Skip to content

CM Provisioning Modernization

Jump to bottom
jdenniscl edited this page May 12, 2021 · 1 revision

This page exists as a place to propose and discuss ways to modernize the current means of cable modem provisioning.

Why ?

  • The current system:
    • ... relies on outdated insecure protocols such as TFTP.
    • ... is fairly static; configurations are generally shared for multiple customers.
    • ... is limited just to cable modems.
    • ... has a time expiration bug like Y2K in 2036.
  • Revisiting provisioning from a more generic point of view enables us to design a more converged solution which supports more than just DOCSIS CPE.

Current System Overview

After ranging, a cable modem (CM) requests a lease from the DHCP server:

In addition to the IP address configuration for the CM, the DHCP lease returned also contains information on where to find the configuration file (TFTP) and where to get the current time from (ToD server).

The time (second granularity) is provided by an RFC 868 time server:

Note: On Feb 7th 2036 06:28:15 the the ToD clock, represented as a 32-bit unsigned integer from January 1st 1900, rolls over.

Subscriber configuration, such as speeds, are configured in the DOCSIS configuration file obtained via TFTP:

The cable modem is responsible for requesting its DOCSIS configuration file, making things fairly static. Any updates to said configuration generally require a modem reboot resulting in a temporary service outage for a customer.

Note: In all of the above images, the text in red and arrows indicate how security is enforced.

Proposed Changes

Modem/CPE Configuration

The biggest improvement would be swapping out the TFTP/Binary format with something like HTTPS/JSON. A protocol like HTTPS opens the door to transport layer security, guaranteeing the authenticity of the provisioning data. A data format like JSON (or similar) would be more flexible across multiple technologies and devices as well being more human-readable reducing troubleshooting and debugging efforts. An example implementation would look something like this:

The transport (HTTPS) would be used to guarantee the authenticity of the configuration as opposed to the configuration file itself. Sessions could be left open to the HTTPS channel to receive updates. CPE IP address information could be provided from the HTTPS channel enabling static IP address/block assignment for business customers and dynamic address/block assignment for residential customers.

Other Provisioning Services

  • Secure Time

    • As there are certain security conditions that depend on an accurate clock, means to secure the clock are imperative.

  • Secure DHCP

    • The IP address assignment mechanism that is used for (initially) booting the cable modem is also another possible surface of attack. While the final CPE IP address configuration can be provided through a secure HTTPS "tunnel", securely getting the modem to the point where it can talk HTTPS should also be taken into consideration.

Migration Plan

If a change to provisioning were to take place, this would be a major change to any existing DOCSIS system. A migration plan would be needed to phase the changes incrementally in order to not interrupt a production system.

Clone this wiki locally