFU) mechanism to address it.

The New Baseline Privacy Plus V2

The DOCSIS 4.0 specification introduces a new version of the authentication framework, namely Baseline Privacy Plus Version 2, that addresses the limitations of BPI+ V1 by providing support for the identified new security needs. Following is a summary of the new security properties provided by BPI+ V2 and how they address the current limitations:

  • Message Authentication. BPI+ V2 Authorization messages are fully authenticated. For CMs this means that they need to digitally sign the Authorization Requests messages, thus eliminating the possibility for an attacker to substitute the CM certificate with another one. For CMTS-es, BPI+ V2 requires them to authenticate their own Authorization Reply messages this change adds an explicit authentication step to the current authorization mechanism. While recognizing the need for deploying mutual message authentication, DOCSIS 4.0 specification allows for a transitioning period where devices are still allowed to use BPI+ V1. The main reason for this choice is related to the new requirements imposed on DOCSIS networks that are now required to procure and renew their DOCSIS credentials when enabling BPI+ V2 (Mutual Authentication).
  • Perfect Forward Secrecy. Differently from BPI+ V1, the new authentication framework requires both parties to participate in the derivation of the Authorization Key from authenticated public parameters. In particular, the introduction of Message Authentication on both sides of the communication (i.e., the CM and the CMTS) enables BPI+ V2 to use the Elliptic-Curves Diffie-Hellman Ephemeral (ECDHE) algorithm instead of the CMTS directly generating and encrypting the key for the different CMs.Because of the authentication on the Authorization messages, the use of ECDHE is safe against MITM attacks.
  • Algorithm Agility. As the advancement in classical and quantum computing provides users with incredible computational power at their fingertips, it also provides the same ever-increasing capabilities to malicious users. BPI+ V2 removes the protocol dependencies on specific public-key algorithms that are present in BPI+ V1. , By introducing the use of the standard CMS format for message authentication (i.e., signatures) combined with the use of ECDHE, DOCSIS 4.0 security protocol effectively decouples the public key algorithm used in the X.509 certificates from the key exchange algorithm. This enables the use of new public key algorithms when needed for security or operational needs.
  • Downgrade Attacks Protection. A new Trust On First Use (TOFU) mechanism is introduced to provide protection against downgrade attacks – although the principles behind TOFU mechanisms are not new, its use to protect against downgrade attacks is. It leverages the security parameters used during a first successful authorization as a baseline for future ones, unless indicated otherwise. By establishing the minimum required version of the authentication protocol, DOCSIS 4.0 cable modems actively prevent unauthorized use of a weaker version of the DOCSIS authentication framework (BPI+).  During the transitioning period for the adoption of the new version of the protocol, cable operators can allow “planned” downgrades – for example, when a node split occurs or when a faulty equipment is replaced and BPI+ V2 is not enabled there. In other words, a successfully validated CMTS can set, on the CM, the allowed minimum version (and other CM-CMTS binding parameters) to be used for subsequent authentications.

Future Work

In this work we provided a short history of DOCSIS security and reviewed the limitations of the current authorization framework. As CMTS functionality moves into the untrusted domain, these limitations could potentially be translated into security threats, especially in new distributed architectures like Remote PHY. Although in their final stage of approval, the proposed changes to the DOCSIS 4.0 are currently being addressed in the Security Working Group.

Member organizations and DOCSIS equipment vendors are always encouraged to participate in our DOCSIS working groups – if you qualify, please contact us and participate in our weekly DOCSIS 4.0 security meeting where these, and other security-related topics, are addressed.

If you are interested in discovering even more details about DOCSIS 4.0 and 10G security, please feel free to contact us to receive more in-depth and updated information.

Learn More About 10G

Home Network

Clogged Home Wi-Fi? Try Installing a Mesh Network

May 27, 2020

Wi-Fi has become the broadband internet plumbing in our homes, supplying the data flow we need to work and play online. But it also can be just as vexing as traditional plumbing – you get a broadband torrent in one room and a data trickle in another. What’s the fix? It may well be a mesh Wi-Fi network.

