ETSI ES 202 488-3-2003 Access and Terminals (AT) Second Generation Transmission Systems for Interactive Cable Television Services - IP Cable Modems Part 3 Baseline privacy plus int.pdf

1、 ETSI ES 202 488-3 V1.1.1 (2003-09)ETSI Standard Access and Terminals (AT);Second Generation Transmission Systems for InteractiveCable Television Services - IP Cable Modems;Part 3: Baseline privacy plus interface specificationETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 2 Reference DES/AT-020043-03 Keywo

2、rds access, broadband, cable, data, IP, IPcable, modem ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important

3、 notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Por

4、table Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Informati

5、on on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyr

6、ight and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently b

7、eing registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 3 Contents Intellectual Property Rights8 Foreword.8 1 Scope 9 1.1 Requierements9 2 Referen

8、ces 10 3 Abbreviations .11 4 Purpose.12 4.1 Void12 4.2 Background 12 4.2.1 Service goals.12 4.2.2 Statement of compatibility13 5 Baseline privacy plus overview13 5.1 Architectural overview.13 5.1.1 Packet Data Encryption 13 5.1.2 Key management protocol 14 5.1.3 BPI+ security associations 14 5.1.4 Q

9、oS SIDs and BPI+ SAIDs 15 5.2 Operational overview .15 5.2.1 Cable Modem initialization 15 5.2.2 Cable Modem key update mechanism 16 6 Data Over Cable System MAC frame formats.17 6.1 Variable-length packet data PDU MAC frame format .17 6.2 Fragmentation MAC Frame Format.19 6.3 Requirements on usage

10、of BP extended header element in MAC header 21 7 Baseline Privacy Key Management (BPKM) protocol 21 7.1 State models .21 7.1.1 Introduction.21 7.1.1.1 Preliminary comment on dynamic security associations and dynamic SA mapping 24 7.1.1.2 Security capabilities selection .24 7.1.2 Authorization state

11、machine .25 7.1.2.1 States .27 7.1.2.1.1 Start .27 7.1.2.1.2 Authorize Wait (Auth Wait) 27 7.1.2.1.3 Authorized.27 7.1.2.1.4 Reauthorize Wait (Reauth Wait) .27 7.1.2.1.5 Authorize Reject Wait (Auth Reject Wait)27 7.1.2.1.6 Silent27 7.1.2.2 Messages .27 7.1.2.2.1 Authorization Request (Auth Request)2

12、7 7.1.2.2.2 Authorization Reply (Auth Reply) 27 7.1.2.2.3 Authorization Reject (Auth Reject).27 7.1.2.2.4 Authorization Invalid (Auth Invalid).28 7.1.2.2.5 Authentication Information (Authent Info) .28 7.1.2.3 Events28 7.1.2.3.1 Provisioned28 7.1.2.3.2 Timeout .28 7.1.2.3.3 Authorization Grace Timeo

13、ut (Auth Grace Timeout) .28 7.1.2.3.4 Reauthorize (Reauth).28 7.1.2.3.5 Authorization Invalid (Auth Invalid).28 7.1.2.3.6 Permanent Authorization Reject (Perm Auth Reject)29 7.1.2.3.7 Authorization Reject (Auth Reject).29 7.1.2.3.8 TEK Stop 29 ETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 4 7.1.2.3.9 TEK

14、Authorized29 7.1.2.3.10 TEK Authorization Pending (Auth Pend).29 7.1.2.3.11 TEK Authorization Complete (Auth Comp).29 7.1.2.4 Parameters.29 7.1.2.4.1 Authorize Wait Timeout (Auth Wait Timeout) .29 7.1.2.4.2 Reauthorize Wait Timeout (Reauth Wait Timeout).29 7.1.2.4.3 Authorization Grace Time (Auth Gr

