Published on 28 May 2015
The data encoded in the configuration file name is kept private. It is triple DES encrypted using a secret shared between the DHCP and CFM services.
Configuration file names for dynamically generated files appear and look meaningless:
^1/123456789/DYNTXT
In this scenario, DYNTXT is a user-created mask token set within the DHCP option to help clarify which DOCSIS files are associated with a specific template.
All configuration for DOCSIS file generation is created and stored on the DHCP service and automatically synchronized with whatever clustered CFM services register with the DHCP service.
Comparison to CMTS Dynamic Shared Secret Functionality
How does the security in the Incognito solution compare to the Dynamic Shared Secret feature available on a CMTS? Incognito provides similar security, however, it does so without taxing the CMTS.
CMTS Dynamic Shared Secret functionality automatically creates a unique DOCSIS shared secret on a per-modem basis, creating a one-time use DOCSIS configuration file that is valid only for the current session. This ensures that a DOCSIS configuration file downloaded for one cable modem can never be used by any other modem, nor can the same modem reuse this configuration file at a later time.
The Incognito solution does all of the above using dynamic files, however, this process takes place on the provisioning system. The advantage to this is that there is no additional load placed on the CMTS.
Next week, we’ll dive even deeper into how the Incognito solution uses anti-roaming, duplicate detection and DoS detection to further secure your network.