Luckily, home mesh Wi-Fi networks are easier, cheaper and not nearly as messy to install as traditional plumbing jobs. Mesh network systems start at about $250 and are available online. Most mesh systems can be self-installed and configured using a downloadable smartphone app.

Here’s How a Wi-Fi Mesh Network Works

Instead of relying on a single router to create a Wi-Fi network in your home, a mesh network includes a main router plus additional mesh node devices. Mesh nodes are small radio transmitters that function in the same way as a wireless router. They are linked to the main router using a wired or wireless connection. Each mesh node device – often no larger than a hockey puck – provides Wi-Fi coverage in specific zones in your house, together providing whole-home coverage. The result is a consistent data flow whether you are surfing the internet in your upstairs bedroom, downstairs den or main floor living room.

Before Purchasing a System

Your first step is to figure out how many nodes you need, and that requires a little math. Calculate how many square feet your Wi-Fi network needs to cover, including each floor and any outdoor spaces such as a patio. Then check the recommendations from your mesh device maker to decide how many mesh nodes you will need.

Installation Process

The order of the steps in the installation process varies per brand, but usually follow this pattern:

  • Download and open the mesh network system’s mobile app to your smartphone
  • The app may guide you through setting up an account and administrator password. Be sure to save that password for easy access in the future.
  • The app will then most likely ask you to name your new Wi-Fi network and set the network password. You may want to match the name and password of your existing Wi-Fi network which will allow your devices to jump right on the new network.
  • Finally, the app will walk you through the installation of the hardware which includes detecting the main mesh router and then placement of the additional nodes.

The main mesh router is usually installed next to your home broadband modem using a wired ethernet cord. From there, things get a bit trickier, as you decide where to put the additional mesh nodes. If you have a dead zone with little or no Wi-Fi signal, try placing one of the mesh nodes halfway between it and your main mesh router. Remember, the additional mesh nodes need to be able to talk to the main mesh router.

The Don’ts

  • Don’t put nodes close to a microwave oven or a cordless landline phone, as they are known Wi-Fi signal disruptors.
  • In the kitchen, don’t place a node next to the fridge – it’s a giant metal box, and it will block Wi-Fi signals.
  • Most apps also will let you know if any of the mesh nodes are in a bad spot, and you may have to move them to improve the signal.

The last cleanup step is to decide if you want to disable the Wi-Fi signal from your old system.  This is usually a good idea if you placed your new mesh router node close to your old router. Some routers have a switch to disable the Wi-Fi and others require you to turn off the Wi-Fi via its browser user interfaces.

Once complete, you are good to go. Your self-installed mesh network now pipes broadband data throughout your home to support your workflow and entertainment streaming – all without ever having to pick up a monkey wrench!

Subscribe to our blog for more Wi-Fi tips and tricks.


Home Network

Screen Yourself: When It’s Wise to Nix Video in Teleconferences

May 22, 2020

To be seen or not to be seen – that is the question for many of us as we spend our days in online teleconference meetings while working from home.

True, seeing video of your fellow participants can add energy to a meeting and make you feel less isolated. But there are some good reasons – and some embarrassing ones – for toggling off your video feed.

My home broadband isn’t all that broad. Even in the era of plentiful home broadband service, video teleconferencing calls can be a chore if your home connection is running slow. Maybe you moved into a house with a great view of the mountains but lousy Internet access. Or every member of your household is online right now, and your share of the broadband pipe is decidedly narrow. Or it could be that you are required to user a VPN connection, which provides better security but also slows down the video stream and increases latency. Whatever the case, participants’ video feeds jerk and stutter, or worse, all of a sudden you find yourself kicked out of the call queue. Turning off your video feed – and asking others to do so as well – may lighten the bandwidth load so you can continue the meeting.

