1、 ETSI TS 103 161-9 V1.1.1 (2011-10) Access, Terminals, Transmission and Multiplexing (ATTM); Integrated Broadband Cable and Television Networks; IPCablecom 1.5; Part 9: Security Technical Specification ETSI ETSI TS 103 161-9 V1.1.1 (2011-10)2Reference DTS/ATTM-003011-9 Keywords access, broadband, ca
2、ble, IP, multimedia, PSTN ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of
3、the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
4、In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of t
5、his and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as au
6、thorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
7、3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 103 161-9 V1.1.1 (2011-10)3Contents Intellectual Property Rights 9g3Foreword . 9g31
8、 Scope and Introduction . 11g31.1 Scope 11g31.2 Goals 11g31.2.1 Assumptions . 11g31.2.2 Requirements 12g32 References 12g32.1 Normative references . 12g32.2 Informative references 14g33 Definitions and abbreviations . 14g33.1 Definitions 14g33.2 Abbreviations . 16g34 Void 18g35 Architectural Overvie
9、w of IPCablecom Security . 18g35.1 IPCablecom Reference Architecture 18g35.1.1 HFC Network 18g35.1.2 Call Management Server 19g35.1.3 Functional Categories . 19g35.1.3.1 Device and Service Provisioning 19g35.1.3.2 Dynamic Quality of Service 20g35.1.3.3 Billing System Interfaces 20g35.1.3.4 Call Sign
10、alling . 20g35.1.3.5 PSTN Interconnectivity . 20g35.1.3.6 CODEC Functionality and Media Stream Mapping . 20g35.1.3.7 Audio Server Services . 21g35.1.3.7.1 Media Player Controller (MPC) 21g35.1.3.7.2 Media Player (MP) 21g35.1.3.8 Lawful Interception . 21g35.2 Threats 21g35.2.1 Theft of Network Servic
11、es 23g35.2.1.1 MTA Clones 23g35.2.1.2 Other Clones . 23g35.2.1.3 Subscription Fraud 23g35.2.1.4 Non-Payment for Voice Communications Services 23g35.2.1.5 Protocol Attacks against an MTA . 23g35.2.1.6 Protocol Attacks against Other Network Elements . 24g35.2.1.7 Theft of Services Provided by the MTA
12、. 24g35.2.1.7.1 Attacks . 24g35.2.1.8 MTA Moved to Another Network 24g35.2.2 Bearer Channel Information Threats. 24g35.2.2.1 Attacks 24g35.2.2.1.1 Off-line Cryptanalysis . 24g35.2.3 Signalling Channel Information Threats . 24g35.2.3.1 Attacks 24g35.2.3.1.1 Caller ID 25g35.2.3.1.2 Information with Ma
13、rketing Value 25g35.2.4 Service Disruption Threats . 25g35.2.4.1 Attacks 25g35.2.4.1.1 Remote Interference 25g35.2.5 Repudiation . 25g35.2.6 Threat Summary . 26g35.2.6.1 Primary Threats. 26g3ETSI ETSI TS 103 161-9 V1.1.1 (2011-10)45.2.6.2 Secondary Threats. 27g35.3 Security Architecture 27g35.3.1 Ov
