Security

Improving the Resilience of Cable Networks Through RPKI

Tao Wan
Principal Architect, Security

Jan 24, 2022

Today, CableLabs is releasing a set of best common practices to help accelerate the deployment of Resource Public Key Infrastructure (RPKI), which can mitigate the risk of IP prefix hijacking.

All broadband networks serving residential and business users consist of both access networks and IP networks. The access network connects residential homes and business premises to the broadband provider’s IP network. IP networks are then interconnected, using the Border Gateway Protocol (BGP), to form the internet.

A common disruption to BGP and the exchange of traffic between IP networks is IP prefix hijacking, which can occur accidentally (e.g., by misconfiguration) or intentionally (e.g., by malicious parties).

Incidents of IP prefix hijacking occurred as early as 1997, when a top-level autonomous system (AS) accidentally advertised routes for a large number of IP prefixes belonging to other network operators, creating a routing black hole and major disruption to the internet. Since then, IP prefix hijacking has occurred regularly, causing service disruption to hundreds of millions of internet users, and is considered one of the top threats to internet availability.

Fortunately, network operators and the broader industry have come together to address the risk of IP prefix hijacking. Specifically, RPKI has been standardized by Internet Engineering Task Force (IETF) with deployment strategies outlined by the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) and is being deployed by cable operators and other network operators to prevent IP prefix hijacking. RPKI allows the rightful owner of IP address spaces to cryptographically assert the ownership of their prefixes. It then allows other parties to verify received BGP routes against the trusted cryptographic assertions to detect prefix hijacking. Today, about a third of IP prefixes announced on the internet are digitally signed using RPKI.

To help speed up the deployment of RPKI across the internet and improve the resilience of all networks, CableLabs is releasing an RPKI deployment best common practices (BCP) document. This document was developed by BGP experts from CableLabs and its members (including Charter, Comcast, Cox and Liberty Global) who have successfully deployed RPKI in their networks.

The RPKI deployment BCP provides a five-step guide to deploy both Route Origin Authorization (ROA) and Route Origin Validation (ROV), two major components of RPKI. In addition, it provides guidance on the monitoring of RPKI and BGP to ensure continuous health of the routing infrastructure.

To that end, we invite you to download the CableLabs BCP as a resource in deploying and maintaining RPKI in your networks. With the widespread deployment of RPKI, we can minimize the risk of IP prefix hijacking and increase the security and resiliency of the internet.

LEARN MORE

10G

Advancing 10G: CableLabs Reached Several Key Milestones in 2021

CableLabs
CableLabs Admin

Jan 20, 2022

Last year, CableLabs and its members took major steps toward making 10G a reality. There were numerous launches, enhancements, and even a couple of “firsts.” Every one of these initiatives—from launching the 10G Challenge to enhancing specification requirements—will play an important role in building the faster, more secure and reliable networks of the future.

Here are some of the key milestones we’re especially proud of:

Improved Fiber Capacity

As data demands increase, operators are considering increasing capacity on their existing optical access network. To help operators meet this demand, the Coherent Termination Device enables them to take advantage of coherent optics technologies in access networks. Typically used for long-haul, metro and submarine networks, coherent optics technologies let operators use their existing fiber assets more efficiently when teamed with wavelength-division multiplexing in the optical access network.

More Robust Security

The Network Security Best Common Practices is a comprehensive document that sets the foundation for a new era in network security by establishing a common set of requirements and best practices for vendors of gateway devices and cable modems. Agreed upon by the global community of operators and device manufacturers, the document provides a globally consistent baseline that will make our digital lives a lot safer.

Inspiring 10G Innovators

The 10G Challenge is a competition designed to accelerate the development of applications for emerging 10G networks. It’s a great way to inspire talented innovators, startups, students and entrepreneurs to not only imagine the near future but actually build it. The winners will have the opportunity to showcase their hard work at SCTE Cable-Tec Expo® 2022.

Cable Industry Achievement Highlights

Because our mission is to support the entire cable industry, we can’t possibly talk about our achievements without mentioning the truly amazing accomplishments of our members. Several firsts came from our members last year, including the following:

Each one of these milestones is an essential building block, bringing us closer to 10G speeds, lower latencies, enhanced network reliability and better security. For more information about CableLabs’ 2021 achievements and progress toward 10G, please read the press release.