My laptop is a fossil. Hey, we’ve all been there. You start a job and you are given the oldest laptop in the company fleet. In computer years, it dates back to the Cretaceous Era, as evidenced by its CD drive. With its maxed-out RAM memory and outdated operating system, this geezer of a computer can barely deal with email, let alone a live streaming video conferencing call. If your laptop would be more useful as a brick and there is no hope of a replacement, you may need to participate in teleconference meetings in audio-only mode.

Focus, people! If the meeting features a single person giving a presentation, it may be a good idea to have everyone else go sans video. Not only does this allow the group to focus on the presenter as well as any screen-shared information, but the presenter doesn’t have to watch a half-dozen or more bobbing heads, or see that most of the participants are looking elsewhere, munching on snacks or yawning. That’s not only discouraging for the presenter, but it also is distracting.

Oh no, I really have to go… You are in the middle of a marathon meeting and you really, really need to use the restroom. Or maybe your five-year-old has just burst into your home office in full-on meltdown mode. Either way, it’s probably best if you temporarily turn off your video and put yourself on mute. Your colleagues may not be happy you are taking a break to deal with personal business, but they will be grateful you didn’t share it in glorious video and audio.

Uh, did I put on pants? You overslept. Or you are naturally fashion-challenged. Or the call came at a really bad time early or late in the day. Whatever the case, you aren’t exactly dressed for success – in fact, you shouldn’t even go out in public and risk scaring small children. The best option may be to turn off your computer camera and keep your fashion fail private. All in all, your colleagues may thank you for it. You really don’t need to be this guy.

Subscribe to our blog to get more tips, tricks and information from CableLabs.


Home Network

From Setup to Snacking, There’s an Art to Working From Home

May 13, 2020

Thanks to reliable broadband networks, many of us have been able to turn our home space into our workplace as we weather the COVID-19 pandemic. But doing business at home in this new normal world isn’t always easy. Luckily, your fellow telecommuters at CableLabs have come up with some great ideas to help you get the job done while at home, from creating a workable workplace to probably the most important issue: Snacks.

Let’s start with the basics. Good work depends on a good workspace, so setup is key. Your home office should be in an area where there is good light and a strong broadband connection. If you must participate in teleconferencing calls, make sure your computer has a good camera, microphone and speakers. To avoid looking like a shadow puppet during video calls, make sure any bright window or desk light is in front of you, not behind.

Now look at your work space, including your chair, keyboard, mouse and monitor(s). Is your monitor screen at or slightly below eye level? Are your armrests at a level with your elbows, so your shoulders aren’t straining or hunching? Is your keyboard positioned so your wrists are not contorting as you type? With some simple changes, you can avoid the misery of headaches, backaches and carpal tunnel syndrome pain.

One of the biggest problems for office workers also hits home for telecommuters: Don’t sit too long while staring into a bright monitor. To avoid eye strain, make a habit of looking away from the screen for a couple of minutes every hour or so. To give your backside a break, try setting up an alternative standing desk using a counter or high table.

If a standing desk isn’t doable, try getting up and moving at regular intervals. Luckily, there are always plenty of household chores waiting, such as loading/unloading the dishwasher or shoving dirty clothes into the washing machine. This will not only give your eyes and body a necessary break, but you will have something clean to wear and dishes ready for dinner.

Another big problem is isolation, as we get used to working outside of an office filled with coworkers. To keep your day from feeling like solitary confinement, schedule regular team teleconferencing meetings so that you can still see and hear your colleagues. And don’t worry if the first few minutes are spent telling funny stories about epic cooking fails or what the dog did this weekend – this is good, morale-boosting social interaction, and as long as everyone moves into work topics after a few minutes, it does far more good than harm.

And finally, snack choice is crucial. Working from home means you are much closer to the fridge and pantry, which can be a blessing but also a curse for your waistline. Great options for munching during the work-at-home day include mini carrots, celery, hummus and granola. Favorites among CableLabs team members include cheese, nuts and jerky – all are loaded with protein that will power your productivity and reduce hunger pangs. Of course, every once in a while, indulge in a favorite treat, be it animal crackers, cookies or chocolate. Working from home doesn’t have to be torture, after all.