14、erview of Security Interfaces . 27g35.3.2 Security Assumptions . 30g35.3.2.1 BPI+ CMTS Downstream Messages Are Trusted. 30g35.3.2.2 Non-Repudiation Not Supported . 30g35.3.2.3 Root Private Key Compromise Protection 30g35.3.2.4 Limited Prevention of Denial-of-Service Attacks . 31g35.3.3 Susceptibilit
15、y of Network Elements to Attack 31g35.3.3.1 Managed IP Network 31g35.3.3.2 MTA 31g35.3.3.3 CMTS 32g35.3.3.4 Voice Communications Network Servers are Untrusted Network Elements 32g35.3.3.4.1 CMS 32g35.3.3.4.2 RKS . 33g35.3.3.4.3 OSS, DHCP and TFTP Servers . 33g35.3.3.5 PSTN Gateways 34g35.3.3.5.1 Med
16、ia Gateway 34g35.3.3.5.2 Signalling Gateway . 34g36 Security Mechanisms . 34g36.1 IPsec . 34g36.1.1 Overview 34g36.1.2 IPCablecom Profile for IPsec ESP (Transport Mode) 35g36.1.2.1 IPsec ESP Transform Identifiers . 35g36.1.2.2 IPsec ESP Authentication Algorithms 35g36.1.2.3 Replay Protection 36g36.1
17、.2.4 Key Management Requirements . 36g36.2 Internet Key Exchange (IKE) . 36g36.2.1 Overview 36g36.2.2 IPCablecom Profile for IKE 37g36.2.2.1 First IKE Phase . 37g36.2.2.1.1 IKE Authentication with Signatures 37g36.2.2.1.2 IKE Authentication with Public-Key Encryption 37g36.2.2.1.3 IKE Authentication
18、 with Pre-Shared Keys 37g36.2.2.2 Second IKE Phase . 37g36.2.2.3 Encryption Algorithms for IKE Exchanges 37g36.2.2.4 Diffie-Hellman Groups . 38g36.2.2.5 Security Association Renegotiation 38g36.3 SNMPv3 . 38g36.3.1 SNMPv3 Transform Identifiers 38g36.3.2 SNMPv3 Authentication Algorithms 38g36.4 Kerbe
19、ros / PKINIT . 39g36.4.1 Overview 39g36.4.1.1 Kerberos Ticket Storage 41g36.4.2 PKINIT Exchange 41g36.4.2.1 PKINIT Profile for IPCablecom . 43g36.4.2.1.1 PKINIT Request 43g36.4.2.1.2 PKINIT Reply . 45g36.4.2.1.3 Pre-Authenticator for Provisioning Server Location . 47g36.4.2.2 Profile for the Kerbero
20、s AS Request / AS Reply Messages 47g36.4.2.3 Profile for Kerberos Tickets 48g36.4.3 Symmetric Key AS Request / AS Reply Exchange 48g36.4.3.1 Profile for the Symmetric Key AS Request / AS Reply Exchanges 50g36.4.4 Kerberos TGS Request / TGS Reply Exchange 51g36.4.4.1 TGS Request Profile . 52g36.4.4.2
21、 TGS Reply Profile . 52g36.4.4.3 Error Reply 52g36.4.5 Kerberos Server Locations and Naming Conventions 53g36.4.5.1 Kerberos Realms . 53g36.4.5.2 KDC 53g36.4.5.3 CMS 54g3ETSI ETSI TS 103 161-9 V1.1.1 (2011-10)56.4.5.4 Provisioning Server . 54g36.4.5.5 Names of Other Kerberized Services 55g36.4.6 MTA
22、 Principal Names 56g36.4.7 Mapping of MTA MAC Address to MTA FQDN 56g36.4.7.1 MTA FQDN Request 56g36.4.7.2 MTA FQDN Reply . 58g36.4.7.3 MTA FQDN Error 59g36.4.8 Server Key Management Time Out Procedure . 60g36.4.9 Service Key Versioning 61g36.5 Kerberized Key Management . 61g36.5.1 Overview 61g36.5.
