Security Looms High on Cable Minds1/16/2000 7:00 PM Eastern
Anaheim, Calif. -- The new interactive broadband age will
dramatically change the way people communicate, how they are entertained and how they
transact their business, keynote speakers said at the Society of Cable Telecommunications
Engineers' Conference on Emerging Technologies here last week.
The technology allowing the free-flowing, sea change of
information, entertainment and electronic commerce is already at our fingertips, Broadcom
Corp. CEO Henry Nicholas said in his opening remarks at the three-day gathering.
The SCTE's flurry of
broadband-telecommunications-applications sessions -- including PacketCable security,
cable modems and virtual private networks -- underscored the potentially impressive
revenues promised from a myriad of new services and the challenge of protecting and
securing the networks that generate them.
"The challenge is to enable an entire new class of
media and Internet-enabled media, but we also need the ability to crash-proof network
interfaces," Nicholas said. "The technology exists today, and the cost
efficiencies will exist in the next two years. The question is whether we can be
Nicholas pointed to home networks as an example. "Home
networks are critical to the cable industry," he said. "They open up a whole new
market. And with the proper deployment of next-generation networks, we can control the
evolution of content and the entire class of new markets for TVs and PCs."
Just how the industry plans to secure and protect those
networks -- especially for the lucrative small-business market -- is a lingering problem
for cable operators. That question was addressed during the conference's "DOCSIS
[Data Over Cable Service Interface Specification] Security vs. Cable-Modem Cloning"
As the business market for interactive services and data
expands, providing network security becomes crucial. The "BPI+" (Baseline
Privacy Plus) technology is designed to protect the link between cable modems and CMTS
(cable-modem-termination system) gear, according to Sasha Medvinsky, senior engineer for
data networks at General Instrument Corp., which is now owned by Motorola Inc.
"In the future, there will be more valuable services,
so cable-modem clones could become more valuable in gaining free access to networks. With
BPI+ and tamperproof key storage, cloning attacks will be very difficult," Medvinsky
said. "And that will make companies feel safer about charging more for streaming
Security for PacketCable networks is a growing issue, as
well, explained Doug Jones, network architect for MediaOne Group Inc.'s MediaOne Labs,
during his "PacketCable Security Overview" session.
"PacketCable security is vital to ensure a secure
network because it's very broad with many different aspects," Jones added. "And
the key is protecting PacketCable interfaces with other functions like phones, billing and
Each PacketCable interface must be secured and should be
based on the value of information it provides, he said.
In addition, PacketCable security has a strong economics
component. "From an economics standpoint, the effort to protect information should be
as great as the value of the information," he added.
Jones outlined five general classes of threats to
PacketCable: service theft, bearer-channel information threats, signaling-channel
information threats, service-disruption threats and repudiation.
PacketCable interfaces, he explained, are secured by
several different techniques, such as BPI+; "Ipsec," which provides security at
the Internet-protocol layer; "Internet Key Exchange"; "Kerberos"
(public-key cryptography); "RC4"; and several others.
"We want to make the network pirates literally pay an
unreasonable amount of money to circumvent the interfaces," he said.
VPNs -- which extend network information across the
Internet via a series of "tunnels" and are subject to similar security breaches
-- are nonetheless growing in popularity as revenue generators for cable operators and
multiservice providers, noted Michael Coden, president and CEO of magjic.com LLC, a
VPN can now offer cable operators services such as
videoconferencing over a shared backbone and reduce customer costs, Coden said.
"Provider Edge" is the latest and greatest of the
VPN services. "Provider Edge VPNs are better solutions because they consolidate VPN
processing to the edge of the core network and consolidate into one big piece of equipment
that can serve lots of customers," Coden said during his discussion, "High-Speed
Processing of Virtual Private Networks and Service-Level Agreements on IP Networks."
Provider Edge can offer new revenue streams for network
providers, better scalability, consolidation of processing and lower costs, as well as
naturally enabling other services such as server hosting and application outsourcing,
"It's the only way to achieve performance at a
reasonable price and offer new revenue streams," he said.
Lowering the cost of components in cable modems was the
focus of a session headed by Bijan Hakimi, cable- and broadband-wireless-engineering
manager for Intel Corp.
A 35 percent cost savings for the modem manufacturer can be
achieved through host-based processing, which shifts some of the processing onto the PC
and out of the cable modem, Hakimi said.
"Operators we talked with had two concerns: higher
support costs, because they were more dependent on PC components, and security, including
theft, privacy and network integrity. Modems are open to security attacks, so security
features needed to be included in them," Hakimi said.
Host-based modems are scheduled to be demonstrated in
March, but not before a thorough examination by Cable Television Laboratories Inc.
John Chapman, system architect for cable products and
solutions at Cisco Systems Inc., concluded the series of sessions with an overview on
"Multimedia Traffic Engineering for HFC [Hybrid Fiber-Coaxial] Networks."
Video-over-IP will change the nature of the Internet, where
movies will be available at any time and Web sites will offer an infinite number of
snapshots of the world, he said.
"It's very exciting. But they don't own the pipes, so
our design goal is to map fiber nodes to CMTS receivers," Chapman added.
He cautioned that it is also necessary to take the business
aspects into account, including costs, before services such as video-over-IP, data-over-IP
and others are deployed.