15、ace Timeout).30 7.1.2.4.4 Authorize Reject Wait Timeout (Auth Reject Wait Timeout).30 7.1.2.5 Actions 30 7.1.3 TEK state machine32 7.1.3.1 States .33 7.1.3.1.1 Start .33 7.1.3.1.2 Operational Wait (Op Wait) 33 7.1.3.1.3 Operational Reauthorize Wait (Op Reauth Wait)33 7.1.3.1.4 Operational 33 7.1.3.1

16、.5 Rekey Wait 33 7.1.3.1.6 Rekey Reauthorize Wait (Rekey Reauth Wait) .34 7.1.3.2 Messages .34 7.1.3.2.1 Key Request 34 7.1.3.2.2 Key Reply34 7.1.3.2.3 Key Reject .34 7.1.3.2.4 TEK Invalid.34 7.1.3.3 Events34 7.1.3.3.1 Stop34 7.1.3.3.2 Authorized.34 7.1.3.3.3 Authorization Pending (Auth Pend) 34 7.1

17、.3.3.4 Authorization Complete (Auth Comp) 34 7.1.3.3.5 TEK Invalid.35 7.1.3.3.6 Timeout .35 7.1.3.3.7 TEK Refresh Timeout .35 7.1.3.4 Parameters.35 7.1.3.4.1 Operational Wait Timeout .35 7.1.3.4.2 Rekey Wait Timeout35 7.1.3.4.3 TEK Grace Time .35 7.1.3.5 Actions 35 7.2 Key management message formats

18、 37 7.2.1 Packet formats 38 7.2.1.1 Authorization Request (Auth Request) .39 7.2.1.2 Authorization Reply (Auth Reply)40 7.2.1.3 Authorization Reject (Auth Reject).40 7.2.1.4 Key Request 41 7.2.1.5 Key Reply .41 7.2.1.6 Key Reject.42 7.2.1.7 Authorization invalid 42 7.2.1.8 TEK Invalid.43 7.2.1.9 Aut

19、hentication Information (Authent Info).43 7.2.1.10 SA Map Request (MAP Request) .44 7.2.1.11 SA Map Reply (Map Reply) .44 7.2.1.12 SAID Map Reject (Map Reject)44 7.2.2 BPKM Attributes 45 7.2.2.1 Serial-Number.47 7.2.2.2 Manufacturer-ID .47 7.2.2.3 MAC-Address .48 7.2.2.4 RSA-Public-Key .48 7.2.2.5 C

20、M-Identification49 7.2.2.6 Display-String .49 7.2.2.7 AUTH-Key50 7.2.2.8 TEK.50 7.2.2.9 Key-Lifetime.50 7.2.2.10 Key-Sequence-Number .51 7.2.2.11 HMAC-Digest.51 7.2.2.12 SAID .52 ETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 5 7.2.2.13 TEK-Parameters52 7.2.2.14 CBC-IV .53 7.2.2.15 Error-Code 53 7.2.2.16 V

21、endor-Defined 54 7.2.2.17 CA-Certificate.55 7.2.2.18 CM-Certificate 55 7.2.2.19 Security-Capabilities.56 7.2.2.20 Cryptographic-Suite 56 7.2.2.21 Cryptographic-Suite-List.57 7.2.2.22 BPI-Version 57 7.2.2.23 SA-Descriptor .58 7.2.2.24 SA-Type58 7.2.2.25 SA-Query 59 7.2.2.26 SA-Query-Type.59 7.2.2.27

22、IP-Address.60 7.2.2.28 Download-Parameters .60 8 Dynamic SA mapping 61 8.1 Introduction 61 8.2 Theory of operation61 8.3 SA Mapping state model 62 8.3.1 States.64 8.3.1.1 Start.64 8.3.1.2 Map Wait 64 8.3.1.3 Mapped .64 8.3.2 Messages.64 8.3.2.1 SA Map Request (Map Request).64 8.3.2.2 SA Map Reply (M

23、ap Reply) .64 8.3.2.3 SA Map Reject (Map Reject)64 8.3.3 Events .64 8.3.3.1 Map .64 8.3.3.2 Unmap.65 8.3.3.3 Map Reply.65 8.3.3.4 Map Reject 65 8.3.3.5 Timeout .65 8.3.3.6 Max Retries.65 8.3.4 Parameters.65 8.3.4.1 SA Map Wait Timeout 65 8.3.4.2 SA Map Max Retries.65 8.3.5 Actions65 8.4 IP multicast

