1、 ETSI ES 201 488-3 V1.2.2 (2003-10)ETSI Standard Access and Terminals (AT);Data Over Cable Systems;Part 3: Baseline Privacy Plus Interface SpecificationETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 2 Reference RES/AT-020045-3 Keywords access, broadband, cable, data, IPcable ETSI 650 Route des Lucioles F-0
2、6921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.et
3、si.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing o
4、n ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal
5、.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telec
6、ommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI
7、 registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 3 Contents Intellectual Property Rights8 Foreword.8 1 Scope 9 1.1 Requirements9 2 References 10 3 Abbreviations .11 4 Purpose.12 4.1 Void12 4.2 Background 12 4.2.1 Service Goal
8、s 12 4.2.2 Statement of compatibility12 5 Baseline privacy plus overview13 5.1 Architectural overview.13 5.1.1 Packet data encryption13 5.1.2 Key management protocol 14 5.1.3 BPI+ security associations 14 5.1.4 QoS SIDs and BPI+ SAIDs 15 5.2 Operational overview .15 5.2.1 Cable modem initialization.
9、15 5.2.2 Cable modem key update mechanism.16 6 Data Over Cable system MAC frame formats .16 6.1 Variable-length packet data PDU MAC frame format .17 6.2 Fragmentation MAC frame format.19 6.3 Requirements on usage of BP extended header element in MAC header 20 7 Baseline Privacy Key Management (BPKM)
10、 protocol 20 7.1 State models .20 7.1.1 Introduction.20 7.1.1.1 Preliminary comment on dynamic security associations and dynamic SA mapping 23 7.1.1.2 Security capabilities selection .23 7.1.2 Authorization state machine .23 7.1.2.1 States .25 7.1.2.1.1 Start .25 7.1.2.1.2 Authorize Wait (Auth Wait)
11、 25 7.1.2.1.3 Authorized.25 7.1.2.1.4 Reauthorize Wait (Reauth Wait) .25 7.1.2.1.5 Authorize Reject Wait (Auth Reject Wait)25 7.1.2.1.6 Silent26 7.1.2.2 Messages .26 7.1.2.2.1 Authorization Request (Auth Request)26 7.1.2.2.2 Authorization Reply (Auth Reply) 26 7.1.2.2.3 Authorization Reject (Auth Re
12、ject).26 7.1.2.2.4 Authorization Invalid (Auth Invalid).26 7.1.2.2.5 Authentication Information (Authent Info) .26 7.1.2.3 Events26 7.1.2.3.1 Provisioned26 7.1.2.3.2 Timeout .27 7.1.2.3.3 Authorization Grace Timeout (Auth Grace Timeout) .27 7.1.2.3.4 Reauthorize (Reauth).27 7.1.2.3.5 Authorization I
13、nvalid (Auth Invalid).27 7.1.2.3.6 Permanent Authorization Reject (Perm Auth Reject)27 7.1.2.3.7 Authorization Reject (Auth Reject).27 7.1.2.3.8 TEK Stop 27 ETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 4 7.1.2.3.9 TEK Authorized28 7.1.2.3.10 TEK Authorization Pending (Auth Pend).28 7.1.2.3.11 TEK Authori
