HI .. I am a newbie .. I request you to correct me in the following assumption

1. If a person gets to know the public rsa key of a cable modem(transmitted during Auth-request phase) , then he would be able to decrypt the auth info(which is encrypted with CM's rsa public key) trasmitted from CM to CMTS.

2. The auth info is used to obtain KEK and HMAC digests which are used later.

3. Again, TEK is encrypted by using KEK, which the hacker already knows.

4. The hacker would then be able to decrypt all the following messages.

I understand that i am missing something somewhere .. because in PKI, even if the hacker gets to know the public key, he will not be able to succeed in decrypting the message.

kindly correct me

Thanks in advance

The Way public/private key pairs work is like this:

When a key pair is generated they are generated in a Pair a public key and a private key

messages encrypted with the private key can only be decrypted with the public key

messages encrypted with the public key can only be decrypted with the private key

A super simplified version of what happens is

during initialization the CMTS and the CM exchange public keys in the clear

The CMTS then generates a new public/private key pair

Then the CMTS sends the CM the new public key to encrypt future traffic, this key is encrypted using the CM's public key

The cable modem Decrypts this message using the CM's private key,

When the CM sends a message it uses the new public key it decrypted to encrypt its message, The CMTS uses the private portion of that same key to decrypt that message

The key pair the CMTS generates is only good for a certain amount of time, and when it expires the process starts over again

To compromise the process a Hacker would need access to the CM's Private key not its public key which is publicly available.

Thank you for the detailed explanation...