ETSI - ES 201 488-3
Data-Over-Cable Systems; Part 3: Baseline Privacy Plus Interface Specification
|Publication Date:||1 January 2003|
The present document, namely the BPI+ specification [DOCS i] extended to allow certificates designated Euro-DOCSIS, describes MAC layer security services for Data-Over-Cable Systems (DOCS) CMTS.
The source material was the DOCSIS "Data-Over-Cable Services Interface Specifications, Baseline Privacy Plus Interface Specification Interim O8 01/03/02", for which the latest published version can be found at www.cablemodem.com.
CM communications. BPI+ security goals are twofold:
• provide cable modem users with data privacy across the cable network, and
• provide MSOs with service protection; i.e. prevent unauthorized users from gaining access to the network's RF MAC services.
BPI+ provides a level of data privacy across the shared medium cable network equal to or better than that provided by dedicated line network access services (analog modems or digital subscriber lines).
The protected RF MAC data communications services fall into three categories:
• best-effort, high-speed, IP data services;
• QoS (e.g. constant bit rate) data services; and
• IP multicast group services.
The earlier BPI specification [DOCS21 had 'weak' service protection because the underlying key management protocol did not authenticate CMs. BPI+ strengthens this service protection by adding digital-certificate based CM authentication to its key exchange protocol.