Operators Kick the Tires on Voice-Encryption Strategies


Nuera Communications Inc., Syndeo Corp. and InnoMedia Inc. last week demonstrated a cable telephony voice-encryption service at Cable Television Laboratories Inc.'s winter conference — one of more than a dozen companies displaying new technology to an elite gathering of senior MSO engineers.

"It's the first time we've had [PacketCable-]compliant authenticated and encryption," said Nuera vice president of marketing Craig Lee, noting that the technology will comply to that CableLabs standard and work across various MSO platforms.

MSOs are looking at security because there is some concern that hackers — using the same cable network that Internet-protocol telephony and cable-modem customers will employ — could tap into private phone calls. Voice encryption and authentication would prevent such actions, and also guard against theft of service.

"Our MSO customers have impressed strongly upon us the importance of being able to provide secure voice calls over their network," said Syndeo vice president of enginnering Sohial Parekh. "They consider it a 'must-have' for volume deployment."

Nuera and Syndeo are both part of Comcast Corp.'s IP telephony trial in Philadelphia.

In the demonstration, the companies combined Nuera' ORCA BTX voice gateway with Syndeo's Syion softswitch and InnoMedia's 3328-1 single-port, standalone multimedia terminal adapter to deliver secure voice calls under PacketCable 1.0 security requirements.

"We devised a way to encrypt the media stream, and we also encrypted the signaling," Lee said. "It's a double protection. This is a super-secure communication."

A hacker would have to unscramble both the signaling and the voice packets.

"The cost would be enormous to hack," Lee said. "If a hacker comes in, they have to know more than just IP addresses."

Although hackers are shut out, the government still can engage in its new security oversight through the federal Communications Assistance for Law Enforcement Act, Lee said.

Each part of the IP plant has its assigned role, Lee said.

"The call-management server has to set up and tear down sessions," he said. "The gateway and the MTA have to send half keys, both 64-bit keys, to the call-management service, and we swap information with the MTA. We create a new session key with the information. That means we have authenticated the voice call and we can set up an encrypted session."

Lee said it's difficult to quantify the cost, but it's not expected to be high, as most of the work is software-related.

Incognito approach

Also at the conference, Incognito Software debuted Address Commander 2.0, an advanced IP-address provisioning and management tool designed for MSOs with 500,000 or more VoIP subscribers.

Incognito CEO and co-founder Patricia Steadman said the software package allows an MSO to manage IP addresses and network elements more efficiently as it grows its cable-modem subscriber base and adds IP-telephony services.

The Address Commander 2.0 sits in an Oracle Corp. database and pushes out to an MSO's cable-modem termination system, Steadman said. "It touches CMTSs, routers and servers," she said.

MSOs must constantly renumber and reaggregate of IP addresses, she said — a task that gets more complicated as more subscribers are added to a system.

The top MSOs need to better manage millions of addresses, she said.

Incognito's software also will help operators to transition static IP addresses from Data Over Cable Service Interface Specification 1.1 to DOCSIS 2.0, once that standard is implemented. Many of those customers will likely be business users.

ICTV Inc. exhibited a reference design to allow interactive applications direct to digital TVs without the need for a digital set-top box.

ICTV uses an infrared cable-modem adapter, which uses the standard DOCSIS return path to transmit upstream commands for headend-based applications. At the headend, ICTV's HeadendWare would send out interactive applications and content to the TV set.

Kasenna Inc. exhibited its Stream Clustering video-on-demand server platform, including its "predictive hot spot management" capabilities and server networking functionality.