The Study On Security Of Data Transmission System In HFC Network

National companies of network equipment and academic institutions, as well as colleges and universities have had an in-depth study on HFC network and have gained many technical achievements.But few people reach the security of HFC network,if any, just rest on the understanding of security standards imported from America or other countries. At present, our country doesn't establish its own security standard with independent property right for HFC network. If we directly use the imported security system, our HFC nerworks never have real security. So it is academically and practically significant to embark on studying security technologies of HFC network and discussing the establishment of our national security standard using in data transmission system of HFC network. Because of its special topology framework different from LAN and other access networks, HFC network has some particularities on security.Thus this task is important to the heathiness of HFC networks. Basing on the study of the tree-structure and characteristics of HFC network, this paper analyzes characteristics of HFC network security and points out the security problems exsiting in HFC network, then discusses the goal of security mechanism established on DOCSIS MAC layer. Taking the study of baseline privacy in DOCSIS as down-lead, this paper discusses DES encryption algorithms and its security, then basing this implements encyption of DOCSIS MAC data units using it. The paper studies the process of DES-CBC and DES-CFB64 which are used on DOCSIS PDUs of BPI+ system. TEK is encrypted using a triple DES key (encrypt-decrypt-encrypt or EDE mode), that is also called two-key, triple DES key. Basing on discussion on the security of RSA algorithm, this paper encrypts AK using RSA algorithm after encoding it. The paper analyzes the one-way hash function (SHA-1) and study the process of gaining KEKs from AK using SHA-1.This paper discusses the state models of key management protocol in BPI+ system and key usage. Then it discusses HMAC algorithm and generation of message authentication keys. At last, the paper debates the principleof data certificate and the structure of X.509 certificate, while studying of the framework and management of X.509v3. This paper designs the flow of encryption and authentication in security plan which is used in HFC data transport system .The paper emphasizes the mutual process of CM and CMTS security system. Then it analyzes the security of this plan and points out its drawbacks. At last, this paper put forward the advice to establish national security standard of HFC network.