1、 ETSI TS 102 639-5 V1.1.1 (2009-04)Technical Specification Access and Terminals, Transmission and Multiplexing (ATTM);Third Generation Transmission Systems forInteractive Cable Television Services - IP Cable Modems;Part 5: Security ServicesITU-T Recommendation J.222.3 (07/2007), modifiedETSI ETSI TS
2、 102 639-5 V1.1.1 (2009-04) 2 Reference DTS/ATTM-02006-5 Keywords aceess, broadband, cable, endorsement, MAC, modem ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif en
3、registre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in con
4、tents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the docum
5、ent may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.o
6、rg/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2009. All rights reserved. DECTTM, PLUGTESTSTM, U
7、MTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benef
8、it of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 639-5 V1.1.1 (2009-04)3Contents Intellectual Property Rights 4g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative referen
9、ces . 5g32.2 Informative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g3Endorsement notice 7g3Modifications to ITU-T Recommendation J.222.3 . 7g3Annex A (informative): Bibliography . 8g3History 10g3ETSI ETSI TS 102 639-5 V1.1.1 (2009-04) 4 Intellectual P
10、roperty Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs)
11、; Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searche
12、s, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced
13、by ETSI Technical Committee Access, Terminals, Transmission and Multiplexing (ATTM). The present document is part 5 of a multi-part deliverable covering Third Generation Transmission Systems for Interactive Cable Television Services - IP Cable modems. Full details of the entire series can be found i
14、n part 1 i.1. Introduction This European Standard (Cable DOCSIS 3.0 Network series) has been produced by ETSI Access, Terminals, Transmission and Multiplexing Technical Committee (ATTM), Cable Access Network sub-group. ETSI ETSI TS 102 639-5 V1.1.1 (2009-04) 5 1 Scope The present document defines th
15、e security requirements as part of a series of specifications for the third generation of high-speed Data-Over-Cable Systems Interface Specifications (DOCSIS). They were developed for the benefit of the cable industry, including contributions by operators and vendors from, Europe, North America and
16、other regions. The source material for this specification was provided by the ITU-T Recommendation J.222.3 3 for which the most recent version can be found at http:/www.itu.int/ITU-T/. 2 References References are either specific (identified by date of publication and/or edition number or version num
17、ber) or non-specific. For a specific reference, subsequent revisions do not apply. Non-specific reference may be made only to a complete document or a part thereof and only in the following cases: - if it is accepted that it will be possible to use all future changes of the referenced document for t
18、he purposes of the referring document; - for informative references. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication
19、ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
20、(including any amendments) applies. 1 ETSI TS 102 639-4: “Access and Terminals, Transmission and Multiplexing (ATTM); Third Generation Transmission Systems for Interactive Cable Television Services - IP Cable Modems; Part 4: MAC and Upper Layer Protocols ITU-T Recommendation J.222.2 (07/2007), modif
21、ied“. 2 ETSI TS 101 909-11 “Digital Broadband Cable Access to the Public Telecommunications Network; IP Multimedia Time Critical Services; Part 11: Security“. 3 ITU-T Recommendation J.222.3“ Third-generation transmission systems for interactive cable television services - IP cable modems: Security s
22、ervices“. 2.2 Informative references The following referenced documents are not essential to the use of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest version of the referenced document (including any amendments) applie