Subscribe to our blog for more tips and tricks in the future.


Home Network

Home Entertainment: Things to Keep Your Kids Occupied During COVID-19

May 8, 2020

“I’m bored!”

You’ve probably heard that quite a lot from your kids lately, as we all endure COVID-19 stay-at-home orders. But there’s good news for beleaguered parents – not only are there plenty of online resources kids can access over a broadband connection but thanks to your fellow embattled parents at CableLabs, there also are simple but brilliant offline activities you can try. Let’s start with free or discounted Internet resources that can entertain and educate your kids. Here are just a few:  – Aimed at kindergarten to fifth-grade kids, this site offers an extensive lineup of online books – all offered free through the end of the school year. – Geared for kids age 5 and older, Tynker teaches kids computer coding. Better yet, during the COVID-19 pandemic, it’s offering free access to its premium coding courses.

Prodigy Game – This website offers a raft of fun games calculated to improve math skills for kids in the first through eighth grade.

Mo Willems Lunch Doodles – Draw upon your kids’ artistic talents with this art activities website sponsored by the Kennedy Center for the Performing Arts.

Dance with Debbie Allen – To get your kids moving, tap into this series of Instagram Live dance classes hosted by the legendary choreographer Debbie Allen. – For pure entertainment value, nothing beats a good classic story available from this podcast website.

It’s also important to give kids time away from the screen, if only to give your computer a rest. With playgrounds and recreation centers closed, here are some great ideas for home recreation gathered from your fellow parents.

Balloon volleyball

All you need is an open space in a room or a yard, some tape or string, a balloon and as few as two players. To set up your court, run some tape or string at kid-level across a room, or between chairs set up in your backyard. If you like, you also can put tape on the floor or grass to mark the court boundaries.

Blow up a balloon, and let the game begin. You can use standard volleyball rules, or you can be more adventurous and make up your own, such as allowing the balloon to bounce off walls, or use your head, knees or feet to hit the balloon. Your house, your rules. If you are playing with teams of kids and adults, you might want to have the adults play on their knees to even the playing field a bit.

Cardboard creations

This activity is a great way to teach kids about building structures, and all it only requires masking tape and the cardboard boxes you probably already have lying around from your last online shopping delivery. Start by cutting the boxes into various rectangular pieces. Then give each kid a roll of tape and a pile of the cardboard pieces and challenge them to build the best house, truck, castle – whatever. Use your imagination. Give them an afternoon to build their creation, and then have the family vote on the winning design over dinner.

Not your average cookie-cutter bake-off

Here’s an activity that includes a built-in reward. Assemble some simple ingredients, including either home-made or store-bought cookie dough and various toppings such as nuts, chocolate chips and colored sugar sprinkles – but no cookie cutters. Instead, roll out the dough into small sheets for each child, and give them each a small butter knife. Then challenge your kids to come up with creative cookie designs, cutting their own shapes with the butter knife and adding their toppings. Bake up these artistic designs and have the family vote which is the best – before eating them, that is.

Interested in learning more tips and tricks? Subscribe to our blog.


Home Network

Doc in a Box: How to Get the Most out of Your Telehealth Appointment

May 6, 2020

With concerns about spreading the COVID-19 virus through personal contact, your doctor may not want to see you in person right now. Many medical offices are offering telehealth appointments, where doctors and patients connect using broadband videoconferencing technology.

The perks are obvious – you don’t have to drive to a doctor’s office and sit for hours in a waiting room with a spotty Wi-Fi connection and a slick drug company video endlessly playing on a big-screen TV set. But telehealth is unfamiliar territory for most of us, so there are some steps you should take to reduce the stress out of your first digital doctor’s visit.

Think ahead. Find out if your doctor’s office is using telemedicine conferencing software you will have to download. Even if you don’t have an appointment in the near term, it’s best to do this in case you have a future medical issue that requires a telehealth session.

