Broadband hybrid-fiber/coax (HFC) networks provide a flexible, cost-effective platform for offering a wide range of telecommunications services to residences and businesses. One of these services, high-speed multimedia access, is a particularly attractive opportunity for HFC network operators. Some of the envisioned applications include Internet access, the ability to communicate with the office while working at home, voice and video telephony, interactive game playing, etc.
Although there is substantial near-term demand for basic high-speed data access over HFC networks, it is uncertain how interactive data services will evolve over time. There is a strong trend towards the integration of data and non-data services within end-user applications. Highly compelling applications such as `audio plus data,` `voice plus data,` and `audio plus video plus data,` for personal computers and other devices, are all under development. Wide-area network transport infrastructures are migrating towards asynchronous transfer mode (ATM) as bandwidth and quality-of-service (QOS) issues become critical for supporting these applications.
HFC pure data systems installed in the near-term must be gracefully upgradable to support these new integrated applications since it is unreasonable to require wholesale replacement of less flexible early generation equipment that has been optimized for a restricted class of data-centric applications, e.g., those requiring only transport of Ethernet frames or IP packets. Although it may be technically possible to add limited inefficient support for other traffic types to these early systems through "extensions," it is preferable to develop a flexible basic transport structure in place from the outset to provide for future evolution as warranted by the customer needs and business considerations. Such a transport system must be capable of transporting synchronous transfer mode (STM) information, such as voice and video telephony; variable length (VL) information, such as Internet Protocol (IP) or IEEE 802.3 frames; and asynchronous transfer mode (ATM) cells.
As with other HFC and wireless applications and systems, downstream, and in some cases, upstream payload is accessible by both other legitimate subscribers to the system and non-registered attackers or pirates. Attacks or merely eavesdropping can offer varying degrees of value to an attacker, ranging from simple theft of services to illicitly acquiring privileged and confidential information and information representing monetary value, such as credit card numbers. Present security and encryption techniques could be incorporated into a bi-directional broadband multimedia, data, and communications system, however, several encumbrances hinder such an implementation.
Encryption systems implemented in hardware provide the speed required for a multimedia and data exchange system, however, the cost of required hardware at individual cable stations is generally prohibitive. For example, implementation of DES encryption in hardware requires a DES chip having approximately fifteen thousand gates with a total cost of ten dollars or greater. An alternative to implementation in hardware is a software implementation, however, encryption in software is much slower than in hardware and would not provide the necessary encryption speed for a multimedia and data exchange system with the degree of security required. For example, a software version of the triple-DES algorithm provides superb protection against decryption and adds very little cost for system-wide implementation, but, is relatively slow, much too slow to encrypt the plaintext bytestream of a high-speed multimedia and data exchange system. What is needed is a security and encryption system offering the speed and high degree of security of encryption software and the speed associated with encryption hardware.