READ MORE

Convergence

Achieve Seamless Access with Converged Access Edge Controller (CAEC)

Arun Yerra
Principal Mobile Network Architect

Dec 9, 2021

Imagine a world in which end users no longer worry about which network they’re connected to because the most optimal connectivity for any given moment is automatically provided. This connectivity consists of one or more seamlessly combined network connections, intelligently customized by a multitude of factors, such as application requirements, user priority and network status. CableLabs believes convergence will be the driving force in making this world a reality and is working on solutions to enable it. Converged Access Edge Controller (CAEC) is one of those solutions.

How Does CAEC Work?

Achieve Seamless Access with Converged Access Edge Controller (CAEC)
 

CAEC facilitates the converged use of HFC, Wi-Fi and mobile access technologies to optimize the use of network assets to deliver a seamless user experience. The controller dynamically switches, steers, or splits subscribers' data traffic across the available access links based on subscribers' device capabilities, subscription profile and real-time telemetry data of each access link, such as utilization and link quality.

For example, CAEC can be programmed to optimize the transport cost without degrading the perceived user experience. Households closer to the mobile site could primarily be served via wireless access link; CAEC will transparently switch them to HFC access link in the event of temporary congestion on that site to avoid degradation in the user experience. Similarly, households farther away from the mobile site could primarily be served via the HFC network, and CAEC could split the traffic between HFC and wireless upon onset of congestion in the HFC infrastructure. In another use case, the CAEC algorithm can be optimized to provide an instantaneous bandwidth boost by combining the available accesses based on device and subscription policies.

CAEC’s Modular and Extensible Architecture

CAEC offers powerful, near real-time traffic bonding, steering, and splitting capabilities across multiple access technologies managed by a single operator (i.e. multiple system operator). CAEC sports a microservices-based architecture consisting of three main services; network telemetry, AI/ML inference and traffic control. CAEC’s modular design and open APIs allow it to easily interoperate and complement other network services. For example, CAEC can be implemented as part of standardized network services such as O-RAN Alliance’s RAN Intelligent Controller (RIC) and 3GPP’s Network Data Analytics Function (NWDAF).  The CAEC platform is extensible to run customized machine learning models to identify the patterns in network behavior that are often tough for operators to identify. The platform also provides operators the flexibility to develop and implement their own traffic control algorithms.

There are alternative solutions to provide converged access that aggregate mobile and Wi-Fi traffic on capable client devices. For example, 3GPPP has defined an access aggregation specification called Access Traffic Steering, Switching & Splitting (ATSSS). Additionally, several companies are offering cloud-based solutions similar to ATSSS. CAEC can complement these solutions by providing near real-time directions to steer, switch or split the traffic based on a combination of AI/MI models and network intelligence. Converged Access Edge Controller can also provide valuable insights for proactive network maintenance based on real-time statistics analysis and pattern identification within the network.

Learn More

If you need more information or have any further questions, please feel free to reach out to Arun Yerra – Principal Mobile Architect, CAEC Project Lead (a.yerra@cablelabs.com).

LEARN MORE

HFC Network

Band Splits 101: Splitting Our Way to 10G

CableLabs
CableLabs Admin

Dec 9, 2021

As consumers’ bandwidth needs continue to grow, cable operators are always thinking of ways to expand their network capacity to accommodate future increases in data traffic—especially upstream traffic. Band splits play an important role in that effort, taking advantage of the incredible resiliency of cable’s hybrid fiber-coaxial (HFC) network.

What Is a Band Split and How Does It Work?

To describe what band splits are, we need to first define bandwidth. The best way to think of bandwidth is as a stretchable pipe that allows radio frequency (RF) signals carrying data to travel through it. So, when we talk about expanding the bandwidth of a network, we’re looking for ways to stretch that pipe to higher frequencies to accommodate more data traffic. The term “bandwidth” is somewhat synonymous with “capacity,” and on cable networks bandwidth is measured in megahertz (MHz) and gigahertz (GHz)—1 GHz is 1,000 times greater than 1 MHz.