Take the software for a test drive. Don’t assume your doctor’s telehealth software will play nice with the computer, tablet or smartphone you plan to use for the call. Give it a test run to spot and fix problems. Your device’s security platform can sometimes block the software’s access to the video camera, microphone and speaker, so you may have to adjust these settings or switch to another device. Tower computers and many tablets don’t have microphones, so you should check for an option to use your phone for the audio. Speaking of audio, find the mute button and make sure you can switch it off. You don’t want to spend the first few minutes talking only to have your doctor stare at you in confusion because she can’t read lips.

Get a room. As with other teleconferencing calls, it’s all about location, location, location. Before your appointment, find a quiet, private room where you have a strong broadband connection and good lighting, so that your doctor can see and hear you clearly.

Lean on lists. It’s easy to get distracted by the telehealth experience. So ahead of time, do some homework: Make a list of prescription drugs you are taking, symptoms, the timeline when symptoms developed and questions about treatment options. That way, you’ll remember to cover the important points, even as you wonder what in the world that chart on the wall behind your doctor says.

You may be your own exam assistant. Depending on the reason for the call, you may have to become a medical assistant and help with the examination. So have a thermometer and flashlight handy in case your doctor needs you to check your child’s temperature or shine a light down their throat. If you have other medical aids such as a blood pressure cuff, glucose meter, pulse oximeter or a weight scale, have them within reach.

Leave with a plan. Before the session ends, make sure you understand next steps such as follow-up tests, prescriptions and follow-up exams. If an in-office follow-up visit is required, find out about COVID-19 safety procedures you may have to follow.

Lastly, if you had any technical issues with the video conference, take some notes afterwards and consider if there’s any technology you need to purchase so things run better the next time. With some preparation, practice and a little bit of patience – no pun intended – telehealth can fill your prescription for good health care during this pandemic and beyond.



With Great Bandwidth, Comes Great Responsibility

Kyle Haefner
Senior Security Engineer

May 5, 2020

Cable's next generation, 10G networks, holds the promise to deliver symmetrical multi-gigabit speeds that are 100 times faster than what some consumers are currently experiencing today. This great leap forward will enable services and experiences that will drive internet innovation for years to come. It is our mutual responsibility to assure that devices we connect to these blazing 10 gigabit internet connections, are updated and patched, free from default passwords and use proper authentication and authorization.

The lack of following basic cyber-security principals surfaced in the late Fall of 2016, when many popular sites such as Twitter, Amazon, Reddit and Netflix, were unreachable for several periods, lasting hours. The cause was a massive distributed denial of service (DDoS) attack coming from hundreds of thousands of compromised internet of things (IoT) devices. Traffic from these devices overwhelmed the DNS service provider and effectively blocked customers and users from reaching these popular Internet locations for hours at a time.

As we approach a world where households are connected at gigabit and greater speeds, building secure devices and getting them in the hands of consumers is essential. Over the last several years CableLabs has been engaged with standard organizations such as, the Consumer Technology Association (CTA) and the Open Connectivity Foundation (OCF), to draft specifications and guide security baselines for IoT devices. This work has culminated in the release of OCF's international ISO\IEC specification for IoT interoperability.

The OCF specification brings together over 450 member companies and work that spans half a decade to apply cyber-security best practices to the IoT. This specification, combined with an open source reference implementation, seven approved global testing and certification labs and an active community of practitioners and member companies (from device vendors, network device venders and network operators), is uniquely positioned to be the secure standard that unites the industry.

With the OCF specification a consumer can buy a certified device from Vendor A and be confident in the knowledge that not only will it work with their certified appliance from Vender B, but it will do so in a way that is encrypted and authenticated. OCF can work with many cloud services but does not inherently need the cloud, promising consumers a good balance between the convenience of the cloud and the privacy and availability of their local networks.