14、zation Complete (Auth Comp).28 7.1.2.4 Parameters.28 7.1.2.4.1 Authorize Wait Timeout (Auth Wait Timeout) .28 7.1.2.4.2 Reauthorize Wait Timeout (Reauth Wait Timeout).28 7.1.2.4.3 Authorization Grace Time (Auth Grace Timeout).28 7.1.2.4.4 Authorize Reject Wait Timeout (Auth Reject Wait Timeout).28 7
15、.1.2.5 Actions 28 7.1.3 TEK state machine30 7.1.3.1 States .32 7.1.3.1.1 Start .32 7.1.3.1.2 Operational Wait (Op Wait) 32 7.1.3.1.3 Operational Reauthorize Wait (Op Reauth Wait)32 7.1.3.1.4 Operational 32 7.1.3.1.5 Rekey Wait 32 7.1.3.1.6 Rekey Reauthorize Wait (Rekey Reauth Wait) .33 7.1.3.2 Messa
16、ges .33 7.1.3.2.1 Key Request 33 7.1.3.2.2 Key Reply33 7.1.3.2.3 Key Reject .33 7.1.3.2.4 TEK Invalid.33 7.1.3.3 Events33 7.1.3.3.1 Stop33 7.1.3.3.2 Authorized.33 7.1.3.3.3 Authorization Pending (Auth Pend) 33 7.1.3.3.4 Authorization Complete (Auth Comp) 33 7.1.3.3.5 TEK Invalid.34 7.1.3.3.6 Timeout
17、 .34 7.1.3.3.7 TEK Refresh Timeout .34 7.1.3.4 Parameters.34 7.1.3.4.1 Operational Wait Timeout .34 7.1.3.4.2 Rekey Wait Timeout34 7.1.3.4.3 TEK Grace Time .34 7.1.3.5 Actions 34 7.2 Key management message formats 36 7.2.1 Packet formats 37 7.2.1.1 Authorization Request (Auth Request) .39 7.2.1.2 Au
18、thorization Reply (Auth Reply)39 7.2.1.3 Authorization Reject (Auth Reject).40 7.2.1.4 Key Request 40 7.2.1.5 Key Reply .40 7.2.1.6 Key Reject.41 7.2.1.7 Authorization Invalid 41 7.2.1.8 TEK Invalid.42 7.2.1.9 Authentication Information (Authent Info).42 7.2.1.10 SA Map Request (MAP Request) .43 7.2
19、.1.11 SA Map Reply (Map Reply) .43 7.2.1.12 SAID Map Reject (Map Reject)44 7.2.2 BPKM attributes .44 7.2.2.1 Serial-Number.46 7.2.2.2 Manufacturer-ID .46 7.2.2.3 MAC-Address .47 7.2.2.4 RSA-Public-Key .47 7.2.2.5 CM-Identification48 7.2.2.6 Display-String .48 7.2.2.7 AUTH-Key49 7.2.2.8 TEK.49 7.2.2.
20、9 Key-Lifetime.50 7.2.2.10 Key-Sequence-Number .50 7.2.2.11 HMAC-Digest.51 7.2.2.12 SAID .51 ETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 5 7.2.2.13 TEK-Parameters52 7.2.2.14 CBC-IV .52 7.2.2.15 Error-Code 53 7.2.2.16 Vendor-Defined 54 7.2.2.17 CA-Certificate.54 7.2.2.18 CM-Certificate 55 7.2.2.19 Securi
21、ty-Capabilities.55 7.2.2.20 Cryptographic-Suite 56 7.2.2.21 Cryptographic-Suite-List.57 7.2.2.22 BPI-Version 57 7.2.2.23 SA-Descriptor .58 7.2.2.24 SA-Type58 7.2.2.25 SA-Query 59 7.2.2.26 SA-Query-Type.59 7.2.2.27 IP-Address.60 7.2.2.28 Download-Parameters .60 8 Dynamic SA mapping 61 8.1 Introductio
22、n 61 8.2 Theory of operation62 8.3 SA mapping state model.63 8.3.1 States.64 8.3.1.1 Start.64 8.3.1.2 Map Wait 64 8.3.1.3 Mapped .64 8.3.2 Messages.64 8.3.2.1 SA Map Request (Map Request).64 8.3.2.2 SA Map Reply (Map Reply) .64 8.3.2.3 SA Map Reject (Map Reject)64 8.3.3 Events .64 8.3.3.1 Map .64 8.