The following figure shows several options available for band splits on the cable broadband network, allowing various mixes of upstream and downstream bandwidth depending on the needs of consumers. Frequency Division Duplex (FDD) designates separate bands for upstream and downstream traffic.

Upstream Splits
Note that the bands in the figure aren’t to scale. The red in the middle is the diplex filter used to separate the upstream (US) and downstream (DS) channels.

The bandwidth “pipe” (split into two parts) has data traffic traveling in opposite directions: downstream from your provider’s hub to your modem and upstream from your modem back to the hub. This back-and-forth flow allows you to use interactive services like video chat, teleconferencing, telehealth and more.

Band splits determine how much bandwidth is dedicated to downstream and upstream channels. Downstream traffic is usually transmitted on a high-band frequency range, whereas the lower band is dedicated to upstream traffic. Two-way amplifiers are used to amplify signals in both directions. These amplifiers have something called diplex filters to separate downstream and upstream frequencies to prevent interference.

Usually, consumers use a much larger chunk of the bandwidth pipe for downstream traffic, but that’s starting to change. As people switch to working and studying from home, they’re using more interactive services like video chats, which require more upstream data. To accommodate this trend and future demand, network operators need to consider when to add more upstream bandwidth. For this reason, they may need to rethink the way their networks are split.

What Kind of Band Splits Are There?

Not all band splits are created equal: In North America, there are sub-splits, mid-splits and high-splits, and Europe has its own band split. This situation has to do with how the operator divides the available bandwidth pipe between downstream and upstream traffic.

Although sub-splits are still prevalent in North America today, mid-split and high-split bands require an upgrade. In a sub-split, a spectrum range of 5 MHz to 42 MHz is used for upstream traffic and 54 MHz to 1.2 GHz or 1.8 GHz is for downstream traffic. In a mid-split scenario, 5 MHz to 85 MHz is dedicated for upstream and above 108 MHz for downstream. And high-split extends the upstream range to 204 MHz while reserving 258 MHz and higher frequencies for downstream.

The European split uses an upstream spectrum range of 5 MHz to 65 MHz, and the downstream spectrum range is above 88 MHz. There’s also an ultra-high-split where the upstream goes to a 684 MHz upper-frequency limit that includes even more choices of band-splits, which some operators may consider in the future. However, for most networks in North America, Europe and Latin America, future bandwidth allocations will consist of mid-split and high-split bands, and even some ultra-high-splits.

How Has This Technology Evolved?

If we go back to the early pre-internet days, information on cable networks traveled one way, delivering analog TV signals to millions of homes over coaxial cable, with no data traveling back from the consumer to the hub. Eventually, as consumer needs evolved, so did the industry, and networks began to send signals both ways, to and from the consumer, opening doors to cable broadband Internet, video chatting and much, much more.

As we move toward the next phase of HFC evolution, we must remember that building the super-fast and reliable networks we have today required a lot of collaboration and about $290 billion dollars in infrastructure and network investments over the past 20 years. And that’s just in the United States! For most cable operators, a re-allocation to mid-split, high-split or a mix of the two will require switching out signal amplifiers and other legacy equipment—an investment that many are already making. Although there’s no one-size-fits-all approach, the consensus is to move to at least the mid-split in the near future, further expanding the incredible capacity of the HFC network.

How Will Higher Band Splits Affect You and Your Future?

Although as a consumer you’ll never have to worry about how your cable company’s bandwidth is split between downstream and upstream, we know you pay attention to network speed. The journey from today’s 1G to tomorrow’s 10G offerings will involve expanding the bandwidth pipe to allow for more capacity. More bandwidth will give us more flexibility to accommodate near-future technologies, including bandwidth-hungry virtual reality (VR) applications and more.

That’s where band splitting really makes a difference. Dedicating higher band splits to upstream traffic will future-proof our networks for years to come, allowing us to reach our goals and build the next-generation of technologies to help us live, work, learn and play in the coming decades.

SUBSCRIBE TO OUR BLOG

10G

The 10G Challenge: How Corning Leverages Technology to Improve How We Work

CableLabs
CableLabs Admin

Nov 30, 2021

CableLabs believes mutually beneficial relationships are crucial to the growth of any business. Whether growing a customer base or reaching a new market, strategic collaboration can deliver value to both parties. To raise awareness about the 10G network, we’ve joined forces with outstanding organizations like Corning to get innovators thinking about how to build technologies that will work on the network of the future with the 10G Challenge. The 10G Challenge is designed to invent a better future that impacts the ways in which we live, work, learn and play.

