10G Integrity: The DOCSIS® 4.0 Specification and Its New Authentication and Authorization Framework
One of the pillars of the 10G platform is security. Simplicity, integrity, confidentiality and availability are all different aspects of Cable’s 10G security platform. In this work, we want to talk about the integrity (authentication) enhancements, that have been developing for the next generation of DOCSIS® networks, and how they update the security profiles of cable broadband services.
DOCSIS (Data Over Cable Service Interface Specifications) defines how networks and devices are created to provide broadband for the cable industry and its customers. Specifically, DOCSIS comprises a set of technical documents that are at the core of the cable broadband services. CableLabs manufacturers for the cable industry, and cable broadband operators continuously collaborate to improve their efficiency, reliability and security.
With regards to security, DOCSIS networks have pioneered the use of public key cryptography on a mass scale – the DOCSIS Public Key Infrastructure (PKIs) are among the largest PKIs in the world with half billion active certificates issued and actively used every day around the world.
Following, we introduce a brief history of DOCSIS security and look into the limitations of the current authorization framework and subsequently provide a description of the security properties introduced with the new version of the authorization (and authentication) framework which addresses current limitations.
A Journey Through DOCSIS Security
The DOCSIS protocol, which is used in cable’s network to provide connectivity and services to users, has undergone a series of security-related updates in its latest version DOCSIS 4.0, to help meet the 10G platform requirements.
In the first DOCSIS 1.0 specification, the radio frequency (RF) interface included three security specifications: Security System, Removable Security Module and Baseline Privacy Interface. Combined, the Security System plus the Removable Security Module Specification became Full Security (FS).
Soon after the adoption of public key cryptography that occurred in the authorization process, the cable industry realized that a secure way to authenticate devices was needed; a DOCSIS PKI was established for DOCSIS 1.1-3.0 devices to provide cable modems with verifiable identities.
With the DOCSIS 3.0 specification, the major security feature was the ability to perform the authentication and encryption earlier in the device registration process, thus providing protection for important configuration and setup data (e.g., the configuration file for the CM or the DHCP traffic) that was otherwise not protected. The new feature was called Early Authorization and Encryption (EAE), it allows to start Baseline Privacy Interface Plus (BPI) even before the device is provisioned with IP connectivity.
The DOCSIS 3.1 specifications created a new Public Key Infrastructure *(PKI) to handle the authentication needs for the new class of devices. This new PKI introduced several improvements over the original PKI when it comes to cryptography – a newer set of algorithms and increased key sizes were the major changes over the legacy PKI. The same new PKI that is used today to secure DOCSIS 3.1 devices will also provide the certificates for the newer DOCSIS 4.0 ones.
The DOCSIS 4.0 version of the specification introduces, among the numerous innovations, an improved authentication framework (BPI Plus V2) that addresses the current limitations of BPI Plus and implements new security properties such as full algorithm agility, Perfect Forward Secrecy (PFS), Mutual Message Authentication (MMA or MA) and Downgrade Attacks Protection.
Baseline Privacy Plus V1 and Its Limitations
In DOCSIS 1.0-3.1 specifications, when Baseline Privacy Plus (BPI+ V1) is enabled, the CMTS directly authorizes a CM by providing it with an Authorization Key, which is then used to derive all the authorization and encryption key material. These secrets are then used to secure the communication between the CM and the CMTS. In this security model, the CMTS is assumed trusted and its identity is not validated.
The design of BPI+ V1 dates back more than just few years and in this period of time, the security and cryptography landscapes have drastically changed; especially in regards to cryptography. At the time when BPI+ was designed, the crypto community was set on the use of the RSA public key algorithm, while today, the use of elliptic-curve cryptography and ECDSA signing algorithm is predominant because of its efficiency, especially when RSA 3072 or larger keys are required.
A missing feature in BPI+ is the lack of authentication for the authorization messages. In particular, CMs and CMTS-es are not required to authenticate (i.e., sign) their own messages, making them vulnerable to unauthorized manipulation.
In recent years, there has been a lot of discussion around authentication and how to make sure that compromises of long-term credentials (e.g., the private key associated with an X.509 certificate) do not provide access to all the sessions from that user in the clear (i.e., enables the decryption of all recorded sessions by breaking a single key) – because BPI+ V1 directly encrypts the Authorization Key by using the RSA public key that is in the CM’s device certificate, it does not support Perfect Forward Secrecy.
