Alcatel-Lucent 7330 - EPON ONT Security; Triple Churning; Advanced Encryption Standard (AES)

To Next Page

To Previous Page

7 — EPON ONT overview

Alcatel-Lucent 7302 ISAM | 7330 ISAM FTTN | 7360 ISAM FX ONT R04.06.02 November 2013 7-11

3FE 55873 AAAA TCZZA Edition 01

ONT Product Information Guide

7.7 EPON ONT security

Physical ONT security is provided to limit unauthorized access to remote or outdoor

units. Tamper-resistant seals and bolts are used to secure the TELCO access cover to

the ONT and to prevent easy access to the enclosure. Specialized security wrenches

are required to open the pin-in Allen-type tamper-resistant screws. Certain models of

indoor ONTs cannot be opened.

To ensure security at the network and ONT level, the EPON ONT supports the

following security mechanisms:

• Triple churning

• Advanced Encryption Standard (AES)

• ONT ID method

• Other security features to avoid unlawful attacks and interceptions

Triple churning

Triple churning uses broadcasting mode in the downstream, which can allow hostile

users to intercept other user messages. To improve the protection of the data from the

OLT to the ONT, ISAM supports triple churning in the downstream as defined in the

China Telecom EPON equipment technical requirement specifications.

In general, the OLT requests a churning key (new_key_request) from the ONT, and

the ONT responds with a 3-byte churning key (new_churning_key) for 1G EPON

and 9-byte churning key for 10G EPON that the OLT uses to generate a scramble key

to scramble all data and OAM frames before sending these frames to the ONT.

Triple churning can be enabled or disabled on a per-LLID basis, and each LLID can

have its own churning key.

The procedures to change and synchronize the churning key use the OAMPDU mode

based on the organization-specific Extension.

Advanced Encryption Standard (AES)

The ISAM supports AES security features for DPoE links for operation and

maintenance. Specifications are compliant with IEEE 802.1 ae and provides

protection of all frames from malicious attacks at an EPON link in both the upstream

and downstream directions.

The EPON OLT and ONU provide link security for up to 64 ONUs using a 128 bits

Galois/Counter Mode Advanced Encryption Standard (GCM-AES) authenticated

encryption to provide user data confidentiality, frame data integrity, and data origin

authenticity to subscribers at a maximum 2 Gbps for the EPON system using

Counter-AES (CTR-AES).

Note — Triple churning is not supported for ANSI. EPON ONTs for

ANSI use the Advanced Encryption Standard (AES) specification

IEEE 802.1ae for EPON.

Main Page

Alcatel-Lucent 7330 - EPON ONT Security; Triple Churning; Advanced Encryption Standard (AES)

Table of Contents

Other manuals for Alcatel-Lucent 7330

Related product manuals