23、s. i.2 ETSI TS 102 639-3: “Access and Terminals, Transmission and Multiplexing (ATTM); Third Generation Transmission Systems for Interactive Cable Television Services - IP Cable Modems; Part 3: Downstream Interface ITU-T Recommendation J.210 (11/2006), modified“. ETSI ETSI TS 102 639-5 V1.1.1 (2009-
24、04) 6 i.3 ETSI TS 102 639-1: “Access and Terminals, Transmission and Multiplexing (ATTM); Third Generation Transmission Systems for Interactive Cable Television Services - IP Cable Modems; Part 1: General“. i.4 ETSI ES 201 488: “Access and Terminals (AT); Data Over Cable Systems; Part 1: General“. i
25、.5 ITU-T Recommendation J.222.1: “Third-generation transmission systems for interactive cable television services - IP cable modems: Physical layer specification“. i.6 ITU-T Recommendation J.210: “Downstream RF Interface for Cable Modem Termination Systems“. i.7 ITU-T Recommendation J.222.2: “MAC an
26、d Upper Layer protocols for third-generation transmission systems for interactive cable television services - IP cable modems“. i.8 ITU-T Recommendation J.112: “Transmission systems for interactive cable television services“. i.9 ITU-T Recommendation J.170: “IPCablecom security specification“. i.10
27、ITU-T Recommendation X.690: “Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following ter
28、ms and definitions apply: DER Encoded: Refers to a value which is encoded using the ASN.1 Distinguished Encoding Rules (see ITU-T Recommendation X.690 i.11). downstream: flow of signals from the cable system control center through the distribution network to the customer NOTE: For communication purp
29、oses, associated with transmission (down) to the end-user. dynamically-joined multicast sessions: multicast sessions joined after cable modem registration key transition period: time period in which an Authentication Key that is near its expiration is replaced by a new Authentication Key through a n
30、egotiated update process between the CMTS and the CM MAC domain: logical link layer network consisting of a common address scheme (such as IEEE 802.3 Ethernet) in which elements may send and receive OSI layer 2 messages between and among one another NOTE: MAC domain boundaries may be established thr
31、ough both physical and logical means; separate channels or subchannels utilizing differing frequency and/or encoding methods, or assigning separate bundles/bridge groups or subinterfaces to common frequency-domain channels or subchannels. static multicast sessions: multicast sessions joined during c
32、able modem registration upstream: term used to describe traffic and paths that go from the subscriber to the headend 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: ASN.1 Abstract Syntax Notation 1 CM Cable Modem CMCI Cable Modem to Customer Premises Eq
33、uipment Interface CMTS Cable Modem Termination System CRL Certificate Revocation List ETSI ETSI TS 102 639-5 V1.1.1 (2009-04) 7 DER Distinguished Encoding Rules DES Data Encryption StandardDHCP Dynamic Host Configuration Protocol DOCSIS Data-Over-Cable Service Interface Specifications FIPS Federal I
34、nformation Processing Standard HMAC Keyed-Hash Message Authentication Code IEEE Institute of Electrical and Electronics Engineers IP Internet Protocol IPR Intellectual Property Rights IPv6 Version 6 of the Internet Protocol ISO International Organization for Standards MAC Media Access Control MMH Mu
35、ltilinear Modular Hash OCSP Online Certificate Status Protocol RFC Request For Comments RSA Rivest, Shamir, Adleman (a public key cryptographic algorithm) RTP Real-time Transport Protocol SA Security Association SET Secure Electronic Transaction SHA-1 Secure Hash Algorithm 1 TFTP Trivial File Transf
36、er Protocol Endorsement notice Modifications to ITU-T Recommendation J.222.3 The elements of ITU-T Recommendation J.222.3 3 (07/2007) apply, with the following modifications: NOTE: Underlining and/or strike-out are used to highlight detailed modifications where necessary. Replace references given in