To address these issues, the cable industry worked on a new version of its authorization protocol, namely BPI Plus Version 2. With this update, a protection mechanism was required to prevent downgrade attacks, where attackers to force the use of the older, and possibly weaker, version of the protocol. In order to address this possible issue, the DOCSIS community decided that a specific protection mechanism was needed and introduced the Trust On First Use (TOFU) mechanism to address it.
The New Baseline Privacy Plus V2
The DOCSIS 4.0 specification introduces a new version of the authentication framework, namely Baseline Privacy Plus Version 2, that addresses the limitations of BPI+ V1 by providing support for the identified new security needs. Following is a summary of the new security properties provided by BPI+ V2 and how they address the current limitations:
- Message Authentication. BPI+ V2 Authorization messages are fully authenticated. For CMs this means that they need to digitally sign the Authorization Requests messages, thus eliminating the possibility for an attacker to substitute the CM certificate with another one. For CMTS-es, BPI+ V2 requires them to authenticate their own Authorization Reply messages this change adds an explicit authentication step to the current authorization mechanism. While recognizing the need for deploying mutual message authentication, DOCSIS 4.0 specification allows for a transitioning period where devices are still allowed to use BPI+ V1. The main reason for this choice is related to the new requirements imposed on DOCSIS networks that are now required to procure and renew their DOCSIS credentials when enabling BPI+ V2 (Mutual Authentication).
- Perfect Forward Secrecy. Differently from BPI+ V1, the new authentication framework requires both parties to participate in the derivation of the Authorization Key from authenticated public parameters. In particular, the introduction of Message Authentication on both sides of the communication (i.e., the CM and the CMTS) enables BPI+ V2 to use the Elliptic-Curves Diffie-Hellman Ephemeral (ECDHE) algorithm instead of the CMTS directly generating and encrypting the key for the different CMs.Because of the authentication on the Authorization messages, the use of ECDHE is safe against MITM attacks.
- Algorithm Agility. As the advancement in classical and quantum computing provides users with incredible computational power at their fingertips, it also provides the same ever-increasing capabilities to malicious users. BPI+ V2 removes the protocol dependencies on specific public-key algorithms that are present in BPI+ V1. , By introducing the use of the standard CMS format for message authentication (i.e., signatures) combined with the use of ECDHE, DOCSIS 4.0 security protocol effectively decouples the public key algorithm used in the X.509 certificates from the key exchange algorithm. This enables the use of new public key algorithms when needed for security or operational needs.
- Downgrade Attacks Protection. A new Trust On First Use (TOFU) mechanism is introduced to provide protection against downgrade attacks – although the principles behind TOFU mechanisms are not new, its use to protect against downgrade attacks is. It leverages the security parameters used during a first successful authorization as a baseline for future ones, unless indicated otherwise. By establishing the minimum required version of the authentication protocol, DOCSIS 4.0 cable modems actively prevent unauthorized use of a weaker version of the DOCSIS authentication framework (BPI+). During the transitioning period for the adoption of the new version of the protocol, cable operators can allow “planned” downgrades – for example, when a node split occurs or when a faulty equipment is replaced and BPI+ V2 is not enabled there. In other words, a successfully validated CMTS can set, on the CM, the allowed minimum version (and other CM-CMTS binding parameters) to be used for subsequent authentications.
In this work we provided a short history of DOCSIS security and reviewed the limitations of the current authorization framework. As CMTS functionality moves into the untrusted domain, these limitations could potentially be translated into security threats, especially in new distributed architectures like Remote PHY. Although in their final stage of approval, the proposed changes to the DOCSIS 4.0 are currently being addressed in the Security Working Group.
Member organizations and DOCSIS equipment vendors are always encouraged to participate in our DOCSIS working groups – if you qualify, please contact us and participate in our weekly DOCSIS 4.0 security meeting where these, and other security-related topics, are addressed.
On the Path to 10G: CableLabs Publishes DOCSIS® 4.0 Specification
Today we are pleased to announce the release of the DOCSIS 4.0 specification, which incorporates both full duplex and extended spectrum capabilities. A part of the suite of technologies that support the 10G platform, DOCSIS 4.0 technology achieves a downstream speed of up to 10 Gbps (doubling the maximum download speed available with the implemented DOCSIS 3.1 technology) and an upstream speed of up to 6 Gbps - quadrupling what DOCSIS 3.1 technology could do. These speed increases build on the ample capacity deployed by cable operators today–with gigabit services nearly saturating the US cable footprint–and will enable cable broadband to deliver symmetric multigigabit services, with significantly enhanced upstream capabilities. As cable operators respond to the evolving connectivity needs of customers in our current public health crisis, remote work, learning, and health services stand to benefit from upstream broadband enhancements as DOCSIS 4.0 technology is deployed.