The “Work” Category, Powered by Corning

In collaboration with Corning, one of the world's leading innovators in materials science, the 10G Challenge’s Work category highlights how the 10G network will enable smart, intuitive technologies that will transform how we collaborate and solve problems in business environments, ultimately boosting creativity and productivity. From 3D remote meetings to immersive demos from countries away, next-generation technologies will make a significant impact on the way we do business.

As an organization, Corning’s growth is fueled by a commitment to innovation. Through sustained investment in research, development and engineering, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges, Corning has spent the last 150-plus years bringing life-changing innovation to the world.

In 1970, Corning invented the first low-loss optical fiber, ushering in a communications revolution. Thanks to Corning’s fiber optics, enormous amounts of data are able to move around the planet, and that movement of data has enabled a barrage of follow-on innovations, including the internet, cloud and mobile technologies, streaming TV, autonomous cars, bitcoin, AI — you name it.

In the five decades since inventing optical fiber to pave the way for the information highway, Corning has continued to introduce new methods, ideas and products aimed at transforming the way we connect with one another and the world around us. From liquid crystal display glass to fiber-to-the-home connectors to revolutionary pharmaceutical glass packaging to whatever comes next, Corning’s participation in the 10G Challenge enables the leading materials science innovator to evolve to meet changing market needs and visualize what the future of work could look like. Even better, by working with CableLabs on the 10G Challenge, Corning will help support individuals and organizations leveraging a new, powerful broadband network to solve real-world problems across work environments.

Encouraging innovators to envision how 10G can help us solve real-world problems, the 10G Challenge showcases the individuals and organizations developing the technologies, services and applications that will rely on the network of the future. By advancing life-changing technologies and supporting the innovators developing new solutions, CableLabs and Corning are excited for what lies ahead and look forward to motivating forward-thinkers to leverage 10G to create a better future for humanity.

LEARN MORE & SUBMIT YOUR IDEA

Convergence

Converged Service Management Layer (CSML) Completes the Operations Convergence Puzzle

Rahil Gandotra
Senior Software Architect

Nov 18, 2021

Traditionally, telecommunications networks operate in siloes running specialized physical hardware functions for each domain (radio, access, transport, core, and data center), and they’re managed by proprietary element management systems. Operators who have both wireline and wireless networks, for example, run the networks on separate infrastructures and manage them independently. For that reason, designing, deploying, and operating end-to-end services can involve lengthy and manual processes resulting in longer lead times (weeks to months) until effective service delivery.

But the networks of tomorrow are envisioned to operate multiple different physical and cloud- native functions over a single flexible, programmable convergence platform whose hardware, software and data storage resources are shared across multiple access technologies. And a key building block of convergence is operations convergence, implying a common operations framework for deploying, configuring, and managing network functions constituting a service.

Converged Service Management Layer

The Converged Service Management Layer (CSML) Project

When it comes to solving these challenges, technologies like software-defined networking (SDN) and network functions virtualization (NFV) have already addressed certain pieces of the puzzle. SDN separates the data plane (network traffic) from the control plane (signaling/routing traffic) to enable flexible, coordinated control, and NFV decouples network and service functions from the underlying hardware. In addition, cloud computing provides an efficient means to utilize the infrastructure and make all these goals achievable. But a converged service operator needs to have the ability to model end-to-end services and to abstract and automate the control of physical and virtual resources.

CableLabs’ CSML project —the final puzzle piece in the operations convergence puzzle—began in response to the rising need for a common automation platform for different network lifecycle processes. The CSML implementation consists of an open-source orchestration platform —Open Network Automation Platform (ONAP) —and additional utilities developed by CableLabs to onboard service use cases. The project activities are broadly divided into three categories:

  • Service design involves specifying end-to-end services composed of multiple network functions (NFs) called xNFs. The model-driven approach helps with extending and reusing software artifacts for various use cases.
  • Service deployment involves automated instantiation, modification and removal of network services over both physical and virtual infrastructures.
  • Service assurance involves a vendor-agnostic monitoring and analytics framework for closed-loop management.

