Contents

1. Introduction.........................................................................................................................................2
2. Authorization for ONT with OLT..........................................................................................................2
3. Encryption of data traffic between ONT and OLT for ONT with OLT....................................................2
Key exchange mechanism in GPON.....................................................................................................3
Secure mutual authentication and data key encryption......................................................................4
4. Traffic Protection.................................................................................................................................5
5. Access control to ONT.........................................................................................................................5
6. Configuration and management of ONTs (Using OMCI/TR69 protocols).............................................5
7. Protection against attacks...................................................................................................................6
Denial of Service (DOS) attack.................................................................................................................6
Brute force and dictionary attacks...........................................................................................................6
8. Secure software update.......................................................................................................................6
9. Use of open source components and pruning of Busybox..................................................................6
10. Time synchronization in ONTs.........................................................................................................7
11. Software Licensing...........................................................................................................................7
12. Alarm generation on generation of security breach........................................................................7
13. Secure data communication............................................................................................................7
14. Secure data Communication on wireless media (Ex: WiFi)..............................................................8
Encryption on radio interface..................................................................................................................8
Authentication of end user device, followed by end to end encryption..................................................8
15. WEB Interface and information logging...........................................................................................9

1
1. Introduction

This document covers security requirements for Customer Premises Equipment (CPE). The CPEs are
end devices that are deployed at customer premises in telecom networks for providing internet
connectivity.

The current document covers Optical Network Terminals (ONTs) complied to

GPON/XGPON/XGSPON/NGPON standards.

GPON or ‘Gigabit Passive Optical Networks’ is a point-to-multipoint access mechanism. GPON uses
passive splitters which enable a single fiber from the network provider’s central location to serve
multiple users within their homes and small businesses

2. Authorization for ONT with OLT

SUPPORTED

GPON uses two levels of procedures for security

a. Authentication between OLT and ONT

b. Data encryption between OLT and ONT (AES)

Authentication is carried out between ONT and OLT using serial number and password stored
both in OLT and ONT. This pre-condition removes the possibility of rogue ont being connected
to OLT.

3. Encryption of data traffic between ONT and OLT for ONT with
OLT

SUPPORTED

2
Figure-1

Handshake between OLT and ONT using PLOAM is depicted in Figure-1

GPON uses the Advanced Encryption Standard (AES) for security purpose, which was designed to
be efficient in both hardware and software, and supports a block length of 128 bits and key
lengths of 128, 192, and 256 bits.

Key exchange mechanism in GPON

• Ranging between OLT and ONT starts with O1 state of ONU.

• The O5 state is the final state for ONU which wants to communicate with OLT and transmits user
data.

• OLT can offer encryption in the O5 state.

• Data encryption between OLT and ONU units requires a key exchange protocol

• OLT must send the key change request to ONU.

3
• After ONU receives the key change request, ONU confirms the request and generates the key.
The generated key is transmitted back to the OLT unit in the Physical Layer Operations,
Administrations, and Maintenance (PLOAM) messages.

• The length of the PLOAM message is limited. That is the reason why the generated key is sent to
OLT in two messages in the GTC frame.

• These two messages are sent three times in the PLOAM.

• OLT must receive each copy of the key in the PLOAM message. If OLT does not receive all copies,
it generates a new key change request. After receiving the new key, OLT starts the key exchange
(replacing the old key with the new one).

• After replacing the old key, OLT notifies ONU with the command which contains the frame
number and the new key. This command is sent three times. ONU needs to receive each copy of
the command for the using this new key. The complete process of this key exchange is depicted

• GPON’s downstream broadcasting is sent from the OLT to all ONUs, it is possible to a rogue ONU
to reprogram to capture incoming information that was meant for another ONU.

• Not only can another ONU intercept data, but there can also be a fake OLT transmitting and
receiving data from multiple subscribers.

• The unknown attacker (Man in the middle) can now receive important data being sent up and
downstream such as important passwords.

• Due to this possibility of interception between OLT and ONT, GPONs recommendation G.984.3
shows mechanisms for security in which an encrypted algorithm, Advanced Encryption
Standard, can be used so it will be difficult for information to be decrypted by using byte keys
128, 192 and 256.

• G.984.3 amendment aligns G-PON security with the enhanced security control features
supported in [ITU-T G.988]

Secure mutual authentication and data key encryption

Using a Pre-shared secret

SUPPORTED in Broadcom but currently not used

A compliant G-PON system shall support a pre-shared secret key (PSK) that is associated with a
particular ONU and is stored at that ONU and in the operator infrastructure. On the operator
side, the pre-shared secret for a particular ONU might be stored in the physically-connected
OLT, or at a central server that the OLT accesses during authentication.

The PSK is a 128-bit value. It may be provisioned into the ONU and into the operator
infrastructure in any manner that satisfies these requirements.

4
Using Master Session Key

SUPPORTED in Broadcom but currently not used

Described in clause 9.13.11 of [ITU-T G.988]

OLT and ONU may execute a mutual authentication procedure, in the course of which both the
OLT and the ONU compute the 128-bit master session key (MSK), a session-specific shared
secret.

Whenever the ONU is successfully authenticated MSK is used to encrypt data encryption keys
that are transmitted upstream.

For the duration of the execution of the secure mutual authentication procedure, the OLT
refrains from initiating data encryption key exchanges.