23、2 Kerberized Key Management Messages . 62g36.5.2.1 Rekey Messages 66g36.5.2.2 IPCablecom Profile for KRB_AP_REQ / KRB_AP_REP Messages . 69g36.5.2.3 Error Handling 69g36.5.2.3.1 Error Reply 69g36.5.2.3.2 Clock Skew Error 70g36.5.2.3.3 Handling Ticket Errors After a Wake Up 71g36.5.3 Kerberized IPsec
24、. 71g36.5.3.1 Derivation of IPsec Keys 72g36.5.3.2 Periodic Re-establishment of IPsec Security Associations . 72g36.5.3.2.1 Periodic Re-establishment of IPsec SAs at the Client . 72g36.5.3.2.2 Periodic Re-establishment of IPsec SAs at the Application Server . 73g36.5.3.3 Expiration of IPsec SAs 73g3
25、6.5.3.4 Initial Establishment of IPsec SAs 73g36.5.3.5 On-demand Establishment of IPsec SAs . 74g36.5.3.5.1 Client Loses an Outgoing IPsec SA. 74g36.5.3.5.2 Client Loses an Incoming IPsec SA 74g36.5.3.5.3 Application Server Loses an Outgoing IPsec SA 74g36.5.3.5.4 Application Server Loses an Incomin
26、g IPsec SA 75g36.5.3.6 IPsec-Specific Errors Returned in KRB_ERROR . 75g36.5.4 Kerberized SNMPv3 . 76g36.5.4.1 Derivation of SNMPv3 Keys 76g36.5.4.2 Periodic Re-establishment of SNMPv3 Keys 77g36.5.4.3 Expiration of SNMPv3 Keys. 77g36.5.4.4 Initial Establishment of SNMPv3 Keys 77g36.5.4.5 Error Reco
27、very 77g36.5.4.5.1 SNMP Agent Wishes to Send with Missing SNMPv3 Keys. 77g36.5.4.5.2 SNMP Agent Receives with Missing SNMPv3 Keys . 77g36.5.4.5.3 SNMP Manager Wishes to Send with Missing SNMPv3 Keys. 77g36.5.4.6 SNMPv3-Specific Errors Returned in KRB_ERROR. 78g36.6 End-to-End Security for RTP . 78g3
28、6.7 End-to-End Security for RTCP 79g36.8 BPI+ . 80g36.9 TLS . 81g36.9.1 Overview 81g36.9.2 IPCablecom Profile for TLS with SIP 81g36.9.2.1 TLS Ciphersuites . 81g36.9.2.2 IPCablecom TLS Certificates 81g36.9.2.3 Connection Persistence and Re-Use 82g36.9.2.4 Session Caching 82g37 Security Profile . 82g
29、37.1 Device and Service Provisioning 83g37.1.1 Device Provisioning 85g37.1.1.1 Security Services . 86g37.1.1.1.1 MTA-DHCP Server . 86g37.1.1.1.2 MTA-SNMP Manager. 86g37.1.1.1.3 MTA-Provisioning Server, via TFTP Server . 87g37.1.1.2 Cryptographic Mechanisms. 87g37.1.1.2.1 Call Flows MTA-15, 16, 17: M
30、TA-SNMP Manager: SNMP Inform/Get Requests/Responses . 87g37.1.1.2.2 Call Flow MTA-18: Provisioning Server-TFTP Server: Create MTA Config File . 87g3ETSI ETSI TS 103 161-9 V1.1.1 (2011-10)67.1.1.2.3 Call Flows MTA-19, 20 and 21: Establish TFTP Server Location . 88g37.1.1.2.4 Call Flows MTA-22, 23: MT
31、A-TFTP Server: TFTP Get/Get Response. 88g37.1.1.2.5 Security Flows . 88g37.1.1.3 Key Management 91g37.1.1.3.1 MTA - SNMP Manager . 91g37.1.1.3.2 MTA - TFTP Server 91g37.1.1.4 MTA Embedded Keys. 91g37.1.1.5 Summary Security Profile Matrix - Device Provisioning . 91g37.1.2 Subscriber Enrolment . 92g37
32、.2 Quality of Service (QoS) Signalling . 93g37.2.1 Dynamic Quality of Service (DQoS) 93g37.2.1.1 Reference architecture for embedded MTAs 93g37.2.1.2 Security Services . 93g37.2.1.2.1 CM-CMTS DOCSIS1.1 QoS Messages . 93g37.2.1.2.2 Gate Controller - CMTS COPS Messages . 93g37.2.1.3 Cryptographic Mech