The use cases that are currently being designed and developed aim to either improve existing operational processes or demonstrate advanced orchestration and automation capabilities through new service concepts. For example, by converging both service and the underlying network data, operators are able to better extract and exploit the correlations between the two. Advances in machine learning can be applied to this converged data source to drive service automation and assurance features such as proactive network maintenance (PNM), auto-healing, or service resiliency and optimization.

CSML’s Long-Term Goals

The broader goals of the CSML project are to drive the adoption of network automation, virtualization and operations convergence at scale. Also, as the transition to NFV is progressing, the project aims to demonstrate how physical network elements can be harmonized with virtual elements to preserve exiting network investments. The use cases demonstrated by the project will provide a blueprint for a flexible, agile service platform, powering both existing and new innovative services while reducing cost and operational complexities.

If you need more information or have any further questions, please feel free to reach out to Rahil Gandotra, Senior SW Architect and Converged Service Management Layer Project Lead (r.gandotra@cablelabs.com).

LEARN MORE

Security

How Cable Networks Secure Communications

CableLabs
CableLabs Admin

Nov 12, 2021

The email you sent, the website you visited, the internet searches you performed, the internet purchases you just made—they all require strong security to protect against eavesdropping, changes to your messages, and those who would make these services unavailable to you. These service examples demonstrate the foundational triad of security: confidentiality, integrity, and availability.

Securing the confidentiality, integrity, and availability of broadband traffic can be applied at different layers of networking technology. Some messaging applications encrypt traffic (for confidentiality) at the upper levels of the OSI network model (the application, presentation, and session layers), but broadband traffic transits below just those top network layers.

The cable industry’s security technology ensures that the confidentiality, integrity, and availability of cable broadband technology happens at the lowest levels of the networking stack by encrypting the internet packets from cable subscribers’ homes and businesses. This security is provided through the cable industry’s use of its own public key infrastructure (PKI), the same type of security used by banks and the U.S Department of Defense for their own protection.

The cable industry created and manages a PKI with strong security. The digital keys used in the cable PKI have a very long private key (1024 bits and 2048 bits long), that is unique to each cable modem and part of each cable modem’s digital certificate. Digital certificates securely identify the modem and are used to help encrypt the traffic going to and from that modem. You may think of a digital certificate as a driver’s license for a cable modem to get onto the internet through a cable operator’s broadband network. The information in a digital certificate provides an immutable and mathematically attestable identifier that is embedded during the modem’s manufacture. The cable PKI encryption technology protects each cable network user from having anyone eavesdrop on their internet traffic, change, corrupt their communications, or introduce malware into the cable modem. Cable operators and cable device manufacturers use the cable PKI to securely update and manage cable devices in homes and businesses.

The cable modem and customer premise equipment (CPE) that help homes connect securely to the internet requires the same kind of patches and updates that other devices require to drive efficient and secure operation within the configuration required by the network to which they attach. Security specifications support SNMPv3 and TR-069, which are internet standards that provide commercial-grade security with ease of administration, and which include methods for authentication, authorization, access control and privacy in the configuration of devices. In the case of cable equipment, the firmware for these devices can be updated through a special secure channel by the network operator; this channel is secured similar to how the cable modem establishes its link. Firmware is the collection of all the software, memory, and operations that, akin to the medulla oblongata in the human body which passes messages between the brain and spinal cord, manages traffic to and from the subscriber home, and keeps the modem functioning. The firmware image is digitally signed by both the cable modem manufacturer and the network operator, whose public keys are accepted and recognized by the cable modem; this, and a special secure boot process, help make it increasingly difficult for malicious actors to compromise the device or network.

In addition to the cable PKI security controls, cable networks provide mechanisms to protect the routing and switching of broadband traffic once it leaves the cable broadband subscriber’s home or business. For example, source address verification ensures that origination packets are coming from proper, non-spoofed addresses. Additionally, the cable industry’s DOCSIS® Security provides several methods of filtering traffic, including enabling access control lists and security filters both at the cable modem and at the cable operator’s cable modem termination system, which connects a cable modem connects to the internet.