Specification development started in August 2016. The full duplex capabilities were described in an October 2017 blog post, and now the extended spectrum capabilities have been completed as described in a September 2019 blog post.
With these speed increases, we intend to change the consumer broadband industry by ushering in a new era of application development. Although speed numbers are important, broadband is about so much more than speed: it’s about changing the way we collaborate to make the world a better place. We have more devices, and our experiences increasingly rely on connectivity. Streaming video continues to explode. We’re video-chatting instead of making calls, we’re playing music off the web instead of our own media, and we’re playing games with people around the world. As technology continues to advance, we don’t know what the next trend will be, but we do know that the Internet will be central to whatever it is.
DOCSIS 4.0 Technology Increases Upstream Speed
A key piece of this story is the DOCSIS 4.0 multigigabit upstream capability, which greatly increases how fast information can be uploaded from your computer. Traditionally, businesses have required faster upload speeds to move large files around or to perform in-house web hosting. Now consumers are expecting more upstream speed as they work and learn from home. In addition, upstream speed is important to do things such as the following:
- Hard drive backups
- Uploading videos and pictures
- Cloud applications
- Video conferencing
- Smart homes and IoT devices
- Home security cameras
- Distance learning and visual classrooms
These applications are just the beginning. The higher speeds available with DOCSIS 4.0 technology will serve as a catalyst for the next wave of innovations.
The 10G Platform
The DOCSIS 4.0 specification takes to heart the four pillars of the 10G platform initiative. Below are quick descriptions of these pillars, and links to more information.
- Speed is addressed in this blog post. Multigigabit symmetric speeds raise the bar for consumer broadband.
- Lower latency was incorporated into the DOCSIS 3.1 specification and has been brought forward into the DOCSIS 4.0 specification. Lower latency will provide a better experience for consumers on applications such as online gaming and multimedia.
- Increased security comes with every new DOCSIS release. Our security experts are constantly monitoring network threats to the network and taking measures to increase the confidentiality, integrity and availability of communications.
- Higher reliability must be planned into the network and DOCSIS technology takes this to a new level by including methods to proactively identify and address network issues before consumers are even aware of them.
CableLabs continually makes advances in these areas and others, bringing state-of-the-art breakthroughs to cable broadband.
Mapping Out the Next Steps for DOCSIS Technology
Delivery of the specification is the first step of a three-part DOCSIS lifecycle. The second step includes interoperability events and the final step is certification, which will be discussed in future blog posts. These three steps—specification, interoperability and certification—have been part of the DOCSIS process for over 20 years and constitute a time-proven method to deliver high-speed, low-cost, interoperable cable modems to consumers.
Full Duplex DOCSIS® Technology Gets MAC Layer Support
Full Duplex (FDX) DOCSIS® (now a part of DOCSIS 4.0 technology) is an update to DOCSIS 3.1 specifications that builds on the core Orthogonal Frequency Division Multiplexing (OFDM) technology. This additional set of features significantly increases upstream capacity and allows for the same spectrum to be used as downstream or upstream.
The set of MAC Layer technology changes to support FDX DOCSIS has now been incorporated into the next version of the DOCSIS 3.1 MULPI specification. This supports the PHY layer FDX functionality introduced last October. The new FDX DOCSIS capability and functions are introduced as changes across the MULPI (MAC and Upper Layer Protocols Interface) specification and is now an official part of the specification. This important milestone is the result of a great deal of work by CableLabs members, vendors and employees during the past year, and we take this opportunity to acknowledge their valuable contribution to the cable industry.
New MAC Layer Functionality Introduced
The MAC layer functionality introduced supports the new FDX DOCSIS operation on the hybrid-fiber-coax (HFC) link. It is focused on MAC management messaging and operation needed to enable FDX DOCSIS between the CMTS (Cable Modem Termination System) and CM (Cable Modem). This includes FDX DOCSIS channel acquisition/initialization process by a CM, and new processes such as Sounding, Echo Cancellation training, and Resource block assignment.
