TS 101 909-11 : 1.2.1
Current
The latest, up-to-date edition.
ACCESS AND TERMINALS (AT); DIGITAL BROADBAND CABLE ACCESS TO THE PUBLIC TELECOMMUNICATIONS NETWORK; IP MULTIMEDIA TIME CRITICAL SERVICES; PART 11: SECURITY
Hardcopy , PDF
English
Intellectual Property Rights
Foreword
Introduction
1 Scope
1.1 Goals
1.2 Assumptions
2 References
3 Definitions and abbreviations
3.1 Definitions
3.2 Abbreviations
4 Conventions
5 Architectural overview of IPCablecom security
5.1 IPCablecom reference architecture
5.1.1 HFC network
5.1.2 Call Management Server
5.1.3 Functional categories
5.1.3.1 Device and service provisioning
5.1.3.2 Dynamic Quality of Service
5.1.3.3 Interdomain Quality of Service
5.1.3.4 Billing system interfaces
5.1.3.5 Call Signalling
5.1.3.6 PSTN Interconnection
5.1.3.7 CODEC Functionality and Media Stream Mapping
5.1.3.8 Audio Server services
5.1.3.9 Lawful Intercept
5.2 Threats
5.2.1 Theft of network services
5.2.1.1 Cloning of MTAs
5.2.1.2 Cloning of other network elements
5.2.1.3 Subscription fraud
5.2.1.4 Non-payment for voice communications services
5.2.1.5 Protocol attacks against an MTA
5.2.1.6 Protocol attacks against other network elements
5.2.1.7 Theft of services provided by the MTA
5.2.1.8 MTA moved to another network
5.2.2 Bearer channel information threats
5.2.2.1 Attacks
5.2.2.2 Off-line cryptoanalysis
5.2.3 Signalling channel information threats
5.2.3.1 Attacks
5.2.4 Service disruption threat
5.2.4.1 Attacks
5.2.5 Repudiation
5.2.6 Threat summary
5.2.6.1 Primary threats
5.2.6.2 Secondary threats
5.3 Security architecture
5.3.1 Overview of security interfaces
5.3.2 Security assumptions
5.3.2.1 AN downstream messages are trusted
5.3.2.2 Non-repudiation not supported
5.3.2.3 Root private key compromise protection
5.3.2.4 Limited prevention of denial-of-service attacks
5.3.3 Susceptibility of network elements to attack
5.3.3.1 Managed IP network
5.3.3.2 MTA
5.3.3.3 AN
5.3.3.4 Voice communications network servers are
untrusted network elements
5.3.3.5 PSTN gateways
6 Security mechanisms
6.1 IPSec
6.1.1 Overview
6.1.2 IPCablecom profile for IPSec ESP (transport mode)
6.1.2.1 IPSec ESP transform identifiers
6.1.2.2 IPSec ESP authentication algorithms
6.1.2.3 Replay protection
6.1.2.4 Key management requirements
6.2 Internet Key Exchange
6.2.1 Overview
6.2.2 IPCablecom profile for IKE
6.2.2.1 First IKE phase
6.2.2.2 Second IKE phase
6.2.2.3 Encryption algorithms for IKE exchanges
6.2.2.4 Diffie-Hellman groups
6.3 SNMPv3
6.3.1 SNMPv3 transform identifiers
6.3.2 SNMPv3 authentication algorithms
6.4 Kerberos/PKINIT
6.4.1 Definitions
6.4.2 Overview
6.4.3 PKINIT exchange
6.4.3.1 PKINIT profile for IPCablecom
6.4.3.2 Profile for the Kerberos AS request/AS
reply messages
6.4.3.3 Profile for Kerberos tickets
6.4.4 Symmetric Key AS Request/AS reply exchange
6.4.4.1 Profile for the Symmetric Key AS Request/AS
Reply exchanges
6.4.5 Kerberos TGS request/TGS reply exchange
6.4.5.1 TGS request profile
6.4.5.2 TGS reply profile
6.4.5.3 Error reply
6.4.6 Kerberos server locations and naming conventions
6.4.6.1 Kerberos realms
6.4.6.2 KDC
6.4.6.3 CMS
6.4.6.4 Provisioning server
6.4.7 MTA principal names
6.4.8 Mapping of MTA MAC address to MTA FQDN
