Cable-Modem Security Close to Resolution

A way to keep cable-modem data safe is receiving the final
polish from the cable industry's standardization group, DOCSIS (Data Over Cable
Service/Interoperability Specification).

Dubbed the baseline privacy interface plus (BPI Plus), the
security technique is expected to be fully defined by the fall and modem-ready by the
second quarter of 1999, executives said.

For Internet-access providers such as Road Runner, the
adoption of DOCSIS-based BPI Plus should have little consequence, since Road Runner
currently uses the BPI model. "At the moment, I don't see us needing more than
BPI," said Mario Vecchi, senior vice president of technology for Road Runner.
"When you provide link-level encryption, you provide good privacy and security. When
you need a higher level of protection for electronic commerce or virtual-private networks,
we can provide that, too."

BPI Plus is a second-generation security system that
incorporates key elements from its more sophisticated brother, Security Systems Interface
-- a system that was also written for DOCSIS, but that is currently seen as too expensive
and complex by vendors and cable operators. SSI was designed to protect expensive assets
and to protect against system cloning, the executives said.

After 18 months of close scrutiny and tweaking by Cable
Television Laboratories Inc. and various vendors, the initial DOCSIS-based BPI was
retooled to include three SSI components to make the system more cost-friendly and easier
to manage. The result is BPI Plus, which is now in its final certification go-around at
CableLabs.

"Vendors like BPI Plus, so we're embracing
it," said Doug Jones, network architecture engineer for MediaOne Labs in Boulder,
Colo., and visiting engineer at CableLabs. "It includes certain aspects of SSI, so
it's faster and safer. Now, we've gotten together to discuss the features."

BPI Plus, which is under consideration by CableLabs'
consortium of cable operators and vendors, incorporates three key SSI features:
renewability, in the form of a smart card, which allows the system to change its DES
(data-encryption system); physical security, which prohibits attackers from shaving
silicon off chips and viewing transistors; and authentication of cable modems, which will
allow the operator to "defeat" cloning of modems through a registration process.

"SSI included all of these features, but it was
heavy-duty security, designed to protect very expensive assets, and vendors felt that they
could do it cheaper, so the result is BPI Plus, which we are now defining at CableLabs to
prepare through the DOCSIS certification board," Jones said. Once adopted, BPI Plus
would become part of the modem requirements mandated by DOCSIS 1.0, replacing the current
BPI standard.

More than 24 vendors are expected to apply for DOCSIS
certification by September and to eventually incorporate BPI Plus into their cable modems.
Jeff Walker, senior manager of cable modems for Motorola Inc.'s information-systems
group, said, "BPI Plus is sufficient for privacy as a link layer and as an
authentication to prevent theft of service. We already have encryption in our modems, but
BPI Plus will be in all of our modems."

Initially, the DOCSIS-based privacy standard included
several full-security components that focused on Internet access and higher-value services
such as stock services, said Chet Birger, vice president of engineering and chief
technology officer for YAS Corp., an Andover, Mass.-based consulting firm that is
currently assisting CableLabs with DOCSIS certifications. Birger also co-authored the BPI
security-system document.

"There was resistance to deploying and supporting a
full-security system, so BPI Plus came into play," Birger said. "After assessing
the long-term security requirements through DOCSIS, we identified what the security
threats were and what added security should be included in DOCSIS 1.0. The consensus was
to enhance BPI so that it would support the DOCSIS standard. And it's all done in one
protocol," he added.

BPI Plus, Birger continued, will allow cable-system
headends to authenticate entry onto the network. When data subscribers are online, it will
include an identifier that says that the cable modem can operate on the network.
Discussions are also in progress with MSOs to develop an authentication method for backup
systems, Birger noted.

"Operators have responded positively to the
authentication function. They want security in their systems. Now, the ball is in their
court as to which modem schemes will operate in their systems' architectures. Do they
need tamper-protective hardware? That's the question that they'll have to
answer," Birger said.

Cable-modem vendors such as 3Com Corp. are planning to use
BPI Plus as a base function in their modems. According to Levent Gun, vice president and
general manager of 3Com's cable-access division: "We wouldn't put this
function [BPI Plus] on every modem, but lower-end modems will include the function. You
can always argue whether a network is secure, so I think that the industry made the right
decision in requiring a standards-based privacy function."

3Com and other modem vendors consider BPI Plus to be a
basic security function, with more sophisticated privacy components required for
higher-level systems. Added Gun, "Security must be end-to-end, and not just with
parts of the connection secured. BPI Plus will be mandatory, but full security is still
evolving, and the reality is that each MSO will have a different view on what level of
security it requires. But we're seeing a demand for full security."

The cost of adding BPI Plus to a cable modem is minimal --
less than $10 per modem, if a smart card is added -- according to Gerry White, chief
technical officer of the broadband-technologies division of Bay Networks Inc. The addition
of authentication, however, will be well worth it to cable operators, White added.