The Remote PHY (R-PHY) architecture represents the next stage in the evolution of DOCSIS and video service delivery as defined in a family of specifications under development by Cable Television Laboratories (CableLabs®). Products can be expected in the near future and operators need to understand the issues with the new technology, and start planning how to deploy it.
Unlike previous versions of DOCSIS this new architecture significantly impacts the HFC access infrastructure. The CCAP PHY components migrate into R-PHY devices (RPDs) located at the edge of the IP network, which is also extended deeper into the outside plant. To enable this evolution, existing linear optical links are converted into standard Ethernet connections and the traditional fiber nodes are replaced with IP enabled R-PHY devices.
Thus the R-PHY architecture requires MSOs to deploy a large number of IP networking devices into inherently unsecure portions of the network, such as pole mounted nodes and remote cabinets. This extension of IP deeper into the plant exposes the network to a set of security threats so that the infrastructure and the RPDs must incorporate critical security measures to protect the network, the RPDs and the customer data.
The paper outlines a comprehensive approach to ensure the security of distributed IP networks in insecure locations, using R-PHY as a specific example, taking into account the unique network, protocol, and application characteristics of R-PHY systems. The authors assess the scope of security threats, propose mitigation techniques to address the identified vulnerabilities and recommend security requirements for individual network components. In particular, the paper details such procedures as the secure authentication of RPDs to prevent unauthorized access to the MSO’s IP network and approaches to secure R-PHY control and data connections.
In summary, the paper demonstrates why, where, and how standards-based, distributed IP networks can be secured in a cost effective and interoperable manner using R-PHY as a specific example.