The ONT shall communicate with OLT after authentication and encryption after Key exchange.

4. Traffic Protection
SUPPORTED

All traffic shall be protected by integrity and encryption. Unprotected sessions shall not be
accepted.

The remote access methods can support traffic encryption using protocols such as HTTPS, SSHv2
or can be based on lower tunnelling protocols (IPsec VPN, TLS VPN, etc.)

5. Access control to ONT

SUPPORTED

ONT shall support Role-Based Access Control (RBAC) which provides at least two different access
levels to guarantee that individuals can only perform the operations that they are authorized
for.

5
6. Configuration and management of ONTs (Using OMCI/TR69
protocols)

OMCI SUPPORTED

TR69 SUPPORTED in Broadcom but currently not used

ONTs are managed and controlled using OLT and/or ACS server. OLT uses OMCI to communicate
with ONT, while ACS server uses TR69 server to communicate to ONT.

Access to the ONT for configuration and maintenance purposes shall be granted only to
authenticated ONTs using at least one authentication attribute. This authentication attribute
when combined with the user name shall enable unambiguous authentication and identification
of the authorized user. No methods to exist providing authentication-bypass attacks to succeed
under all combinations of interface / methods of authentication.

7. Protection against attacks

NOT SUPPORTED

Denial of Service (DOS) attack

ONT should be capable to detect and prevent DOS attacks either from LAN or WAN side.

Brute force and dictionary attacks

This happens when the intruder tries to gain access to ONT by brute force methods or by means
of a dictionary of passwords.

ONT should detect repeated invalid attempts to sign into an account with incorrect passwords
during a short period of time and it may implement at least one of the following most commonly
used protection measures

a) Increasing the delay (e.g. doubling ) for each newly entered incorrect password.

b) Blocking an account after a specified number of incorrect attempts

c) Using CAPTCHA to prevent automated attempts .

d) Enforcing strong password

The terminal should also have inactive session time out to prevent DOS attacks.

6
8. Secure software update

SUPPORTED

ONT should support authenticity and integrity check while performing software upgrade, so that
only authentic software gets upgraded on the ONT.

9. Use of open source components and pruning of Busybox

SUPPORTED

GPON ONTs uses open source linux as their operating system. The Operating System and the
applications installed in the ONT shall be free from any known malware. Only the required bare
minimum number of system commands and utilities will be present on ONT. Busybox is
generally used in embedded devices. However, it should be just configured for the required
functionality of ONT.

10. Time synchronization in ONTs

SUPPORTED

The ONT shall support time synchronization feature for its core functionality. ONTs shall support
the time synchronization feature preferably by using Network Time Protocol NTP.

The CPE clock shall be synchronized with NTP server.

11. Software Licensing

NOT SUPPORTED

The ONTs are recommended to come up default with a bare minimum configuration. OLT shall
push the license file using OMCI commands so that features set on ONT is enabled on case by
case basis. This feature removes the possibility of rogue ONT to be connected in network.

License file should be in an encrypted form, which can be decoded only by authentic ONT.

7
12. Alarm generation on generation of security breach

NOT SUPPORTED

ONTs should have capability to log important Security events such as DOS attacks, login failures
etc. The audit logs may preferably be stored in flash drive for retrieval.

13. Secure data communication

SUPPORTED in Broadcom but currently not used

The secure communication mechanisms between the ONT and connected entities shall use
industry standard protocols such as IPSEC, VPN, SSH, TLS/SSL, etc., and NIST specified
cryptographic algorithms with specific key sizes such as SHA, Diffie-Hellman, AES etc.

14. Secure data Communication on wireless media (Ex: WiFi)

SUPPORTED

Security in WiFi can be of two fold.

Encryption on radio interface

WiFi standard allows the following radio encryption methods

a. WPA2
b. WPA2-PSK
c. WEP
d. WPS
e. TKIP

Of the following, WPA2-PSK with AES has become a defacto standard in wireless networks which has
strong encryption.

Authentication of end user device, followed by end to end encryption.

SUPPORTED in Broadcom but currently not used

802.1x authentication is preferred method for authentication of end user device, followed by end to end
encryption.

802.1x performs two fold functionality

8
 Authentication using external server (RADIUS/LDAP)

 Encryption using EAP (Extensible Authentication Protocol)

 The standard authentication protocol used on encrypted networks is Extensible Authentication

Protocol (EAP), which provides a secure method to send identifying information over-the-air for
network authentication.

802.1X is the standard that is used for passing EAP over wired and wireless Local Area Networks (LAN). It
provides an encrypted EAP tunnel that prevents outside users from intercepting information.

• The EAP protocol can be configured for credential (EAP-TTLS/PAP and PEAP-MSCHAPv2) and
digital certificate (EAP-TLS) authentication and is a highly secure method for protecting the
authentication process.

• The Authenticator in GPON networks is ONT

15. WEB Interface and information logging

NOT SUPPORTED

Communication between Web Client and Web server on ONT should be based on TLS/HTTPS to avoid
sniffing and man in the middle attacks.

Access to the ONT GUI (both successful as well as failed attempts) shall be logged.

The web server log shall contain the following information: -

9
 Access timestamp
 Source (IP address)
 Attempted login name (if the associated account does not exist)
 Relevant fields in http request. The URL should be included whenever possible.
 Status code of web server response

10