50 Million Keys to SNMPv3 Privacy (2020)

By Paul E. Schauer, Comcast Cable

Security and Privacy must be top line features of any service operating today. Twenty years ago, the team at CableLabs prescribed SNMPv3 with Diffie Hellman key exchange for encrypting management traffic from DOCSIS cable modems. While SNMP is dated, simple non-sensitive management data is still integral to CM operations. Yet in 2020, few production implementations of encrypting SNMP have been reported. Because CM management traffic lives behind numerous other layers of network and physical security, this has not been a significant issue. Still, leaving the CM management data in clear text SNMP is an operational luxury that should be phased out of practice. Switching to newer, more secure protocols is a future solution that overlooks the millions of installed DOCSIS CMs. As part of Comcast’s ongoing evolution of security and privacy, clear text SNMP data has been deprecated. DOCSIS cable modem management is now encrypted with SNMPv3 utilizing Diffie Hellman key exchange as specified by CableLabs. Associated mechanisms for securely managing the privacy keys and boot files are part of the larger solution. This paper will highlight technical issues of implementing SNMPv3 with Diffie Hellman key exchange at MSO scale.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Privacy For Cable Services
By Frank R. Eldridge, The MITRE Corporation
E-Commerce Over Cable: Providing Security For Interactive Applications
By Tony Wasilewski, Scientific-Atlanta, Inc.
Gridmetrics Data Provide Insights and Improve Situational Awareness of the Electric Power Grid
By Robert Cruickshank, Ph.D. & Nicolas Metts, Cable Television Laboratories; Paul Schauer, Comcast Cable Communications; Curtis Snyder
Proactive Network Maintenance (PNM) Paves the Way for More Upstream Bandwidth
By Takashi Hayakawa, Mike O’Dell, Paul Schauer, Larry Wolcott; Comcast
Dynamic Deep Cycling Testing: The Use of Dynamic Deep Cycling Testing to Predict Battery State-of-Health in Outside Plant Environments
By Michael Nispel, Comcast Cable; Alexander Falcon, Comcast Cable; Kang Lin, Comcast Cable; Paul Schauer, Comcast Cable; Cory Thompson, Comcast Cable
A Practical Approach to Virtualizing DOCSIS 3.1 Network Functions
By David S. Early, Applied Broadband, Inc.; Paul E. Schauer, Comcast; Jason K. Schnitzer, Applied Broadband, Inc
A Cable Operator's Guide To Cablehome™ 1.0 Features
By Kevin Luehrs, Steve Saunders, CableLabs® and Nancy Davoust, YAS Broadband Ventures
Full Band Capture Revisited
By Ron Hranac, Cisco Systems; Chad Campbell, Intraway; Roger Fish & Tom Kolze, Broadcom; Even Kristoffersen & Aleksander Soeberg, Telia Norge; James Medlock, Akleza; Jason Rupe & Tom Williams, CableLabs; Paul Schauer & Larry Wolcott, Comcast
Two Years Of Deploying ITV/EBIF Applications – Comcast’s Lessons Learned
By Robert Dandrea, Ph.D., Comcast Cable
Photon Avatars in the Comcast Cosmos: An End-to-End View of Comcast Core, Metro and Access Networks
By Venk Mutalik, Steve Ruppa, Fred Bartholf, Bob Gaydos, Steve Surdam, Amarildo Vieira, Dan Rice; Comcast
More Results >>