The cable industry uses security mechanisms that are broad and robust. These security mechanisms are continuously reviewed and improved as technology changes and security threats to cable broadband subscribers change. You can find more details in these blog posts The Cable Security Experience and 10G Integrity: The DOCSIS® 4.0 Specification and Its New Authentication and Authorization Framework.

CableLabs continues to work with cable operators and cable device manufacturers to increase cable broadband security beyond providing the encryption technology. These BCP’s, developed based on input from cable operators and cable device manufacturers, provide recommended security practices for cable operators and cable manufacturers and are aimed at improving the cybersecurity posture of devices and the networks they connect to. The BCP document strongly aligns with other industry and governmental security recommendations, such as the M3AAWG CPE Best Practices and recent publications from NIST and ENISA. Through continuous strengthening of security tools and practices, the cable industry works to protect its subscribers against those who would seek to eavesdrop, corrupt, or disrupt cable broadband access

Reference Gateway Device Security Best Common Practices:

Documentation: Gateway Device Security Best Common Practices Version V01

Blog: Raising the Bar on Gateway Device Security

Convergence

Introducing Evolved Mobile Virtual Network Operator (MVNO) Architectures for Converged Wireless Deployments

Omkar Dharmadhikari
Wireless Architect

Nov 9, 2021

As smartphones and tablets continue to proliferate, seamless connectivity is becoming an integral part of a wireless operator’s service offering—as well as a competitive imperative. Recognizing the evolution of the mobile industry landscape, and driven by the introduction of 5G and the availability of new and innovative spectrum options, CableLabs and its members initiated a technical working group (Dec. 2020-Aug. 2021) to create an evolved architectural blueprint for mobile virtual network operators (MVNOs). The working group’s aim was to explore new converged architectures that will benefit our members’ wireless deployments while highlighting the benefits, impacts to existing deployments and features needed to be supported by both mobile network operator (MNO) and MVNO networks.

Background

Many traditional broadband services providers—also known as multiple system operators (MSOs)—might not own mobile infrastructure but have (or are in the process of negotiating) MVNO arrangements with MNOs. These kinds of arrangements allow them to bundle fixed and mobile broadband services into a single service package. Traditionally, most MSOs adopt a reseller-type “Wi-Fi first” MVNO, where the MVNO doesn’t own any mobile network infrastructure and resells the services leveraging MNO infrastructure.

Emergence of a New MVNO Model

Emergence of a New MVNO Model
 

The MVNO models vary based on the amount of mobile network infrastructure that the MVNO owns and the degree of control over the management of different aspects of MVNO subscriptions and their service offerings. One common aspect of all traditional MVNO models is leveraging the radio access network (RAN) of a partner MNO.

With the advent of 5G and the availability of shared spectrum, many MSOs are actively evaluating offload opportunities for enhancing MVNO economics and are contemplating deploying their own mobile radio infrastructure in specific geographic areas (in addition to their substantial Wi-Fi footprint).

Such MSOs now have to contend with three disparate sets of wireless infrastructures:

  • the MSO’s community Wi-Fi network,
  • the MNO’s 4G/5G network, and
  • the MSO’s own 4G/5G network.

This creates a new type of MVNO model called hybrid-MVNO (H-MVNO) that enables MVNOs to offload their subscribers’ traffic from the MNO network—not just to their Wi-Fi networks but also to the MVNO-owned mobile network when inside the coverage footprint of their wireless network(s).

Maximizing data offload via the H-MVNOs’ own wireless assets—thus ensuring a consistent user experience and enforcing uniform and personalized policies as users move in and out of coverage of these three networks—will require the deployment of new converged network architecture and related capabilities.

Dual-SIM Architectures Evaluated by the Technical Working Group

Leveraging dual-SIM devices (devices with the ability to simultaneously connect to two networks) to realize this network convergence is the one way for an H-MVNO to maximize the use of its own network. Dual-SIM device usage allows the H-MVNO to leverage the existing reseller-type MVNO arrangements and require minimum interaction between the H-MVNO and MNO core networks.

However, leveraging the reseller MVNO with dual-SIM capabilities doesn’t offer the H-MVNO any real-time insights into their subscribers’ data usage statistics and patterns. Also, H-MVNOs have no control over policy, subscriptions, mobility or user experience management when their subscribers are outside H-MVNO network coverage.

