1、 International Telecommunication Union ITU-T J.125TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (12/2007) SERIES J: CABLE NETWORKS AND TRANSMISSION OF TELEVISION, SOUND PROGRAMME AND OTHER MULTIMEDIA SIGNALS Interactive systems for digital television distribution Link privacy for cable modem imple
2、mentations ITU-T Recommendation J.125 ITU-T Rec. J.125 (12/2007) i ITU-T Recommendation J.125 Link privacy for cable modem implementations Summary ITU-T Recommendation J.125 was Annex O to ITU-T Recommendation J.112 Annex B. Since it is also applicable to MAC layer privacy services for ITU-T Recomme
3、ndation J.122, it became a stand-alone Recommendation (J.125). This Recommendation, often referred to as Baseline Privacy Interface Plus or BPI+, has the following two goals: provide cable modem users with data privacy across the cable network; and provide cable operators with service protection; i.
4、e., prevent unauthorized users from gaining access to the networks RF MAC services. BPI+ provides a level of data privacy across the shared medium cable network equal to or better than that provided by dedicated line network access services (analog modems or digital subscriber lines). Source ITU-T R
5、ecommendation J.125 was approved on 14 December 2007 by ITU-T Study Group 9 (2005-2008) under the ITU-T Recommendation A.8 procedure. ii ITU-T Rec. J.125 (12/2007) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, in
6、formation and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a
7、worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down
8、in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication ad
9、ministration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory pr
10、ovisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attentio
11、n to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others ou
12、tside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the
13、latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2008 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. J.125 (12/2007) iii CO
14、NTENTS Page 1 Scope 1 2 References. 1 2.1 Normative. 1 2.2 Informative . 2 3 Terms and definitions . 2 4 Abbreviations 3 5 Baseline privacy plus background and overview . 3 5.1 Architectural overview . 4 5.2 Operational overview . 7 6 DOCSIS MAC frame formats 9 6.1 Variable-length packet data PDU MA
15、C frame format. 9 6.2 Fragmentation MAC frame format. 11 6.3 Requirements on usage of BP extended header element in MAC header 13 7 Baseline privacy key management (BPKM) protocol 13 7.1 State models 13 7.2 Key management message formats 29 8 Dynamic SA mapping. 53 8.1 Introduction 53 8.2 Theory of
16、operation 54 8.3 SA Mapping state model 55 8.4 IP multicast traffic and dynamic SAs. 58 9 Key usage . 59 9.1 CMTS . 59 9.2 Cable modem 62 9.3 Authentication of DOCSIS v1.1/2.0 dynamic service requests . 62 10 Cryptographic methods. 63 10.1 Packet data encryption 63 10.2 Encryption of TEK . 64 10.3 H
17、MAC-Digest algorithm 64 10.4 Derivation of TEKs, KEKs and message authentication keys . 64 10.5 Public-key encryption of authorization key . 65 10.6 Digital signatures 65 10.7 Supporting alternative algorithms 65 11 Physical protection of keys in the CM and CMTS. 66 12 BPI+ X.509 certificate profile
18、 and management 66 12.1 BPI+ certificate management architecture overview . 67 12.2 Certificate format 68 iv ITU-T Rec. J.125 (12/2007) Page 12.3 Cable modem certificate storage and management in the CM. 74 12.4 Certificate processing and management in the CMTS. 74 Annex A TFTP configuration file ex
19、tensions. 78 A.1 Encodings . 78 A.2 Parameter guidelines 80 Annex B Verifying downloaded operational software . 82 B.1 Introduction 82 B.2 Overview 82 B.3 Code upgrade requirements 84 B.4 Security considerations (Informative) 97 Annex C BPI/BPI+ interoperability 99 C.1 DOCSIS v1.0/v1.1/v2.0 interope
20、rability 99 C.2 DOCSIS BPI/BPI+ interoperability requirements 99 C.3 BPI 40-bit DES export mode considerations 100 C.4 System operation 101 Annex D Upgrading from BPI to BPI+ 102 D.1 Hybrid cable modem with BPI+. 102 D.2 Upgrading procedure 102 Appendix I Example messages, certificates and PDUs 103