24、 traffic and dynamic SAs.66 9 Key usage .67 9.1 CMTS.67 9.2 Cable Modem .70 9.3 Authentication of Data-Over-Cable System v1.1 dynamic service requests 70 10 Cryptographic methods 71 10.1 Packet data encryption71 10.2 Encryption of TEK .71 10.3 HMAC-Digest Algorithm.72 10.4 Derivation of TEKs, KEKs a

25、nd message authentication keys72 10.5 Public-key encryption of authorization key73 10.6 Digital signatures73 10.7 Supporting alternative algorithms 73 11 Physical protection of keys in the CM and CMTS.73 12 BPI+ X.509 certificate profile and management74 12.1 BPI+ certificate management architecture

26、 overview74 12.2 Certificate format .76 12.2.1 tbsCertificate.validity.notBefore and tbsCertificate.validity.notAfter 76 12.2.2 tbsCertificate.serialNumber 76 12.2.3 tbsCertificate.signature and signatureAlgorithm 77 ETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 6 12.2.4 tbsCertificate.issuer and tbsCerti

27、ficate.subject .77 12.2.4.1 Data-Over-Cable System Root Certificate 78 12.2.4.2 Data-Over-Cable System Manufacturer Certificate 78 12.2.4.3 Cable Modem Certificate 79 12.2.5 tbsCertificate.subjectPublicKeyInfo .80 12.2.6 tbsCertificate.issuerUniqueID and tbsCertificate.subjectUniqueID .80 12.2.7 tbs

28、Certificate.extensions .80 12.2.7.1 Cable Modem certificates .80 12.2.7.2 Data-Over-Cable System manufacturer CA certificates .80 12.2.7.3 Data-Over-Cable System Root CA certificate 80 12.2.8 SignatureValue .81 12.3 Cable Modem certificate storage and management in the CM.81 12.4 Certificate process

29、ing and management in the CMTS .81 12.4.1 CMTS certificate management model 82 12.4.2 Certificate validation.83 12.4.3 Certificate thumbprints .83 12.4.4 Manufacturer CA and CM certificate hot lists84 Annex A (normative): TFTP configuration file extensions 85 A.1 Encodings.85 A.1.1 Baseline privacy

30、configuration setting .85 A.1.1.1 Internal baseline privacy encodings85 A.1.1.1.1 Authorize wait timeout85 A.1.1.1.2 Reauthorize Wait Timeout 86 A.1.1.1.3 Authorization grace time.86 A.1.1.1.4 Operational wait timeout.86 A.1.1.1.5 Rekey wait timeout .86 A.1.1.1.6 TEK grace time .86 A.1.1.1.7 Authori

31、ze reject wait timeout86 A.1.1.1.8 SA map wait timeout.87 A.1.1.1.9 SA map max retries.87 A.2 Parameter guidelines 87 Annex B (informative): Example messages, certificates and PDUs.89 B.1 Notation89 B.2 Authentication info.89 B.2.1 CA Certificate details .90 B.3 Authorization request .91 B.3.1 CM Ce

32、rtificate details 93 B.4 Authorization reply.94 B.4.1 RSA encryption details.95 B.4.2 RSA decryption details.97 B.4.3 Hashing details .97 B.4.3.1 KEK98 B.4.3.2 Message authentication keys.98 B.4.3.3 Mask-generation function .98 B.5 Key request.99 B.5.1 HMAC digest details 100 B.6 Key reply101 B.6.1

33、TEK encryption details.101 B.6.2 HMAC details 102 B.7 Packet PDU encryption 103 B.7.1 CBC only103 B.7.2 CBC with residual block processing 104 B.7.3 Runt frame105 B.7.4 40-bit key105 ETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 7 B.8 Encryption of packet PDU with payload header suppression 107 B.8.1 Down