This formed the basis of evaluating the new evolved Dual-SIM Dual Standby (DSDS) architectures, which leverage standardized 3GPP interfaces to overcome some of the limitations of the traditional reseller MVNO and provide more control to H-MVNOs with regard to policy, subscription and user-experience management by anchoring all subscriber data traffic in a common anchor within the H-MVNO network.

Voice handling with dual-SIM devices can be simplified by leveraging the MNO SIM and network for carrying voice traffic at all times, while prioritizing H-MVNO network (when available) for data traffic.

Single-SIM Architectures Evaluated by the Technical Working Group

Unlike architectures with dual SIMs, single-SIM devices allow the H-MVNO network to enable seamless low-latency mobility for data applications across the MNO and H-MVNO networks. An ideal architecture for offering mobile services with single-SIM device usage is to combine the roaming architecture and a mobility interface, both of which are standardized in 3GPP.

However, due to the targeted nature of H-MVNO mobile deployments, the signaling load can increase on MNO mobility management core network elements, as the H-MVNO subscribers move in and out of H-MVNO network coverage.

To overcome this problem, we evaluated new MVNO architectures that make use of dedicated network elements within the MNO domain to serve H-MVNO subscriber traffic, thereby isolating it from the MNO subscriber traffic and eliminating the increase in signaling load on core network elements that serve MNO subscribers.

In addition, we evaluated voice handling in scenarios where H-MVNOs don’t want to deploy their own voice platforms. One option is to offer voice via a third-party voice service provider; another is to enable additional interfaces between the MNO and the H-MVNO network to leverage the MNO’s voice platform.

Go Deeper

If you have any further questions, please feel free to reach out to the MVNO Interconnect Technical WG Lead, Omkar Dharmadhikari (o.dharmadhikari@cablelabs.com).

For more information, please visit:

LEARN MORE

10G

CableLabs Launches 10G Challenge: Powering the Future of Broadband Innovation

Phil McKinney
President & CEO

Oct 21, 2021

What will our digital future look like? Presented by CableLabs on behalf of the cable industry, the 10G Challenge aims to answer that question, ultimately advancing innovative technologies and inventing a better future for everyone. CableLabs is committing more than $300,000 USD in prize money to six Challenge winners.

What is the 10G Challenge?

The objective of the 10G Challenge is to inspire people to envision a new, powerful broadband network as a tool to solve real-world problems. The challenge is designed to showcase the individuals and the organizations developing these technologies, services and applications that will rely on the network of the future.

Intended to support the development of those technologies, services and applications, the 10G Challenge is focused on encouraging innovation in four categories: live, work, learn and play. 10G not only provides faster symmetrical speeds but also lower latency, enhanced reliability and better security in a scalable manner. The 10G platform advances device and network performance to remain ahead of consumer demand, providing a broad range of immersive new digital experiences and other emerging technologies that will revolutionize the way we live, work, learn and play.

10G Challenge Industry Experts

The 10G Challenge will be judged, in part, by industry experts from Corning, Mayo Clinic and Zoom — four companies concentrating on leveraging technology to develop innovative new solutions in their industries.

Live (judged, in part, by Mayo Clinic): With health care being one of the largest and most significant industries in which technology can make a sizable impact, advanced technologies can help improve numerous aspects of our health and well-being. This video contains more information on what the future of health care could look like.

Work (judged by Corning): As we’ve learned over the past year-plus, smart, intuitive technologies are not only transforming how we collaborate and solve problems, but they are also boosting creativity and productivity at work. This video highlights what the future of work could look like.

Learn (judged by Zoom): From VR worlds to light field holodecks and omnipresent AI assistance, combining the right network speed with visionary thinking propels how we learn into the future. This video includes ideas detailing what the future of education could look like.

Play: Whether gaming, attending concerts, or watching our favorite movies and shows, technology will impact how we play and entertain ourselves in the near future. This video describes how the future of gaming and entertainment could look.

How To Get Involved

From forward-thinking individuals and entrepreneurial ventures to inventors, university students, or growing companies from the U.S. or Canada, the 10G Challenge encourages innovators building solutions that leverage the emerging 10G network to submit a short video demonstrating their technology or idea.

