DOCSIS CABLE-MODEM SECURITY ASSURED BY CABLELABS-RSA DEAL
An anticipated deal between the cable industry and
encryption specialist RSA Data Security Inc. nailed down the last plank in the ongoing
cable-modem-standards platform.
RSA and Cable Television Laboratories Inc., which will
jointly administer the security agreement, officially announced the deal last Tuesday.
Richard Green, CEO of CableLabs, said during a
teleconference that the agreement 'is essentially the final piece, and an important
cornerstone' of the DOCSIS (Data Over Cable Service/Interoperability Specification)
cable-modem standard.
The arrangement is also important for the industry because
it means that all forthcoming DOCSIS modems will be shipped with two flavors of privacy,
so that high-speed-data customers and MSOs can be safeguarded from security breaches.
'This will protect against cloning, interception
relay, software alteration, malicious software attacks' and other privacy breaches,
said Jim Bidzos, president of RSA.
'Through this agreement with CableLabs, our security
technology will help to protect digital cable networks from a wide range of attacks that
the industry now faces and is likely to face in the future,' Bidzos added.
Just last year, a MediaOne data customer in Needham, Mass.,
showed a Boston Globe reporter how he could access another cable-modem user's
hard drive because a Windows 95 'file-sharing' option had not been disabled.
Multichannel Newsletter
The smarter way to stay on top of the multichannel video marketplace. Sign up below.
Executives with CableLabs were quick to point out, however,
that the RSA arrangement does not cover incidents where cable-modem users inadvertently
leave the file-sharing option activated. The arrangement refers more to pure encryption
and authentication techniques, they added.
RSA will provide its public-key and symmetric-encryption
technology to cable-modem and set-top vendors, Bidzos said, as well as its 'SSL'
technique for secure Web sessions, its 'SET' method for secure payment on
credit-card transactions and its 'S/MIME' technology for secure e-mail
transmissions.
'What this announcement points to is the growing
awareness that privacy and security are becoming key requirements everywhere,' said
Al Sisto, chief operating officer of RSA. 'For us, it represents a major extension of
our [encryption products] from our traditional Internet and Intranet base to this new,
consumer-based world.'
Steve Dukes, vice president of network technology for TCI
Technology Ventures Management Inc., said he was pleased with the benefits that RSA's
approach affords operators and their customers. 'By relying on RSA technology,
CableLabs can enable equipment manufacturers to provide the cable industry and its
customers with confidence that their services and private information will be
protected,' Dukes said.
And, added Mark Coblitz, vice president of strategic
planning for Comcast Corp., '[The agreement] provides our customers and business
partners with confidence that the industry is serious about achieving a business
environment where security is part of the equation.'
Under the terms of the deal, CableLabs will distribute and
sublicense RSA's public-key and symmetric cryptography to equipment manufacturers,
and RSA will receive per-unit royalties from manufacturers.
Although executives on Tuesday's call would not
discuss financial specifics, MSO executives close to the arrangement said three weeks ago
that the royalties will likely fall in the range of 25 cents per modem shipped. Separate,
per-headend fees will range from $50 to $500, sources said, in addition to an unspecified
administrative fee paid to CableLabs.
Bob Cruickshank, director of digital network technologies
for CableLabs, explained that the RSA agreement includes 'two different lines of
defense.' The first is what he called 'baseline privacy' -- an internal
module that will be deployed in all forthcoming DOCSIS modems.
If that eventually becomes compromised, each cable modem
will also include a slot into which a second, removable security card can be plugged.
'Even in the baseline system, the key changes every 30
seconds,' Cruickshank said. 'Plus, we've already designed a second system
that is even more robust, that is also completely replaceable, so we're confident
that we're putting out a strong system.'
RSA executives said the deal includes identification and
authentication of network users; confidentiality of user information by delivering data
only to the intended recipient; and ensuring data integrity by isolating network services
from each other, using both physical and logical means.