37、 J.222.3 as shown in table 1. Table 1 Reference(s) in J.222.3 3 Replaced reference(s) 1 ITU-T Recommendation J.222.1 ETSI TS 102 639-2 2 ITU-T Recommendation J.210 ETSI TS 102 639-3 3 ITU-T Recommendation J.222.2 ETSI TS 102 639-4 4 ITU-T Recommendation J.222.3 ETSI TS 102 639-5 5 ITU-T Recommendati
38、on J.112 ETSI ES 201 488 6 ITU-T Recommendation J.122 ETSI ES 202 488-2 7 ITU-T Recommendation J.170 ETSI TS 101 909-11 ETSI ETSI TS 102 639-5 V1.1.1 (2009-04) 8 Annex A (informative): Bibliography ITU-T Recommendation J.125: “Link privacy for cable modem implementations“. Proposed Draft SCTE Standa
39、rd, DOCSIS Operations Support System Interface Specification version 3.0. ETSI ES 202 488-2: “Access and Terminals (AT); Second Generation Transmission Systems for Interactive Cable Television Services - IP Cable Modems; Part 2: Radio frequency interface specification“. Federal Information Processin
40、g Standards Publication (FIPS PUB) 46-3: “Data Encryption Standard“, October 1999. Federal Information Processing Standards Publication (FIPS PUB) 140-2: “Security Requirements for Cryptographic Modules“, June 2001. Federal Information Processing Standards Publication (FIPS PUB) 180-2: “Secure Hash
41、Standard“, February 2003. Federal Information Processing Standards Publication (FIPS PUB) 197: “Advanced Encryption Standard“, November, 2001. ISO 8859-1: “8-bit single-byte coded graphic character sets - Part 1: Latin alphabet No.1“. NIST-800-38A, Recommendation for Block Cipher Modes of Operation,
42、 Methods and Techniques, Morris Dworkin, 2001 Edition. IETF RFC 2315 PKCS #7: Cryptographic Message Syntax Version 1. IETF RFC 826: “Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware“, D.C. Plummer. IETF RF
43、C 1350: “The TFTP Protocol, Revision 2“, K. Sollins. IETF RFC 2616: “Hypertext Transfer Protocol - HTTP/1.1“, R. Fielding, et al. IETF RFC 2104: “HMAC: Keyed-Hashing for Message Authentication“, H. Krawczyk et al. IETF RFC 3376: “Internet Group Management Protocol, Version 3“, B. Cain, et al. IETF R
44、FC 2347: “TFTP Option Extension“, G. Malkin, A. Harkin. IETF RFC 2348:“ TFTP Blocksize Option“, G. Malkin, A. Harkin. IETF RFC 2349: “TFTP Timeout Interval and Transfer Size Options“, G. Malkin, A. Harkin. IETF RFC 2461: “Neighbor Discovery for IP Version 6 (IPv6)“, T. Narten, E. Nordmark, W. Simpso
45、n. IETF RFC 2560: “X.509 Internet Public Key Infrastructure Certificate Status Protocol - OCSP“, M. Myers et al. IETF RFC 3280: “Internet X.509 Public Key Infrastructure Certificate and CRL Profile“, R. Housley, W. Ford, W. Polk, D. Solo. IETF RFC 4131: “Management Information Base for Data Over Cab
46、le Service Interface Specification (DOCSIS) Cable Modems and Cable Modem Termination Systems for Baseline“, S. Green et al. IETF RFC 2437: “PKCS #1: RSA Cryptography Specifications Version 2.0“. ITU-T Recommendation X.509 (1997): “Information Technology - Open Systems Interconnection - The Directory
47、: Authentication Framework“. ITU-T Recommendation X.690 (2002) | ISO/IEC 8825-1:2002, Information Technology - ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). ETSI ETSI TS 102 639-5 V1.1.1 (2009-04) 9 Data-Over
48、-Cable Service Interface Specifications Cable Modem to Customer Premise Equipment Interface Specification SP-CMCI-I10-050408, April 8, 2005, Cable Television Laboratories, Inc. ISO 3166-1: “Codes for the representation of names of countries and their subdivisions - Part 1: Country codes“. S. Halevi
49、and H. Krawczyk, “MMH: Software Message Authentication in Gbit/sec Rates,“ Proceedings of the 4th Workshop on Fast Software Encryption, (1997) vol. 1267 Springer-Verlag, pp. 172-189. IETF RFC 1750: “Randomness Recommendations for Security“, D. Eastlake, et al. IETF RFC 2202: “Test cases for HMAC-MD5 and HMAC-SHA-1“, P. Cheng, R. Glenn. IETF RFC 3550: “RTP: A Transport Protocol for Real-Time Applications“, H. Schulzrinne, S. Casner, R. Frederick, V. Jacobson. IETF RFC 3447: “Public-Key Cryptography Standards (PKCS) #1: RSA Crypto