Five winning submissions will be chosen by business leaders: one winner in each category and a Grand Prize winner. The Grand Prize winner will receive $100,000 USD in the form of a cash prize to help advance their technology, while category winners will receive a non dilutive $50,000 USD cash prize. There is also a People's Choice winner who will receive a $10,000 USD cash prize.

At CableLabs, we are constantly building for the future and looking to support those who can help us revolutionize how the world lives, works, learns and plays.

LEARN MORE & SUBMIT YOUR IDEA

Security

Raising the Bar on Gateway Device Security

Brian Scriber
Vice President, Security Technologies

Darshak Thakore
Principal Architect

Mark Walker
Vice President, Technology Policy

Oct 7, 2021

Today, CableLabs® has publicly released a set of best common practices (BCP) to enhance the security of cable modems, integrated access points, and home routers (collectively, known as “gateway devices”) against malicious activity and other cyber threats. This work builds on and extends CableLabs’ and the cable industry’s longstanding leadership in cybersecurity to ensure a consistent and robust baseline for gateway device security, increased economies of scale, and an ontology for simplified communication and procurement between network operators and device manufacturers.

The BCP Working Group is comprised of security technologists from CableLabs, network operators from around the world, and gateway device manufactures, including representatives from CableOne, Charter, Cisco, Cogeco, Comcast, Commscope, Cox, Liberty Global, MaxLinear, MediaCom, Shaw and Technicolor. In developing the BCP, the Working Group drew heavily upon well-established and widely accepted security controls, recognized broadly by industry and government security experts.

The cable industry has long employed extensive network security practices to ensure the confidentiality, integrity and availability of broadband services, including gateway devices. The BCP expands and standardizes these network security practices for gateway devices and complements cable operators’ broader set of security practices. For instance, DOCSIS® Security testing is performed on all gateway devices to ensure DOCSIS protocol conformance, including the verification of the correct implementation of public key infrastructure (PKI) authentication and identity management, BPI+ encryption, and EAE (Early Authentication and Encryption) secure provisioning requirements.

The BCP document goes beyond DOCSIS Security requirements and provides a framework for the full range of security considerations applicable to gateway devices, including hardware and manufacturing considerations, default security settings, configuration procedures, secure boot, roots of trust, software/firmware development and verification, encryption requirements for both data in transit and data at rest, and physical security, among others. To further ensure the robustness of the BCP, the working group compared and mapped the BCP to NIST’s general guidance for connected devices used by the federal government, to help confirm the scope was fully comprehensive of applicable security considerations.

The BCP represents the industry coalescing around a common set of security baseline requirements that furthers the following critical goals:

  1. Provide a common framework for security elements and controls within gateway devices, including cable modems, integrated Wi-Fi access points, and home routers, to align the varied approaches to device security across the industry.
  2. Create a community of manufacturers and network operators collaborating to enhance gateway device security.
  3. Leverage well-established and well-vetted security controls and practices to minimize the risk of unknowingly introduced vulnerabilities or other security weaknesses.
  4. Harmonize security requirements across network operators to drive increased economies of scale, lowering the cost of broadband deployment.
  5. Further protect network resources and broadband service from malicious attacks.
  6. Provide a framework for network operator assurance that enables verification of testable practices and configurations.
  7. Enable alignment across standards, regulatory, and compliance regimes through a transparent and open set of best common practices.
  8. Establish a security framework for gateway devices that builds in flexibility and agility, so that manufacturers and network operators can address and adapt to new threats and changes in the cyber risk landscape.

While this initial release is an important achievement, one that strives to be comprehensive in terms of security posture for gateway devices, we all recognize that this field is constantly evolving and advancing. We see the BCP as a framework that must and will be updated and maintained as network technology, device security, and unfortunately, adversary techniques continue to evolve. To that end, we invite and welcome additional gateway and modem manufacturers as well as additional network operators to join the working group as we continue to progress this effort.

On October 13, 2021, at 3:00 pm ET, we invite you to join our virtual panel session at SCTE Cable-Tec Expo to discuss and further explore Gateway Device Security and our work to develop the BCP.

Register for SCTE Cable-Tec Expo GDS Panel Session