21、I.1 Notation 103 I.2 Authentication Info. 103 I.3 Authorization Request 105 I.4 Authorization Reply . 108 I.5 Key Request 114 I.6 Key Reply. 115 I.7 Packet PDU encryption 118 I.8 Encryption of packet PDU with payload header suppression 122 I.9 Fragmented packet encryption . 124 Bibliography. 126 ITU
22、-T Rec. J.125 (12/2007) 1 ITU-T Recommendation J.125 Link privacy for cable modem implementations 1 Scope This Recommendation provides MAC layer privacy (encryption and authentication) services for DOCSIS CMTS-CM communications. This Recommendation, often referred to as Baseline Privacy Interface Pl
23、us or BPI+, has the following two goals: provide cable modem users with data privacy across the cable network; and provide cable operators with service protection; i.e., prevent unauthorized users from gaining access to the networks RF MAC services. BPI+ provides a level of data privacy across the s
24、hared medium cable network equal to or better than that provided by dedicated line network access services (analog modems or digital subscriber lines). NOTE The structure and content of this Recommendation have been organized for ease of use by those familiar with the original source material; as su
25、ch, the usual style of ITU-T recommendations has not been applied. 2 References 2.1 Normative The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indi
26、cated are valid. All Recommendations and other references are subject to revisions; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T R
27、ecommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T J.112-B ITU-T Recommendation J.112 Annex B (2004), Data-over-cable service interface specifications: Radio-frequency interf
28、ace specification. ITU-T J.122 ITU-T Recommendation J.122 (2007), Second-generation transmission systems for interactive cable television services IP cable modems. ITU-T X.509 ITU-T Recommendation X.509 (2000) | ISO/IEC 9594-8:2001, Information technology Open Systems Interconnection The Directory:
29、Public-key attribute certificate frameworks. FIPS-46-3 Federal Information Processing Standards Publications 46-3 (1999), Data Encryption Standard (DES). FIPS-140-2 Federal Information Processing Standards Publication 140-2 (2001), Security Requirements for Cryptographic Modules. FIPS-180-2 Federal
30、Information Processing Standards Publication 180-2 (2002), Secure Hash Standard (SHS). IETF RFC 2104 IETF RFC 2104 (1997), HMAC: Keyed-Hashing for Message Authentication. IETF RFC 3083 IETF RFC 3083 (2001), Baseline Privacy Interface Management Information Base for DOCSIS Compliant Cable Modems and
31、Cable Modem Termination Systems. 2 ITU-T Rec. J.125 (12/2007) IETF RFC 3280 IETF RFC 3280 (2002), Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. PKCS #7 IETF RFC 2315 (1998), PKCS #7: Cryptographic Message Syntax Version 1.5. RSA3 PKCS #1: RSA Cry
32、ptography Specifications Version 2.0, October 1998. SCTE22-2 ANSI/SCTE 22-2 2002, Data-Over-Cable Service Specification DOCSIS 1.0 Part 2: Baseline Privacy Interface (BPI). www.scte.org SCTE23-3 ANSI/SCTE 23-3 2003, DOCSIS 1.1 Part 3: Operations Support System Interface. www.scte.org SCTE79-2 ANSI/S
33、CTE 79-2 2002, DOCS 2.0 Operations Support System Interface. www.scte.org 2.2 Informative DOCSIS4 Data-Over-Cable Service Interface Specifications DOCSIS 1.1, Cable Modem to Customer Premise Equipment Interface Specification, SP-CMCI-I09-030730, July 30, 2003. DOCSIS8 Management Information Base for
34、 DOCSIS Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus, draft-ietf-ipcdn-bpiplus-mib-05.txt, May 8, 2001. FIPS-74 Federal Information Processing Standards Publication 74 (1981), Guidelines for Implementing and Using the NBS Data Encryption Standard. FIPS-81 Federal Inform
35、ation Processing Standards Publication 81 (1980), DES Modes of Operation. (Includes Change Notice, November 1981). FIPS-186-2 Federal Information Processing Standards Publication 186-2 (2000), Digital Signature Standard (DSS). IETF RFC 2868 IETF RFC 2868 (2000), RADIUS Attributes for Tunnel Protocol
36、 Support. RSA1 RSA Laboratories, PKCS #1: RSA Encryption Standard, Version 1.5, RSA Security, Inc., Bedford, MA, November 1993. RSA2 RSA Laboratories, Some Examples of the PKCS Standards, RSA Data Security, Inc., Redwood City, CA, November 1993. SCTE22-1 ANSI/SCTE 22-1 2002, Data-Over-Cable Service
