RSA Security, Inc. , has come out with its own security
software package for cable modem makers, officials announced Tuesday.
The BSAFE broadband cryptographic software, designed especially for DOCSIS
1.1 (Data Over Cable Service Interface Specifications), is the latest in an
emerging crop of security measures for the broadband modem industry, an
industry considered by many a relatively easy mark for malicious hackers,
or crackers.
Cable modems are an especially tempting target for IP-sniffing hacking
tools when it is paired with a vulnerable Windows PC, which has printer and
name sharing options. When the cable modem connects to the PC, it uses a
Local Area Network (LAN) interface. That LAN reference address, which is
really the computer’s IP address, is used by the cable modem when
connecting to the user’s Internet service provider (ISP). That IP address
can be picked up by crackers and used for peer-to-peer PC manipulation.
RSA Security’s software answer is the extension of its existing BSAFE
product line, which lets modem and software manufacturers embed public key
infrastructure (PKI) and encryption algorithms that meet standards for
authentication and confidentiality.
Oscar Marcia, chief security architect at CableLabs, a non-profit research
consortium of cable operators in North and South America, said that many
vendors are spinning current software products and tailoring them to fit
DOCSIS specifications. CableLabs developed the DOCSIS standard that was
approved by the International Telecommunications Union (ITU) in 1998.
“What I suspect RSA has done, and what a lot of vendors do is they reuse
some of their existing code and just kind of tweak it toward the specific
industry,” Marcia said. “BSAFE is also used for SSL (Secure Sockets Layer
documents) and I suspect they are now getting into the broadband and
tweaking the code. Other vendors are pursuing similar objectives, so we’re
just getting a hold of what they’re doing and taking a look at it.”
Security is an important aspect of any communications network, and as the
cable industry ramps up its other service offerings, including voice over
IP (VOIP) and interactive set-top boxes, it will play an ever-increasing
role in the industry’s success.
Bill McQuaide, RSA Security vice president of product marketing said BSAFE
Broadband was developed for just that purpose.
“With the rapid deployment of cable broadband Internet access for
delivering converged voice, data and video services via shared cable
networks, proven security for consumer devices is essential,” McQuaide
said. “RSA BSAFE Broadband cryptographic software extends RSA Security’s
leadership to protect the next-generation of broadband users.”
To date, RSA Security’s software package supports the Solaris 2.6v8,
Windows NT4 and Red Hat Linux 6.2 operating systems (OS), and manufacturers
are able to view the source code upon request.
Rouzbeh Yassini, YAS Broadband Ventures chief executive office and
executive consultant to CableLabs, said the cable-standards organization
has kept its eye on modeling the cable networking architecture on the same
principles as the copper-based infrastructure of dial up and digital
subscriber line (DSL) networks.
“Security is just like any other network operation, and an important aspect
for consumers and for our business,” Yassini said. “To that point, we’re
going to look at that aspect and make sure the network architecture can
handle the variety of security measures that a broadband global
organization needs to have. That’s why we work with presitigous
organizations like RSA (and telephone companies like Verizon Communications
) to make sure our networking principles stay the same.
Having said that,” Yassini continued, “the networking concepts of DSL or
dial up or cable all need to work on the same types of attacks that hackers
could do. What we want to make sure in the cable industry, both on a
shared medium as well as the edge of the infrastructure, is that we have
the most secure network, just like your private in-house networks. That’s
why we work (with these companies), to make sure that network architectures
hold the fundamental, if you will, aspect.”