The disclosed system describes secure register access in a communication device, e.g., a cable modem.
Operation of a cable modem can be carried out according to the Data Over Cable Service Interface Specification (xe2x80x9cDOCSISxe2x80x9d) 1.0 specification, Cable Television Laboratories, Inc., 1996. This specification describes a cable modem architecture that uses time division multiple access (xe2x80x9cTDMAxe2x80x9d) techniques to provide access to the cable network. The cable network is a shared transmission medium. The communications from each of the cable modems takes a different time slot within the transmission.
The cable modem termination station (xe2x80x9cCMTSxe2x80x9d) determines and sets the grants of access based on information about the remote cable modems. Typically, each cable modem is allowed a maximum bandwidth that is based on the plan that the cable modem user subscribes to, and pays for.
According to the DOCSIS 1.0, however, the cable modem termination station does not store its own information about bandwidth utilization parameters. Instead, this information is reported by each of the remote cable modems themselves. This cable modem termination station can access the information from the cable modems, to determine the amount of bandwidth utilization. The cable modem termination station is provided also with a mechanism to remotely alter the bandwidth allocation in the cable modem, once the system operator decides to modify the initially set configuration.
This approach can pose a security risk. Since the remote station must be able to modify configuration by accessing the device registers, an unauthorized user or xe2x80x9chackerxe2x80x9d, could also get access to these registers and get unlimited bandwidth control by changing the values within their own cable modem or produce other unexpected problems. In particular, this could fool the cable modem termination station to allocate excess bandwidth without the service provider""s authorization. Therefore, a secure method to remotely control the configuration by writing data into configuration register is required.
A secure remote access system of the present invention has a first, non protected, storage element, and a second, protected storage element that stores protected information, and is physically protected, for instance, by embedding it in a chip together with access protection circuit. A data transfer mechanism is connected to both the first and second storage elements. The data transfer mechanism operates at least partly with characteristics based on information in the second storage element. A security element detects security of an incoming message, and allowing the incoming message write access to the second protected storage element, only when security is verified. The remote access system can be a modem of a type that can operate in different modes, e.g. configurations or a different data transfer rates.
The disclosed system describes security for preventing unauthorized modifications to certain registers in the cable modem using encryption techniques. All, or only those critical registers, e.g. those used to store or control some aspect of the data transfer mechanism, e.g. bandwidth allocation information, may have restricted access. Only write operations to these registers are restricted in this embodiment, although the method allows to selectively assign access rights to read and write data on a per-register basis.
A disclosed mode uses public key cryptography, and a hash function that detects the control information change.
The operations to the registers are protected by using encryption techniques in a non-standard way to protect the information.