1. Field of the Invention
The present invention relates to a security control method in a cable network dynamic multicast session, and more particularly, to a method of controlling forward secrecy and backward secrecy in a Data Over Cable Service Interface Specifications (DOCSIS) 3.0 network dynamic multicast session.
This work was supported by the IT R&D program of MIC/IITA. [2007-S-007-01, The Development of Downloadable Conditional Access System]
2. Description of Related Art
A Data Over Cable Service Interface Specifications (DOCSIS) 3.0 network supports an Internet data speed of greater than or equal to downward maximum 480 Mbps and of greater than or equal to upward maximum 120 Mbps in a hybrid fiber coax (HFC) network, using a channel bonding technology. Currently, a DOCSIS3.0 standard defines a Media Access Control (MAC) technology, a physical layer (PHY) technology, and a DOCSIS3.0 security. The DOCSIS3.0 security technology supports privacy through encryption with respect to data transferred between cable modems and a cable model termination system (CMTS). Also, the DOCSIS 3.0 security technology is based on a Baseline Privacy Interface Plus (BPI+) technology.
A DOCSIS 3.0 network supports a unicast session and a multicast session. Due to characteristics of the HFC network, data of the multicast session is broadcasted to all the cable modems included in the same cell. Therefore, when a malicious cable modem exists in cable modems connected with the same HFC network, the malicious cable modem may eavesdrop data that is being transferred to another cable modem. Specifically, a cable modem belonging to the same HFC network may receive data of another cable modem. In order to solve the above privacy problem, the DOCSIS 3.0 network defines an encrypted multicast session that encrypts a multicast stream between a CMTS and cable modems, and sends the encrypted multicast stream.
The DOCSIS 3.0 standard defines an encrypted static multicast session and an encrypted dynamic multicast session in the encrypted multicast session. The encrypted static multicast session denotes when cable modems may not dynamically join and leave while the multicast session. The encrypted dynamic multicast session denotes when the cable modems may dynamically join and leave while the multicast session. In particular, in an aspect of security, the encrypted dynamic multicast session may need forward secrecy and backward secrecy in order to support the privacy.
FIGS. 1 and 2 illustrate an example for describing vulnerability of the forward secrecy and the backward secrecy of the encrypted dynamic multicast session that may occur in the conventional DOCSIS3.0 network. Referring to FIG. 1, the currently published DOCSIS 3.0 standard does not define a mechanism of dynamically updating a Traffic Encryption Key (TEK). Therefore, an eavesdropping slot 110 may incur between a point in time Tleave when the malicious cable modern sends a LeaveMulticastSession message to a CMTS and a point in time T13 when a subsequent TEK is updated. In the eavesdropping slot 110, a cable modem that left a multicast group may be aware of eavesdrop communication contents between group members that may occur after leaving the multicast group.
Referring to FIG. 2, the currently published DOCSIS 3.0 standard does not define a mechanism of dynamically updating a TEK. Therefore, an eavesdropping slot 210 may incur between a point in time Tjoin when a malicious CM sends a JoinMulticastSession message to a CMTS and a point in time T22 when a subsequent TEK is updated. In the eavesdropping slot 210, the cable modem that joins the multicast group may be aware of communication contents between group members that occurred before joining the multicast group.