How it Works – Cable Modem to CMTS Communication
An FDX DOCSIS CMTS will simultaneously receive and transmit in the same FDX DOCSIS spectrum, while FDX DOCSIS (now a part of DOCSIS 4.0 technology) CMs can either receive or transmit in the same FDX DOCSIS spectrum. Thus, communication is full duplex from the perspective of the CMTS but frequency division duplex from the perspective of the CM.
The FDX DOCSIS band is divided into sub-bands and the CMTS assigns which sub-band(s) each CM uses for upstream or downstream operation. This is referred to as a resource block assignment (RBA). Different CMs will have different bandwidth demand for both the upstream and downstream directions which can change over time, and FDX DOCSIS allows for the RBA to be changed dynamically.
A sounding method is used to identify groups of CMs, called Interference Groups (IGs), that would interfere with each other if they were allowed to transmit and receive at the same time in a sub-band. IGs are grouped together into a small number of Transmission Groups (TGs), CMs in the same TG either transmit or receive on any given sub-band and time, as signaled by the CMTS in the RBA. CMs from different TGs have enough isolation to transmit and receive at the same time in the same sub-band.
FDX DOCSIS uses a combination of interference cancellation and intelligent scheduling at the CMTS. On the CM, in order to prevent upstream transmissions from interfering with adjacent downstream channels in the FDX band, echo cancellation techniques are used.
What’s Next for the Full Duplex DOCSIS Technology?
As the FDX DOCSIS specifications mature, we will start to see products with full-duplex capabilities over the next year as silicon designs become available and are incorporated into product designs. In an effort to increase the pace of product development, CableLabs has announced a series of FDX DOCSIS Interoperability events , starting in February. These will start from basic node level echo cancellation and gradually progress into full-blown product interoperability.
The collaborative model at CableLabs for developing common cable industry specifications minimizes interoperability issues and gets the best in class features into the specifications. This accelerates time to market for a product, with the operator getting to deployment faster, and ultimately the consumer gets to reap the benefits of the latest technology.
In the meantime, the big wheels of CableLabs specification work continue to turn:
- We are developing the OSS (Operations Support Systems) changes needed to support FDX DOCSIS.
- We have initiated work for the changes needed to support FDX DOCSIS within the Remote PHY realm. (FDX, now a part of DOCSIS 4.0 technology, assumes a distributed architecture and a plant which supports a node plus zero actives due to the CMTS node echo cancellation functionality)
- As suppliers build the FDX DOCSIS products, the feedback loop into the FDX (now a part of DOCSIS 4.0 technology) specifications remains open and the PHY & MAC specifications continue to be refined.
Full Duplex DOCSIS significantly increases upstream capacity on the HFC network, allows flexible splits of upstream and downstream capacity, and enables cable operators to deploy multi-gigabit symmetrical services. With all the innovations being developed by the industry, it is a great time to be a consumer of high-speed data services over cable.
Karthik Sundaresan is a Principal Architect at CableLabs responsible for the development and architecture of cable access network technologies. He is primarily involved in the DOCSIS family of technologies and their continued evolution.
Subscribe to our blog to stay current on Full Duplex DOCSIS technology (now a part of DOCSIS 4.0 technology).
CableLabs Publishes Full Duplex DOCSIS® Specification
Recently, in a significant step for the cable industry, we announced the successful completion of the Full Duplex DOCSIS® 3.1 specification (now a part of DOCSIS 4.0 technology). Today, we are pleased to announce the release of the DOCSIS® v3.1 Physical Layer Specification, which incorporates the addition of Full Duplex in Annex F per PHYv3.1-N-17.1771-6. The specification is designed to enable cost-effective solutions for cable operators for faster broadband speeds and brings peak upstream of up to 6 Gbps and downstream up to 10 Gbps.
Current DOCSIS networks are well suited to meet today's customer’s demands and needs. Full Duplex DOCSIS networks (now a part of DOCSIS 4.0 technology) enable operators to significantly increase the network’s upstream capacity and be ready for future applications, such as the increasing use of IoT devices, telemedicine, video chats, and virtual reality. Watch the video below to see how Full Duplex DOCSIS technology (now a part of DOCSIS 4.0 technology) solves this problem by enabling simultaneous upstream and downstream transmissions in the same spectrum over existing hybrid fiber/coax (HFC) networks, significantly increasing upstream capacity.