Question on BPI 1.0 security | docsis.org

You are here

Question on BPI 1.0 security

1 post / 0 new
crsrikanth84
Question on BPI 1.0 security

Hi All,
I have been going through the DOCSIS 1.0 spec from past few days ... the one question that I often get is that, On what basis does the CMTS authorize a CM?

The following explanation is given in DOCSIS 1.0 BPI specification ..

Baseline Privacy initialization begins with the CM sending the CMTS an authorization
request, containing data identifying the CM (e.g., MAC address), the CM’s RSA public key,
and a list of zero or more assigned unicast SIDs that have been configured to run Baseline
Privacy. (The list is empty if a cable modem is configured to run Baseline Privacy only on
multicast SIDs.)

If the CMTS determines the requesting CM is authorized for these services, the CMTS
responds with an authorization reply containing a list of SIDs (both unicast and multicast) on
which the CM is permitted to run Baseline Privacy. The reply also includes an authorization
key from which the CM and CMTS derive the keys needed to secure a CM’s subsequent
requests for per-SID traffic encryption keys, and the CMTS’s responses to these requests. The
authorization key is encrypted with the receiving cable modem’s public key.

I could not fugure out how exactly the CMTS authorizes a CM? .. Is it based on the SID?

Thanks in Advance ...