The OCF specification's security-first approach brings it into close alignment with several of the security guidelines from government and industry, including:

OCF mapping of Security Baselines

Figure 1: OCF mapping of Security Baselines

The road ahead for 10G and IoT is bright. Ultra-fast networks and connected devices have the potential to change every aspect of daily life, making our surroundings aware and interactive to our presence and able to predict and adjust to our needs. Work, entertainment and social interaction will happen whenever and wherever we are, dynamically and organically. Education and healthcare will be forever changed as sensors and ubiquitous devices allow us to interact in ways never before possible. Yes, the future is bright, but it also must be secure.

Learn More About 10G Security

Home Network

  How to Secure Your Wi-Fi Router and Protect Your Home Network

May 1, 2020

We are all heavily relying on our home networks to work, learn, stay connected with family and friends and to keep us entertained; unfortunately, cyber villains are now hard at work trying to exploit our current situation. Luckily, there are a few easy steps you can take to lock your cyber-doors and prevent intruders from wreaking havoc on your home network.

In the following video, we’ll show you how to dead-bolt your home router with a custom password, strengthen your network firewall, kick out pesky, free-loading devices and clean out security protocol dead wood. It won’t prevent squabbles over who gets to use the tablet or lessen the allure of time-sucking cat videos, but it will help keep you and your family cyber-safe.


Home Network

5 Tips to Engage and Instruct Students Remotely

Apr 29, 2020

Educators are facing a steep learning curve during the COVID-19 pandemic, as they adjust to a world where students come to school via a home broadband connection rather than a school bus. But fear not – with available collaboration tools and some expert tips drawn from your fellow teachers, you can help your students get the most out of “Screen School.”

Keep it simple. Yes, the family IT expert is often the resident 10-year-old. But even these young computer wizards can get confused if your lesson plan has 30 steps or requires them to go to 100 places online to complete their classwork. Avoid the cyber scavenger hunt, and think instead about a single instruction page document, with screen shots of critical steps to assure them they are on the right track. And while there is plenty of shiny, ultra-cool teaching software now available for free, be careful. Not all of your students will have home ultra-fast broadband connections or top-of-the-line home computers. So don’t bog your students down with complicated, bandwidth-hungry applications, or jump from one application to another. Your students could get disconnected along the way, and you may well get angry calls from parents complaining that the family computer just melted down.

Set boundaries. Many videoconferencing platforms include chat features that can be helpful to instruction. But this also can become a devil’s playground, tempting students to chat with each other rather than paying attention to your lesson. Worse, some applications allow students to hang around and chat after a session is over, and in this unsupervised space things can quickly go sideways. To avoid the potential for cyber-bullying or other hurtful, negative chat exchanges, check to see if the platform you use allows you to limit these session or chat functions.

Stay in touch. It’s hard to maintain contact with each student in a virtual classroom, so many teachers are offering “office hours,” with videoconference appointments available for one-on-one instruction. And believe it or not, many teachers are finding that students actually want to see them, and that they get more out of videoconference lessons rather than just posting a class assignment online or sending via email. That said, getting a local celebrity to read a story or present a lesson might sound like a great way to jazz up online learning, but it isn’t a slam-dunk educational winner – students may not recognize the guest star, and worse, the guest star may not have the skills to pull it off. So leave celebrities to Entertainment Tonight and keep your student’s attention focused on you.

Let’s get physical. With many kids stuck at home, physical fitness becomes a challenge. So it may be worthwhile to schedule a 15 to 30-minute video exercise period as part of your online lesson plan. This virtual PE class is not only good for kids, but it might also be good for your waistline.

Don’t despair. Remote education is challenging, but online teaching tools are improving. And your fellow teachers are a great resource for tips on what works and what doesn’t. It takes a village to educate a child, even if these days that village is online.

Interested in learning more tips and tricks in the future? Subscribe to our blog!



Cable’s 10G Platform to Provide Synchronization for 5G

Jennifer Andreoli-Fang
Distinguished Technologist, Wireless Technologies

Apr 29, 2020

Cable service providers operate an extensive hybrid fiber coax (HFC) infrastructure to serve residential and business fixed broadband. In recent weeks, the world witnessed how cable networks around the globe have withstood the test of a dramatic surge in capacity demand due to the work-from-home (WFH) and other xFH practices induced by COVID-19 pandemic and are holding up extremely well.

