Security Mechanisms for EPONs
EPONs have very specific security requirements due to the broadcast character of the
transmission medium. The downstream broadcast channel is potentially available to
any party interested in eavesdropping, since, in principle, this only requires disabling
the LLID filtering rules at the ONU and operating the module in a so-called promiscuous
mode with access to all downstream data flows. It is expected that service providers,
using EPONs as a base for delivery of triple-play services, will ensure sufficient
levels of subscriber data privacy. It is necessary, therefore, that EPON have effective
countermeasures for eavesdropping (either global or local) and theft of service (ToS),
188 Chapter 7
wherein a malicious user impersonates another EPON subscriber and uses network
resources (services, bandwidth, etc.) at the victim??™s expense.
Eavesdropping in EPONs In EPONs, eavesdropping is always possible in the downstream
direction simply by operating one of the registered ONUs in the so-called
promiscuous mode. Since each ONU in the network receives a copy of every single
downstream packet transmitted by the OLT (more correctly, broadcast by the OLT), no
extensive modifications are required in the ONU hardware to enable its operation in
a malicious mode.
Pages:
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476