6.4.8.1 MTA FQDN request
6.4.8.2 MTA FQDN reply
6.4.8.3 MTA FQDN error
6.4.8.4 Pre-authenticator for provisioning server
location
6.4.9 Server key management time out procedure
6.4.10 Service key versioning
6.4.11 Kerberos cross-realm operation
6.4.11.1 IPCablecom profile for cross-realm operation
6.4.11.2 Referrals
6.4.11.3 Determining the location of a remote KDC
6.5 Kerberized key management
6.5.1 Definitions
6.5.2 Overview
6.5.3 Kerberized key management messages
6.5.4 Rekey messages
6.5.5 IPCablecom profile for KRB_AP_REQ/KRB_AP_REP messages
6.5.5.1 Error reply
6.5.5.2 Clock skew error
6.5.6 Kerberized IPSec
6.5.6.1 Derivation of IPSec keys
6.5.6.2 Periodic re-establishment of IPSec security
associations
6.5.6.3 Expiration of IPSec SAs
6.5.6.4 Initial establishment of IPSec SAs
6.5.6.5 On-demand establishment of IPSec SAs
6.5.6.6 IPSec-specific errors returned in KRB-ERROR
6.5.7 Kerberized SNMPv3
6.5.7.1 Derivation of SNMPv3 keys
6.5.7.2 Periodic re-establishment of SNMPv3 keys
6.5.7.3 Expiration of SNMPv3 keys
6.5.7.4 Initial establishment of SNMPv3 keys
6.5.7.5 Error recovery
6.5.7.6 SNMPv3-Specific Errors Returned in KRB-ERROR
6.6 End-to-End Security for RTP
6.7 End-to-End security for RTCP
6.8 Additional requirements for cable modems
6.8.1 Additional requirements for cable modems based on
ITU-T Recommendation J.112 annex A
6.8.1.1 Requirements
6.8.1.2 Security mechanisms provided
6.8.1.3 Packet data encryption
6.8.1.4 Key management
6.8.2 Additional requirements for cable modems based on
ITU-T Recommendation J.112 annex B
6.9 Radius
7 Security profile
7.1 Device and service provisioning
7.1.1 Device provisioning
7.1.1.1 Security services
7.1.1.2 Cryptographic mechanisms
7.1.1.3 Key management
7.1.1.4 MTA embedded keys
7.1.1.5 Summary security profile matrix - Device
provisioning
7.1.2 Subscriber enrollment
7.2 Quality of Service (QoS) Signalling
7.2.1 Dynamic Quality of Service (DQoS)
7.2.1.1 Reference architecture for embedded MTAs
7.2.1.2 Security services
7.2.1.3 Cryptographic mechanisms
7.2.1.4 Key management
7.2.2 Interdomain QoS
7.2.2.1 Architecture overview
7.2.2.2 Differentiated Services (DiffServ)
7.2.2.3 Resource reSerVation Protocol (RSVP)
7.3 Billing system interfaces
7.3.1 Security services
7.3.1.1 CMS-RKS interface
7.3.1.2 AN-RKS interface
7.3.1.3 MGC - RKS inter
7.3.2 Cryptographic mechanisms
7.3.2.1 RADIUS server chaining
7.3.3 Key-management
7.3.3.1 CMS - RKS interface
7.3.3.2 AN - RKS interface
7.3.3.3 MGC - RKS interface
7.3.4 Billing system summary security profile matrix
7.4 Call signalling
7.4.1 Network Call Signalling (NCS)
7.4.1.1 Reference Architecture
7.4.1.2 Security services
7.4.1.3 Cryptographic mechanisms
7.4.1.4 Key-management
7.5 PSTN gateway interface
7.5.1 Reference architecture
7.5.1.1 Media Gateway Controller
7.5.1.2 Media Gateway
7.5.1.3 Signalling Gateway
7.5.2 Security services
7.5.2.1 MGC - MG Interface
7.5.2.2 MGC - SG Interface
7.5.2.3 CMS - SG Interface
7.5.3 Cryptographic mechanisms
7.5.3.1 MGC - MG Interface
7.5.3.2 MGC - SG Interface
7.5.3.3 CMS - SG Interface
7.5.4 Key-management
7.5.4.1 MGC - MG interface
7.5.4.2 MGC - SG interface
7.5.4.3 CMS - SG interface
7.5.5 MGC-MG-CMS-SG summary security profile matrix
