Fraud Prevention in DOCSIS Networks: Overview

Adding multiple layers of security is essential for any DOCSIS network. Incognito has implemented various security measures into our fraud prevention solution to protect MSPs from threats like hacking, theft of service or speed boosts, and DoS attacks.

As an overview, these features include:

  1. IP Verification: Only the intended cable modem identified as originating from the associated IP address may download the configuration file

  1. Single Download Only: The configuration file may only be downloaded once

  1. Randomly Generated Filenames: The configuration filename is a randomly generated hex string created on-the-fly during the DHCP process, which eliminates the possibility of guessing configuration filenames

  1. Configuration File Expiry: If a configuration file is not downloaded, the filename and related information regarding that file are destroyed after a configurable amount of time (default: 60 seconds)

  1. TLV 19 and 20: The solution offers the ability to include TFTP Timestamp and cable modem IP in configuration files

The above features provide much-needed security functionality:

  • The dynamically generated file never physically exists on the server’s hard drive. This means that the file cannot be modified or corrupted by entities that have access to this hard drive

  • Only the device can download the configuration file from the solution’s configuration file management (CFM) service, using the IP address that the DHCP service assigns to the configuration file

  • Only the DHCP service can generate a dynamic configuration file name and provide the “row” of information to the CFM service. The DHCP service has the required knowledge of the encoding algorithm, the shared secret configured on the DHCP and CFM services, and the lookup keys for the DOCSIS file-setting records

  • The DHCP service shares what it knows about the client with the CFM service by encoding this data in the configuration file name. The CFM can extract the data encoded in the configuration filename to determine how to generate the file

  • The data encoded in the configuration filename is kept private

Two TLVs aid in security and can only be used when dynamically generating files, as the values are for the TLVs can only be  determined at download time. These are:

  1. CFM Server Timestamp (TLV 19): Sending time of the configuration file, in seconds, as defined in RFC 868, used to prevent replay attacks with the old configuration files

  2. CFM Server Provisioned Modem Address (TLV 20): The IP address of the modem requesting the configuration file, to prevent IP spoofing during registration

Next week, we’ll dive deeper and look at how the Incognito platform offers fraud protection with data sharing.

  • Share: