Manualshelf

User Manual

ManualsBrandsAxcera ManualsElectronicsModel: BTS-7010 Multi-Channel MMDS/ITFS Booster
41424344454647484950
ADCP-XX-XXX • November 2000 • Section 3: WMTS Functional Description
Page 3-15
2000, ADC Telecommunications, Inc.
use. After a period of inactivity this IP address is reclaimed and given to another active modem,
thereby conserving IP address space.
6.7 Registration
The registration process begins with the WMU downloading a configuration file. The IP address of
the configuration file server and the name of the configuration file that the modem is required to
download, is included in the DHCP response to the modem. The WMU uses the Trivial File Transfer
Protocol (TFTP) to download the configuration file from the server. The configuration file contains
the information that the WMU uses to operate, such as how much bandwidth it allows to use as well
as the type of services it is allowed to provide. These service provisioning items are taken into account
when the subscriber first subscribes to wireless modem service. During the final phase of the
registration process, the WMU sends a registration message to the WMTS confirming the
configuration file that was received. The WMTS retrieves the copy of the configuration file from the
configuration file server. The WMTS compares the file from the server with the data from the WMU
to ensure the modem will only use services for which it was authorized. The WMU is finally allowed
to transmit real user data into the network only after the configuration file data is cross checked by the
WMTS.
6.8 Encryption
Once the modem is registered and begins to send customer data, data link encryption (encryption
between the WMU and WMTS only) is implemented, through a BLI (Baseline Privacy Interface).
The goal of BPI is to provide wireless modem users with data privacy across the RF network by
encrypting traffic flows between a WMU and the WMTS. Since data privacy is the principal service
goal of BPI, and given that neither WMU nor WMTS authentication are prerequisite for providing
user data privacy, the BPI encryption key distribution protocol does not authenticate either the WMU
or WMTS. In the absence of an authentication, BPI provides basic protection service by ensuring that
a modem, uniquely identified by its 48-bit IEEE MAC address, can only obtain keying material for the
services it is authorized to access. Configuration within the WMU configuration file specifies if a
particular WMU operates in the privacy mode. BPI uses Cipher Block Chaining (CBC) mode of the
Data Encryption Standard (DES) algorithm [FIPS-46, FIPS-46- 1, FIPS-74, FIPS-81] to encrypt data
in both upstream and downstream frames. WMUs use the BPMK protocol to obtain authorization and
traffic keying materials, pertaining to a particular Service ID (SID) from the WMTS, and to support
periodic reauthorization and key refresh. The key management protocol uses RSA, a public-key
encryption algorithm, and the Electronic Codebook (ECB) mode of DES to secure key exchanges
between WMU and WMTS. WMUs have factory-installed RSA 1 private/public key pairs, or provide
internal algorithms to generate such key pairs dynamically. The frequency of change of the shared
secret keys, is an operator determined parameter. These keys can be established for very long period
of time (e.g. many weeks to months) or changed as often as every 30 minutes.
In order to run BPI over the RF network the following must be
matched:
The WMU is configured to run BPI on its services.
Upon completing WMTS registration, the WMTS will have assigned Service IDs (SIDs) to the
registering WMU that match the provisioning. If a WMU is configured to run Baseline Privacy,