33、anisms. 93g37.2.1.3.1 CM-CMTS DOCSIS1.1 QoS Messages . 93g37.2.1.3.2 Gate Controller - CMTS COPS Messages . 94g37.2.1.4 Key Management 94g37.2.1.4.1 Gate Controller - CMTS COPS Messages . 94g37.2.1.4.2 Security Profile Matrix Summary 94g37.3 Billing System Interfaces . 95g37.3.1 Security Services 95
34、g37.3.1.1 CMS-RKS Interface 95g37.3.1.2 CMTS-RKS Interface 95g37.3.1.3 MGC - RKS Interface . 95g37.3.2 Cryptographic Mechanisms 95g37.3.2.1 RADIUS Server Chaining . 95g37.3.3 Key Management 96g37.3.3.1 Key CMS - RKS Interface 96g37.3.3.2 CMTS - RKS Interface 96g37.3.3.3 MGC - RKS Interface . 96g37.3
35、.4 Billing System Summary Security Profile Matrix 97g37.4 Call Signalling 97g37.4.1 Network Call Signalling (NCS) 97g37.4.1.1 Reference Architecture 97g37.4.1.2 Security Services . 98g37.4.1.3 Cryptographic Mechanisms. 98g37.4.1.3.1 MTA-CMS Interface . 98g37.4.1.3.2 CMS-CMS, CMS-MGC, CMS-SIP Proxy a
36、nd SIP Proxy - SIP Proxy Interfaces 98g37.4.1.4 Key Management 99g37.4.1.4.1 MTA-CMS Key Management . 99g37.4.1.4.2 CMS-CMS, CMS-MGC, CMS-SIP Proxy, SIP Proxy-SIP Proxy Key Management . 101g37.4.2 Call Signalling Security Profile Matrix 102g37.5 PSTN Gateway Interface 103g37.5.1 Reference Architectu
37、re . 103g37.5.1.1 Media Gateway Controller 103g37.5.1.2 Media Gateway . 103g37.5.1.3 Signalling Gateway . 103g37.5.2 Security Services 103g37.5.2.1 MGC - MG Interface . 103g37.5.3 Cryptographic Mechanisms 103g37.5.3.1 MGC - MG Interface . 103g37.5.4 Key Management 104g37.5.4.1 MGC - MG Interface . 1
38、04g37.5.5 MGC-MG Summary Security Profile Matrix . 104g37.6 Media Stream . 104g37.6.1 Security Services 104g37.6.1.1 RTP . 104g37.6.1.2 RTCP . 105g37.6.2 Cryptographic Mechanisms 105g37.6.2.1 RTP Messages . 105g3ETSI ETSI TS 103 161-9 V1.1.1 (2011-10)77.6.2.1.1 RTP Timestamp . 107g37.6.2.1.2 Packet
39、Encoding Requirements . 107g37.6.2.1.3 Packet Decoding Requirements . 109g37.6.2.2 RTCP Messages 110g37.6.2.2.1 RTCP Format 110g37.6.2.2.2 RTCP Encryption 110g37.6.2.2.3 Sequence Numbers 111g37.6.2.2.4 Block Termination . 111g37.6.2.2.5 RTCP Message Encoding 111g37.6.2.2.6 RTCP Message Decoding 111g
40、37.6.2.3 Key Management 112g37.6.2.3.1 Key Management over NCS 112g37.6.2.3.2 Ciphersuite Format 121g37.6.2.3.3 Derivation of End-to-End Keys . 121g37.6.2.4 RTP-RTCP Summary Security Profile Matrix 122g37.7 Audio Server Services 122g37.7.1 Reference Architecture . 122g37.7.2 Security Services 123g37
41、.7.2.1 MTA-CMS NCS Signalling (Ann-1) 123g37.7.2.2 MPC-MP Signalling (Ann-2) 124g37.7.2.3 MTA-MP (Ann-4) . 124g37.7.3 Cryptographic Mechanisms 124g37.7.3.1 MTA-CMS NCS Signalling (Ann-1) 124g37.7.3.2 MPC-MP Signalling (Ann-2) 124g37.7.3.3 MTA-MP (Ann-4) . 124g37.7.4 Key Management 124g37.7.4.1 MTA-C
42、MS NCS Signalling (Ann-1) 124g37.7.4.2 MPC-MP Signalling (Ann-2) 124g37.7.4.3 MTA-MP (Ann-4) . 124g37.7.5 MPC-MP Summary Security Profile Matrix 125g37.8 Lawful Interception Interfaces . 125g37.8.1 Reference Architecture . 125g37.8.2 Security Services 126g37.8.2.1 Event Interfaces CMS-DF, MGC-DF, CM
43、TS-DF and DF-DF . 126g37.8.2.2 Call Content Interfaces CMTS-DF, MG-DF, MG-DF and DF-DF . 126g37.8.3 Cryptographic Mechanisms 126g37.8.3.1 Interface between CMS and DF 126g37.8.3.2 Interface between CMTS and DF for Event Messages . 127g37.8.3.3 Interface between DF and DF for Event Messages . 127g37.
