Cable Modem Security DownLoad-Cable Modem 安全升级方式简介.doc

Cable Modem Security DownloadBy Forrest.Hong V1.0一非對稱加密算法。非對稱加密算法就是有一個PublicKey 和一個PrivateKey用PublicKey加密的Data只能用對應的PrivateKey來解密而用PrivateKey加密的Data只能用想對應的PublicKey來解密。 下面我們舉一個實例來說明非對稱加密算法加深我們對它的認識。 如果A要傳輸Data給BA的Puk-a和Prk-a是A的KeyPairB的Puk-b和Prk-b是B的KeyPair。B要確認Data是A發的并在網路的傳輸過程中沒有被任何人篡改。 A首先用B的Puk-b加密Data生成密文. ; 然后A用自己的Prk-a加密生成的 ; B收到后用A的Puk-a解密得到 B解開得到后用自己的Prk-a解密就可得到B要的Data了。 這就是非對稱加密解密的運作機制。二Ambit Cable Modem Security Download.1. Purpose of CM Security Download.防止非授權者用非法的Image Download到CM里來達到竊切服務的目的。2. Ambit CM Security Download 運作機制。1).首先在Security Room中產生一對Key PairKpu-cm和kpr-cm.2).Kpr-cm用來對我們的unsigned Image(.bin)進行加密并成成signed Image(.cdf)。Kpr-cm只能有一份Copy并把它放入Security Room中Security Room中不能有Internet,只有授權者才能進入進行signed Image的動作。3).被Signed 后的Image(cdf)可用來Download在CM中。4).Kpu-cm的一些信息(如Kpu-cm的有效期所有者)放入到Certification(証書)中這個Certification要經過Very Sign的Root Private Key Sign,就成為了CVC(Code Verification Certificate).5)CVC放入在CM的Configuration File 之中。6).Very Sign的Public Key 內嵌Cable Modem里用來解密CVC。整個過程如下圖Kpr-cm放入Very Sign private KeySecurity Room產生Key pairKpu-cmKpr-cmCertificationCVCConfig. FileUnsigned ImageSigned ImageVery Sign Public KeyCMCVC是存放在config file里面的，在CM上线过程获取Config file，获得CVC，然后通过内嵌在Cable Modem里的Public Key来解密与检查CVC（加密的），如果成功则允许dload；若CVC正确，则CVC中的Private Key来解密与检查Image，signed的Image（.cdf）比unsigned的Image（.cpr）在开始部分多了加密的PKCS数据，所以很容易检测出是signed还是unsigned的Image，只有signed的才允许dload. 1. Security Room产生Key pair：Kpu-cm（public Key）和Kpr-cm（private Key）。 2. Kpr-cm对Unsigned Image加密，成为Signed Image；与此同时，Kpu-cm存放到一个Certification(証書)里面。3. 这个Certification要经过Very Sign的Private Key加密成为CVC，CVC存放在Configuration file中。4. Very Sign的Public Key内嵌到CM中。5. CM上线获取Configuration file。6. 然后通过内嵌在CM中的Very Sign Public Key来解密CVC。7. 若CVC正确，则CVC中的Kpu-cm会对Image文件进行检查与解密，若正确则执行dload,否则升级失败Manufacture must only use the CVC to digitally sign software image for Devices of the manufactureOne practical use of certificates is to restrict a cable modems unit update process. By installing a certificate into a cable modem, a service operator can ensure that the modem will only download and install firmware that is authorized by CMTS. This security feature is very important, which is why there is a method available to DOCSIS 1.1 with signed firmware.To install signed firmware, a DOCSIS 1.0 modem capable of upgrading to DOCSIS 1.1 must download and install unsigned DOCSIS 1.1 firmware and the use that firmware to upgrade to signed DOCSIS 1.1 firmware. When DOCSIS1.1-capable cable modems attempt to provision for the first time, the CMTS must download and store the modems CVC file prior to the registration period. Now this modem running DOCSIS1.1 firmware in 1.1 modem can only download and install firmware with a matching CVC.As you know from having read this book, cable modem hackers commonly use hacked or modified firmware to take control of their modems. Hacked firmware gives hackers a distinct advantage, but who says that network administrators cant do the same, that is, develop a custom firmware image and install it into their customers modems? Although this an unconventional method, it can also work to a service providers advantage.If you are a cable service provider, why should you wait weeks or even months for a hardware manufacturer to fix a publicized exploit if you can could even add additional features to your customized firmware to further guard against many common hacking methods. By having customers modems run custom firmware, a network administrator gains even more control over the coax network. For example, any customer with an unmodified SURFboard modem could use the TTL console port in the modem to change firmware. The security risk arises from a flaw that is located in the bootloader. However, upgrading the bootloader via a custom firmware image downloaded from the CMTS would disable the security risk.Modems that have been upgraded to use firmware are more secure because they will only accept firmware updates when CVCs downloaded by wht modem through the provisioning process m