[AusNOG] NBN - GPON encryption
Damian Guppy
the.damo at gmail.com
Thu Jun 11 18:01:03 EST 2015
I would have thought each NTU has its own encryption key, and not a single
key nationwide that could be easily compromised.
--Damian
On Thu, Jun 11, 2015 at 10:34 AM, Mark ZZZ Smith <markzzzsmith at yahoo.com.au>
wrote:
>
> ------------------------------
> *From:* Julien Goodwin <ausnog at studio442.com.au>
> *To:* Radek Tkaczyk <radek at tkaczyk.id.au>; John Lindsay <
> johnslindsay at mac.com>; Aftab Siddiqui <aftab.siddiqui at gmail.com>
> *Cc:* AusNOG Mailing List <ausnog at ausnog.net>
> *Sent:* Thursday, 11 June 2015, 0:26
> *Subject:* Re: [AusNOG] NBN - GPON encryption
>
> On 10/06/15 14:33, Radek Tkaczyk wrote:
> > >> And all directional splitters have some back propagation.
> >
> > Exactly – that is the problem we are investigating.
> >
> > If there is no encryption on the upstream, then this can be intercepted.
> >
> > What’s worse – is that if the encryption keys are sent in the clear on
> > the upstream, then an attacker could in theory get those encryption
> > keys, and then decrypt the downstream traffic as well.
> >
> > I just hope I’m wrong about this….
>
> Which is exactly why if you're deploying encryption you want to do it on
> endpoints under your total control.
>
> / So NBN(co) stick a box on your wall that isn't physically protected from
> you (i.e., inside a locked rack) that holds those keys and others. Since
> security is a weakest link problem, I wonder how strong the "link" stuck on
> your wall is. Temper evident/proof case? Signed and verified firmware
> images? Hardware security module/secure cryptoprocessor to hold the keys?
>
> / I'd think it more likely that people could discover the critical keys
> from cracking open the NTU than getting them off of the wire via an optical
> tap (and even then, those keys should only really be session keys that
> roll-over periodically).
>
> / Then again, going by the recent articles about widespread
> vulnerabilities, the device behind the NTU (the RG/CPE) is likely to be a
> far more attractive target for somebody to spend time on.
>
> / People need to do proper threat modelling before worrying about
> mitigating specific threats. If they don't, they might miss the
> vulnerability that the attacker is most likely to target (e.g., focus on
> buying the best possible locks for the front door, while overlooking the
> fact that the windows don't have any locks at all ...)
>
> Even ignoring external threats all it would take is one mistake[1],
> bug[2], or malicious actor inside NBNco for they, or possibly others to
> have access to your traffic.
>
> And that's without even trotting out intercept requests etc.
>
> NBNco links, as with any other third party (electrically) multiplexed
> service, are best treated the same way you'd treat a random Internet path.
>
>
> 1: Meant to debug by sniffing traffic on link 13443, accidentally
> sniffed 14334.
> 2: I've seen bad route memory in routers do some horrible things. And
> without good monitoring you might not even notice if all it caused was a
> few extra hops.
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150611/0a57bec8/attachment.html>
More information about the AusNOG
mailing list