34、stream .107 B.8.2 Upstream 107 B.9 Fragmented packet encryption .108 Annex C (informative): BPI/BPI+ interoperability.110 C.1 Data-Over-Cable System v1.0/v1.1 interoperability110 C.2 Data-Over-Cable System BPI/BPI+ interoperability requirements110 C.3 BPI 40-bit DES export mode considerations111 C.4

35、 System operation112 C.4.1 CMTS with BPI capability.112 C.4.2 CMTS with BPI+ capability.112 Annex D (normative): Verifying downloaded operational software .113 D.1 Introduction 113 D.2 Overview 113 D.3 Code upgrade requirements115 D.3.1 Code file requirements .116 D.3.1.1 Data-Over-Cable System PKCS

36、#7 signed data 117 D.3.1.1.1 Code signing keys .117 D.3.1.1.2 Code verification certificate format 118 D.3.1.1.3 Certificate revocation120 D.3.1.2 Signed content 120 D.3.2 Code file access controls 120 D.3.2.1 Subject organization names 120 D.3.2.2 Time Varying Controls .121 D.3.3 Cable modem code u

37、pgrade initialization 121 D.3.3.1 Manufacturer initialization .121 D.3.3.2 Network initialization .122 D.3.3.2.1 Processing the configuration file CVC123 D.3.3.2.2 Processing the SNMP CVC 123 D.3.4 Code signing requirements.124 D.3.4.1 Data-Over-Cable System Certificate Authority (CA) requirements .

38、124 D.3.4.2 Manufacturing requirements.125 D.3.4.3 MSO requirements125 D.3.5 Code verification requirements 125 D.3.5.1 Cable modem code verification steps .125 D.3.6 DOCSIS 1.0 interoperability 127 D.3.7 Error codes .127 D.4 Security considerations (informative) 128 Annex E (informative): Upgrading

39、 from BPI to BPI+130 E.1 Hybrid cable modem with BPI+.130 E.2 Upgrading procedure130 History 131 ETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 8 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these

40、essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest up

41、dates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on t

42、he ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This ETSI Standard (ES) has been produced by ETSI Technical Committee Access and Terminals (AT). The present document is part 3 of a multi-part deliverable. Full details of the entire series can be f

43、ound in part 1 1. ETSI ETSI ES 202 488-3 V1.1.1 (2003-09) 9 1 Scope The present document, namely the BPI+ specification extended to allow certificates designated Euro-DOCSIS, describes MAC layer security services for Data-Over-Cable Systems (DOCS) CMTS. The source material was the DOCSIS “Data-Over-

44、Cable Services Interface Specifications, Baseline Privacy Plus Interface Specification Interim 09 08/30/02“, for which the latest published version can be found at . CM communications. BPI+ security goals are twofold: provide cable modem users with data privacy across the cable network; and provide

45、MSOs with service protection; i.e. prevent unauthorized users from gaining access to the networks RF MAC services. BPI+ provides a level of data privacy across the shared medium cable network equal to or better than that provided by dedicated line network access services (analog modems or digital su

46、bscriber lines). The protected RF MAC data communications services fall into three categories: best-effort, high-speed, IP data services; QoS (e.g. constant bit rate) data services; and IP multicast group services. The earlier BPI specification 4 had weak service protection because the underlying ke

47、y management protocol did not authenticate CMs. BPI+ strengthens this service protection by adding digital-certificate based CM authentication to its key exchange protocol. 1.1 Requierements Throughout the present document, the words that are used to define the significance of particular requirement

48、s are capitalized. These words are: MUST: This word or the adjective “REQUIRED“ means that the item is an absolute requirement of the present document. MUST NOT: This phrase means that the item is an absolute prohibition of the present document. SHOULD: This word or the adjective “RECOMMENDED“ means

49、 that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course. SHOULD NOT: This phrase means that there may exist valid reasons in particular circumstances when the listed behaviour is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behaviour described with this label. MAY: This word or the adjective OPTIONAL means that