23、3.3.2 Unmap.65 8.3.3.3 Map Reply.65 8.3.3.4 Map Reject 65 8.3.3.5 Timeout .65 8.3.3.6 Max Retries.65 8.3.4 Parameters.65 8.3.4.1 SA Map Wait Timeout 65 8.3.4.2 SA Map Max Retries.65 8.3.5 Actions65 8.4 IP multicast traffic and dynamic SAs.66 9 Key usage .67 9.1 CMTS.67 9.2 Cable Modem (CM) .70 9.3 A
24、uthentication of Data Over Cable System v1.1 dynamic service requests.70 10 Cryptographic Methods71 10.1 Packet Data Encryption 71 10.2 Encryption of TEK .71 10.3 HMAC-Digest algorithm72 10.4 Derivation of TEKs, KEKs and message authentication keys72 10.5 Public-key encryption of authorization key73
25、 10.6 Digital signatures73 10.7 Supporting alternative algorithms 73 11 Physical protection of keys in the CM and CMTS.73 12 BPI+ X.509 certificate profile and management74 12.1 BPI+ certificate management architecture overview74 12.2 Certificate format .76 12.2.1 tbsCertificate.validity.notBefore a
26、nd tbsCertificate.validity.notAfter 76 12.2.2 tbsCertificate.serialNumber 76 12.2.3 tbsCertificate.signature and signatureAlgorithm 77 ETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 6 12.2.4 tbsCertificate.issuer and tbsCertificate.subject .77 12.2.4.1 Data Over Cable System root certificate.78 12.2.4.2 Da
27、ta Over Cable System manufacturer certificate 78 12.2.4.3 Cable modem certificate .79 12.2.5 tbsCertificate.subjectPublicKeyInfo .80 12.2.6 tbsCertificate.issuerUniqueID and tbsCertificate.subjectUniqueID .80 12.2.7 tbsCertificate.extensions .80 12.2.7.1 Cable modem certificates80 12.2.7.2 Data Over
28、 Cable System manufacturer CA certificates 80 12.2.7.3 Data Over Cable System root CA certificate 81 12.2.8 signatureValue 81 12.3 Cable Modem certificate storage and management in the CM.81 12.4 Certificate processing and management in the CMTS .81 12.4.1 CMTS certificate management model 82 12.4.2
29、 Certificate validation.83 12.4.3 Certificate thumbprints .83 12.4.4 Manufacturer CA and CM certificate hot lists83 Annex A (normative): TFTP configuration file extensions.85 A.1 Encodings.85 A.1.1 Baseline privacy configuration setting .85 A.1.1.1 Internal baseline privacy encodings85 A.1.1.1.1 Aut
30、horize wait timeout85 A.1.1.1.2 Reauthorize Wait Timeout 86 A.1.1.1.3 Authorization Grace Time.86 A.1.1.1.4 Operational Wait Timeout.86 A.1.1.1.5 Rekey Wait Timeout .86 A.1.1.1.6 TEK Grace Time.86 A.1.1.1.7 Authorize Reject Wait Timeout 86 A.1.1.1.8 SA Map Wait Timeout 87 A.1.1.1.9 SA Map Max Retrie
31、s.87 A.2 Parameter guidelines 87 Annex B (informative): Example messages, certificates and PDUs .89 B.1 Notation89 B.2 Authentication info.89 B.2.1 CA certificate details 90 B.3 Authorization request .91 B.3.1 CM certificate details .93 B.4 Authorization reply.94 B.4.1 RSA encryption details.95 B.4.