37、Interface Specification DOCSIS 1.0 Part 1: Radio Frequency Interface (RFI). www.scte.org SCTE22-3 ANSI/SCTE 22-3 2002, Data-Over-Cable Service Interface Specification DOCSIS 1.1 Part 3: Operations Support System Interface (OSSI). www.scte.org 3 Terms and definitions This Recommendation defines the f
38、ollowing terms: 3.1 DOCSIS: The term for a system or device compliant with any one of the Cable Television Laboratories, Inc. (“CableLabs“) series of specifications located at: http:/ 3.2 DOCSIS 1.0: A system or device compliant with the following Data Over Cable Service Interface Specifications SCT
39、E22-1, SCTE22-2, SCTE22-3, DOCSIS4. ITU-T Rec. J.125 (12/2007) 3 3.3 DOCSIS 1.1: A system or device compliant with the following Data Over Cable Service Interface Specifications: ITU-T J.112-B, SCTE23-3, DOCSIS4 and this Recommendation. 3.4 DOCSIS 2.0: A system or device compliant with the following
40、 Data Over Cable Service Interface Specifications ITU-T J.122, SCTE79-2, DOCSIS4 and this Recommendation. 4 Abbreviations This Recommendation uses the following abbreviations: BPI+ Baseline Privacy Interface Plus BPKM Baseline Privacy Key Management CBC Cipher Block Chaining CM Cable Modem CMTS Cabl
41、e Modem Termination System DES US Data Encryption Standard HMAC Keyed-Hashing for Message Authentication QoS Quality of Service RSA RSA Laboratories SA Security Association SAID Security Association Identifier SID Service Identifier TEK Traffic Encryption Key 5 Baseline privacy plus background and o
42、verview Cable operators are interested in deploying high-speed packet-based communications systems on cable television systems that are capable of supporting a wide variety of services. Services under consideration by cable operators include high-speed Internet access, packet telephony service, vide
43、o conferencing service, T1/frame relay equivalent service and many others. The intended service will allow transparent bidirectional transfer of Internet Protocol (IP) traffic, between the cable system headend and customer locations, over an all-coaxial or hybrid fibre/coax (HFC) cable television ne
44、twork. This is shown in simplified form in Figure 5-1. Figure 5-1 Transparent IP traffic through the data-over-cable system The transmission path over the cable system is realized at the headend by a CMTS, and at each customer location by a CM. At the headend (or hub), the interface to the data-over
45、-cable system is called the cable modem termination system network side interface (CMTS-NSI). At the customer 4 ITU-T Rec. J.125 (12/2007) locations, the interface is called the cable-modem-to-customer-premises-equipment interface (CMCI). The intent is for the cable operators to transparently transf
46、er IP traffic between these interfaces, including but not limited to datagrams, DHCP, ICMP, and IP Group addressing (broadcast and multicast). Baseline privacy (BPI) and baseline privacy plus (BPI+) provide cable modem users with data privacy across the cable network. They do this by encrypting traf
47、fic flows between CM and CMTS. Baseline Privacy is the original version of this feature and is detailed in reference SCTE22-2. Baseline Privacy Plus is the updated version of this feature and the subject of this Recommendation. See Annex C for a more detailed discussion of the differences between th
48、e two versions. In addition, BPI+ provides cable operators with strong protection from theft of service. The protected DOCSIS MAC data communications services fall into three categories: best-effort, high-speed, IP data services; QoS (e.g., constant bit rate) data services; and IP multicast group se
49、rvices. Under BPI+, the CMTS protects against unauthorized access to these data transport services by enforcing encryption of the associated traffic flows across the cable network. BPI+ employs an authenticated client/server key management protocol in which the CMTS, the server, controls distribution of keying material to client CMs. 5.1 Architectural overview Baseline Privacy Plus has two component protocols: An encapsulati
