+- Haxorware Forums (http://www.haxorware.com/forums)
+-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6)
+--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7)
+--- Thread: Non-Working Modems working at my house. (/showthread.php?tid=833)
Non-Working Modems working at my house. - sandman1967 - 22-04-2011
Ok. I have a serious doubt now whether I fixed my modded modem or not. I posted that I messed around with the settings in my modem and it got back online. Now, my neighbor who also has a modded modem said his stopped working a week before mine. Anyway, he brought it to my house so I could test it and as soon as I plugged it in, it started working. So my question is, how does BPI truly work. I read around but had trouble understanding. Is BPI like a cable box security or cable filters?
RE: Non-Working Modems working at my house. - drewmerc - 22-04-2011
2.1.2 Key Management Protocol
CMs use the Baseline Privacy Key Management protocol to obtain authorization and traffic keying material from
the CMTS, and to support periodic reauthorization and key refresh. The key management protocol uses X.509
digital certificates [X.509], [RSA], [RSA2], [RSA3] (a public-key encryption algorithm) and two-key triple DES to
secure key exchanges between CM and CMTS.
The Baseline Privacy Key Management protocol adheres to a client/server model, where the CM, a BPKM “client,”
requests keying material, and the CMTS, a BPKM “server,” responds to those requests, ensuring individual CM
clients only receive keying material they are authorized for. The BPKM protocol uses DOCSIS MAC management
messaging.
BPI+ uses public-key cryptography to establish a shared secret (i.e., an Authorization Key) between CM and CMTS.
The shared secret is then used to secure subsequent BPKM exchanges of traffic encryption keys. This two-tiered
mechanism for key distribution permits refreshing of traffic encryption keys without incurring the overhead of
computation-intensive public-key operations.
A CMTS authenticates a client CM during the initial authorization exchange. Each CM carries a unique X.509
digital certificate issued by the CM’s manufacturer. The digital certificate contains the CM’s Public Key along with
other identifying information; i.e., CM MAC address, manufacturer ID and serial number. When requesting an
Authorization Key, a CM presents its digital certificate to a CMTS. The CMTS verifies the digital certificate, and
then uses the verified Public Key to encrypt an Authorization Key, which the CMTS then sends back to the
requesting CM.
The CMTS associates a cable modem’s authenticated identity to a paying subscriber, and hence to the data services
that subscriber is authorized to access. Thus, with the Authorization Key exchange, the CMTS establishes an
authenticated identity of a client CM, and the services (i.e., specific traffic encryption keys) the CM is authorized to
access.
Since the CMTS authenticates CMs, it can protect against an attacker employing a cloned modem, masquerading as
a legitimate subscriber’s modem. The use of the X.509 certificates prevents cloned modems from passing fake
credentials onto a CMTS.
CMs MUST have factory-installed RSA private/public key pairs or provide an internal algorithm to generate such
key pairs dynamically. If a CM relies on an internal algorithm to generate its RSA key pair, the CM MUST generate
the key pair prior to its first Baseline Privacy initialization, described in Section 2.2.1. CMs with factory-installed
RSA key pairs MUST also have factory-installed X.509 certificates. Cable modems that rely on internal algorithms
to generate an RSA key pair MUST support a mechanism for installing a manufacturer-issued X.509 certificate
following key generation.
http://www.cablelabs.com/cablemodem/specifications/specifications20.html
well thats how bpi works, so no it's not related directly to your problems, sounds to me like your nodes oversubscribed