7.6 Media stream
7.6.1 Security services
7.6.1.1 RTP
7.6.1.2 RTCP
7.6.2 Cryptographic mechanisms
7.6.2.1 RTP packet format
7.6.2.2 RTCP messages
7.6.2.3 Key-management
7.6.2.4 RTP-RTCP summary security profile matrix
7.7 Audio server services
7.7.1 Reference architecture
7.7.2 Security services
7.7.2.1 MTA-CMS NCS signalling (Ann-1)
7.7.2.2 MPC-MP signalling (Ann-2)
7.7.2.3 MTA-MP (Ann-4)
7.7.3 Cryptographic mechanisms
7.7.3.1 MTA-CMS NCS signalling (Ann-1)
7.7.3.2 MPC-MP signalling (Ann-2)
7.7.3.3 MTA-MP (Ann-4)
7.7.4 Key-management
7.7.4.1 MTA-CMS NCS Signalling (Ann-1)
7.7.4.2 MPC-MP signalling (Ann-2)
7.7.4.3 MTA-MP (Ann-4)
7.7.5 MPC-MP summary security profile matrix
7.8 Third party interfaces
7.8.1 Reference architecture
7.8.2 Security services
7.8.2.1 Event interfaces CMS-DF, AN-DF and DF-DF
7.8.2.2 Call content interfaces AN-DF and DF-DF
7.8.3 Cryptographic mechanisms
7.8.3.1 Interface between CMS and DF
7.8.3.2 Interface between AN and DF for event messages
7.8.3.3 Interface between DF and DF for event messages
7.8.4 Key-management
7.8.4.1 Interface between CMS and DF
7.8.4.2 Interface between AN and DF
7.8.4.3 Interface between DF and DF
8 IPCablecom certificates
8.1 Generic structure
8.1.1 Version
8.1.2 Public key type
8.1.3 Extensions
8.1.3.1 subjectKeyIdentifier
8.1.3.2 authorityKeyIdentifier
8.1.3.3 KeyUsage
8.1.3.4 BasicConstraints
8.1.4 Signature algorithm
8.1.5 SubjectName and IssuerName
8.2 Certificate trust hierarchy
8.2.1 Certificate validation
8.2.2 MTA device certificate hierarchy
8.2.2.1 MTA root certificate
8.2.2.2 MTA manufacturer certificate
8.2.2.3 MTA device certificate
8.2.2.4 MTA Manufacturer code verification
certificate
8.2.3 IPCablecom telephony certificate hierarchy
8.2.3.1 IP Telephony root certificate
8.2.3.2 Telephony service provider certificate
8.2.3.3 Local system certificate
8.2.4 Operational ancillary certificates
8.2.4.1 Key Distribution Center certificate
8.2.4.2 Distribution Function (DF)
8.2.4.3 Operator Code Verification Certificate
8.2.5 Certificate revocation
9 Cryptographic algorithms
9.1 AES
9.2 DES
9.2.1 XDESX
9.2.2 DES-CBC-PAD
9.2.3 3DES-EDE
9.3 Block termination
9.4 RC4
9.5 RSA signature
9.6 HMAC-SHA1
9.7 Key derivation
9.8 The MMH-MAC
9.8.1 The MMH function
9.8.1.1 MMH[16,s,1]
9.8.1.2 MMH[16,s,2]
9.8.2 The MMH-MAC
9.8.2.1 MMH-MAC when using RC-4
9.8.2.2 MMH-MAC when using a block cipher
9.8.2.3 Odd payload sizes
9.9 Random number generation
10 Physical security
10.1 Protection for MTA key storage
10.2 MTA key Encapsulation
11 Secure Software upgrade
Annex A (normative): Security events
Annex B (normative): Kerberos network authentication service
Annex C (normative): PKINIT specification
Annex D (normative): PKCROSS specification
Annex E (normative): DNS locate specification
Annex F (informative): IPCablecom Admin guidelines & best practices
F.1 Routine CMS service key refresh
Annex G (informative): Example of MMH algorithm implementation
Annex H (informative): Kerb error messages
Annex I (informative): Bibliography
History
Important note : All end users must be registered with an Account prior to user licenses being assigned.Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.