As the economy opens again and 5G deployments resume, a large part of the time lost due to the COVID-19 pandemic can be regained by leveraging the extensive wireline networks to transport the mobile 5G traffic, be it fronthaul, midhaul or backhaul (collectively termed “xhaul”) between the radio units (RUs) or Base Stations (BSs) and the RAN Infrastructure. A critical impediment that stood in the way of leveraging the ubiquitous HFC infrastructure was the inability to provide timing and synchronization to the radio units which is crucial to their operation.

For nearly two years, the CableLabs Mobile Xhaul vendor and operator team has been working on equipping the DOCSIS® technology to provide better xhaul for mobile traffic.

Today, we are happy to announce the publication of the first release of the Synchronization Techniques for DOCSIS Technology Specification. When coupled with the Low Latency Xhaul Specification (LLX) standardized last year, which specifies requirements to reduce the latency on the DOCSIS network for mobile traffic, the two together provide the performance needed for DOCSIS network to xhaul mobile traffic. The ubiquity of the HFC plant will greatly assist the economic and timely deployment of these new 5G radios.

Synchronization Over DOCSIS Network

The mobile network is synchronous by design and requires the sharing of a common clock. This is achieved in practice by means of the radios and “their controllers” connecting to the Global Navigation Satellite System (GNSS). This works well for outdoor macro deployments. For small cell deployments, especially indoors, more often than not GPS signals are either not available or not economical. Instead, an equivalent global clock signal is transported over the IP network using precision time protocol (PTP), specified in the IEEE 1588-2008 family of specifications.

Transporting PTP over the DOCSIS network is particularly challenging due to the asymmetrical nature of the DOCSIS network. Leveraging the DOCSIS Time Protocol (DTP) to address the asymmetry issue offers a practical solution. A high-level architecture of the solution framework is illustrated in the figure below (technical details can be obtained in this SCTE white paper). DTP was invented back in 2011 and incorporated into the DOCSIS 3.1 specifications in 2013. In the newly issued SYNC specification, the Mobile Xhaul team updated the DTP profiles, defined timing system architectures and specified requirements on the DOCSIS network equipment to make PTP work end-to-end. As a result, the DOCSIS specification when bolstered with the newly issued SYNC spec and the LLX spec, is capable to support the LTE and 5G timing requirements.

To Provide Synchronization for 5G, Cable’s 10G Kitchen SYNC to the Rescue

What’s Next?

The Mobile Xhaul team invites cable and mobile operators as well as vendors to provide input to these latest set of specifications. Several HFC equipment vendors have already demonstrated the feasibility of DTP in various proof of concept (PoC) implementations. In the upcoming months, our team will complete additional requirements and timing architectures.

Soon, cable MSOs will be upgrading their HFC plants to the distributed access architecture (DAA). DAA nodes are already PTP-compatible, as PTP is needed for the R-PHY device and the CMTS core to be on the same timing island. The MSOs and cable equipment vendors are better off designing their new network architectures with mobile requirements in mind and ensure that the DAA nodes can support the 1.5µs of end-to-end timing requirement needed for LTE and majority of the 5G deployments as specified in the SYNC spec.

We are excited to offer the ability of the DOCSIS technology to provide reliable and precision timing services. This will aid the ubiquitous HFC wireline network to become an obvious choice for the mobile operators as a low CAPEX and fast-to-deployment xhaul solution. We are working hard to converge the 10G and the 5G technologies, and SYNC is one of the areas that has come to fruition.

We acknowledge the tremendous efforts of the Mobile Xhaul team in driving these specifications to a timely publication, specifically those who did heavy lifting in the SYNC spec: John Chapman (Cisco), Elias Chavarria Reyes (Cisco), Peter Meyer (Microchip) and Yair Neugeboren (CommScope).