Masquerading and Theft-of-Service in EPONs A ToS attack occurs, in general, when
one subscriber attempts to impersonate another legitimate network user by forging
his digital signature and attempting to use network resources (bandwidth, access
to specific premium services, etc.) that are not billed to the impersonator??™s account
or are not available to the attacker in the first place. It must be noted here
that the OLT provides a digital identity watermark for each ONU during its registration
phase (LLID [7]), which is later used during bilateral transmissions (upstream/
downstream channel) and is inserted by both ONU and OLT in transmitted data frames.
However, transmission of such vital and security-sensitive data in plain-text format
provides a perfect means for launching a masquerading attack, followed most typically
by ToS, where the malicious subscriber simply forges his own LLID, substituting
it with the legitimate LLID of another ONU, while transmitting upstream toward the
OLT. Assuming the subscriber in question has sufficient knowledge of EPON hardware,
this step is not any more difficult than disabling LLID filtering, which is required for
passive traffic monitoring, as examined previously.
Pages:
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480