44、8.3.4 Interface between MGC and DF . 127g37.8.4 Key Management 127g37.8.4.1 Interface between CMS and DF 127g37.8.4.2 Interface between CMTS and DF 127g37.8.4.3 Interface between DF and DF . 127g37.8.4.4 INTERFACE BETWEEN MGC AND DF . 128g37.8.5 Lawful Interception Security Profile Matrix . 128g37.9
45、 CMS Provisioning 129g37.9.1 Reference Architecture . 129g37.9.2 Security Services 129g37.9.3 Cryptographic Mechanisms 129g37.9.4 Key Management 129g37.9.5 Provisioning Server-CMS Summary Security Profile Matrix . 129g38 IPCablecom Certificates . 130g38.1 Generic Structure 130g38.1.1 Version 130g38.
46、1.2 Public Key Type . 130g38.1.3 Extensions . 130g38.1.3.1 subjectKeyIdentifier 130g38.1.3.2 authorityKeyIdentifier. 130g38.1.3.3 KeyUsage 130g38.1.3.4 BasicConstraints 130g3ETSI ETSI TS 103 161-9 V1.1.1 (2011-10)88.1.4 Signature Algorithm . 130g38.1.5 SubjectName and IssuerName 130g38.1.6 Certifica
47、te Profile Notation . 131g38.2 Certificate Trust Hierarchy . 131g38.2.1 Certificate Validation 131g38.2.2 MTA Device Certificate Hierarchy. 132g38.2.2.1 MTA Root Certificate . 132g38.2.2.2 MTA Manufacturer Certificate . 133g38.2.2.3 MTA Device Certificate 133g38.2.3 IPCablecom Telephony Certificate
48、Hierarchy 134g38.2.3.1 IP Telephony Root Certificate. 134g38.2.3.2 Service Provider CA Certificate 135g38.2.3.3 Local System CA Certificate. 135g38.2.3.4 Operational Ancillary Certificates 136g38.2.3.4.1 Key Distribution Centre Certificate . 136g38.2.3.4.2 Delivery Function (DF) . 136g38.2.3.4.3 IPC
49、ablecom Server Certificates . 137g38.2.3.4.4 TLS Certificates. 139g38.2.4 Certificate Revocation 139g39 Cryptographic Algorithms 139g39.1 AES 139g39.2 DES 139g39.2.1 XDESX . 140g39.2.2 DES-CBC-PAD 140g39.2.3 3DES-EDE 140g39.3 Block Termination 140g39.4 RSA Signature 145g39.5 HMAC-SHA1 . 145g39.6 Key Derivation . 146g39.7 The MMH-MAC 146g39.7.1 The MMH Function 146g39.7.1.1 MMH16,s,1 146g39.7.1.2 MMH16,s,2 147g39.7.2 The MMH-MAC . 148g39.7.2.1 MMH-MAC When Using a Block Cipher 148g39.7.2.2 Handling Variable-Size Data 148g39.8 Random Number Generation 148g310 Physical Secur
