[AusNOG] NBN - GPON encryption

Radek Tkaczyk radek at tkaczyk.id.au
Wed Jun 10 23:33:53 EST 2015 

>> And all directional splitters have some back propagation.

Exactly – that is the problem we are investigating.

If there is no encryption on the upstream, then this can be intercepted.

What’s worse – is that if the encryption keys are sent in the clear on the upstream, then an attacker could in theory get those encryption keys, and then decrypt the downstream traffic as well.

I just hope I’m wrong about this….

Regards,

Radek Tkaczyk
Ph: 0413 383 231

From: John Lindsay [mailto:johnslindsay at mac.com]
Sent: Wednesday, 10 June 2015 11:29 PM
To: Aftab Siddiqui
Cc: Thomas Weible - FLEXOPTIX; Radek Tkaczyk; AusNOG Mailing List
Subject: Re: [AusNOG] NBN - GPON encryption

And all directional splitters have some back propagation.

With the right equipment you can read that.

So your upstream could be monitored by someone nearby.

Cheers,

jsl

On 10 Jun 2015, at 10:23 pm, Aftab Siddiqui <aftab.siddiqui at gmail.com<mailto:aftab.siddiqui at gmail.com>> wrote:

Hi,
Just to add its general rule for GPON not only for NBN.

Can anyone confirm if the upstream traffic is encrypted?
I can’t confirm if the upstream traffic is encrypted but in a GPON environment you only should concern about encryption of the downstream traffic:
Downstream is shared media for all subscribers connected to the splitted span (32 to 128 subscribers). Every subscriber gets all downstream traffic from the others – encryption needed.

For the upstream path the media is not shared.

It is shared media as well.

You have a „dedicated“ upstream path from your ONU to NBNs OLT. The other subscribers don’t get your upstream traffic – only looking at the physics.


Its TDM to be specific.

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150610/c3c0ad41/attachment-0001.html>

More information about the AusNOG mailing list