Archives

Access Incognito's library of Guides, Tips / Tutorials and more.

Fraud Prevention in DOCSIS Networks: Overview

Published on 21 May 2015

As an overview, these features include:

  1. IP Verification: Only the intended cable modem identified as originating from the associated IP address may download the configuration file

  1. Single Download Only: The configuration file may only be downloaded once

  1. Randomly Generated Filenames: The configuration filename is a randomly generated hex string created on-the-fly during the DHCP process, which eliminates the possibility of guessing configuration filenames

  1. Configuration File Expiry: If a configuration file is not downloaded, the filename and related information regarding that file are destroyed after a configurable amount of time (default: 60 seconds)

  1. TLV 19 and 20: The solution offers the ability to include TFTP Timestamp and cable modem IP in configuration files

The above features provide much-needed security functionality:

  • The dynamically generated file never physically exists on the server’s hard drive. This means that the file cannot be modified or corrupted by entities that have access to this hard drive
  • Only the device can download the configuration file from the solution’s configuration file management (CFM) service, using the IP address that the DHCP service assigns to the configuration file
  • Only the DHCP service can generate a dynamic configuration file name and provide the “row” of information to the CFM service. The DHCP service has the required knowledge of the encoding algorithm, the shared secret configured on the DHCP and CFM services, and the lookup keys for the DOCSIS file-setting records
  • The DHCP service shares what it knows about the client with the CFM service by encoding this data in the configuration file name. The CFM can extract the data encoded in the configuration filename to determine how to generate the file
  • The data encoded in the configuration filename is kept private

Two TLVs aid in security and can only be used when dynamically generating files, as the values are for the TLVs can only be  determined at download time. These are:

  1. CFM Server Timestamp (TLV 19): Sending time of the configuration file, in seconds, as defined in RFC 868, used to prevent replay attacks with the old configuration files

  2. CFM Server Provisioned Modem Address (TLV 20): The IP address of the modem requesting the configuration file, to prevent IP spoofing during registration

Next week, we’ll dive deeper and look at how the Incognito platform offers fraud protection with data sharing.

With over 30 years of experience, Incognito has helped global providers accelerate and innovate broadband services, with a unique focus on cable, fiber, and mobile broadband technologies.

Vancouver, Canada (HQ)
Ottawa, Canada
Dublin, Ireland

Contact

Submit RFP

Privacy Policy

Accessibility Statement

Fiber

Cable

Fixed Wireless

Digital Experience

DX Activate

Enterprise IoT

Prepaid Broadband

 

Services

Managed Services

Professional Services

Customer Support

Broadband Command Center

TR-069 ACS

TR-369 USP

Service Activation Center

Firmware Management

IP Address Management

Monetization & Analytics

 

Insights

Blog

Connectivity for All

Automated Service Provisioning

Remote Device Management

Fiber Monetization

User Services Platform

Capitalize on IoT

The Future is Fiber

Resources

Company

About Incognito

Team

Partner Program

Newsroom

Events

Careers

Contact

Submit RFP

Copyright © 2024 Incognito Software Systems Inc.
All Rights Reserved.