32、2 RSA decryption details.97 B.4.3 Hashing details .98 B.4.3.1 KEK98 B.4.3.2 Message authentication keys.98 B.4.3.3 Mask-Generation Function (MGF) .98 B.5 Key request.99 B.5.1 HMAC digest details 100 B.6 Key reply101 B.6.1 TEK encryption details.101 B.6.2 HMAC details 102 B.7 Packet PDU encryption 10
33、3 B.7.1 CBC only103 B.7.2 CBC with residual block processing 104 B.7.3 Runt frame105 B.7.4 40-bit key105 ETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 7 B.8 Encryption of packet PDU with payload header suppression 107 B.8.1 Downstream .107 B.8.2 Upstream 107 B.9 Fragmented packet encryption .108 Annex C (
34、informative): BPI/BPI+ interoperability.110 C.1 Data Over Cable System v1.0/v1.1 interoperability.110 C.2 Data Over Cable System BPI/BPI+ Interoperability Requirements.110 C.3 BPI 40-bit DES export mode considerations111 C.4 System operation112 C.4.1 CMTS with BPI capability.112 C.4.2 CMTS with BPI+
35、 capability.112 Annex D (normative): Verifying downloaded operational software113 D.1 Introduction 113 D.2 Overview 113 D.3 Code upgrade requirements115 D.3.1 Code file requirements .115 D.3.1.1 Data Over Cable System PKCS#7 signed data.116 D.3.1.1.1 Code signing keys .116 D.3.1.1.2 Code Verificatio
36、n Certificate Format117 D.3.1.1.3 Certificate revocation118 D.3.1.2 Signed content 119 D.3.2 Code file access controls 119 D.3.2.1 Subject organization names 119 D.3.2.2 Time varying controls.120 D.3.3 Cable modem code upgrade initialization 120 D.3.3.1 Manufacturer initialization .120 D.3.3.2 Netwo
37、rk initialization .121 D.3.3.2.1 Processing the configuration file CVC122 D.3.3.2.2 Processing the SNMP CVC 122 D.3.4 Code signing requirements.123 D.3.4.1 Data Over Cable System Certificate Authority (CA) requirements123 D.3.4.2 Manufacturing requirements.123 D.3.4.3 MSO requirements124 D.3.5 Code
38、verification requirements 124 D.3.5.1 Cable Modem Code verification steps124 D.3.6 DOCSIS 1.0 interoperability 126 D.3.7 Error codes .126 D.4 Security considerations (informative) 127 Annex E (informative): Upgrading from BPI to BPI+128 E.1 Hybrid cable modem with BPI+.128 E.2 Upgrading procedure128
39、 History 129 ETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 8 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and
40、can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pur
41、suant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present do
42、cument. Foreword This ETSI Standard (ES) has been produced by ETSI Technical Committee Access and Terminals (AT). NOTE: An earlier version of the present document was produced by JTC Broadcast. The present document is part 3 of a multi-part deliverable covering Data Over Cable Systems, as identified
43、 below: Part 1: “General“; Part 2: “Radio Frequency Interface Specification“; Part 3: “Baseline Privacy Plus Interface Specification“. ETSI ETSI ES 201 488-3 V1.2.2 (2003-10) 9 1 Scope The present document, namely the BPI+ specification 3 extended to allow certificates designated Euro-DOCSIS, descri
44、bes MAC layer security services for Data Over Cable Systems (DOCS) CMTS. The source material was the DOCSIS “Data Over Cable Services Interface Specifications, Baseline Privacy Plus Interface Specification Interim 09 08/30/02“, for which the latest published version can be found at . CM communicatio
45、ns. BPI+ security goals are twofold: provide cable modem users with data privacy across the cable network; and provide MSOs with service protection; i.e. prevent unauthorized users from gaining access to the networks RF MAC services. BPI+ provides a level of data privacy across the shared medium cab
46、le network equal to or better than that provided by dedicated line network access services (analog modems or digital subscriber lines). The protected RF MAC data communications services fall into three categories: best-effort, high-speed, IP data services; QoS (e.g. constant bit rate) data services;
47、 and IP multicast group services. The earlier BPI specification 4 had “weak“ service protection because the underlying key management protocol did not authenticate CMs. BPI+ strengthens this service protection by adding digital-certificate based CM authentication to its key exchange protocol. 1.1 Re
48、quirements Throughout the present document, the words that are used to define the significance of particular requirements are capitalized. These words are: MUST: This word or the adjective “REQUIRED“ means that the item is an absolute requirement of the present document. MUST NOT: This phrase means
49、that the item is an absolute prohibition of the present document. SHOULD: This word or the adjective “RECOMMENDED“ means that there may exist valid reasons in particular circumstances to ignore this item, but the full implications should be understood and the case carefully weighed before choosing a different course. SHOULD NOT: This phrase means that there may exist valid reasons in particular circumstances when the listed behaviour is acceptable or even useful, but the full implications should be understood and the case carefully weigh