Security; Dhcp Option 90; Http Digest; Voip Call And Performance Monitoring Statistics - Alcatel-Lucent 7302 Information Manual

5.9

Security

For network and ONT security, some ONTs support the following mechanisms:
•
DHCP option 90: supported in any VoIP mode of operation that uses DHCP
•
HTTP Digest/MD5 authentication: supported in SIP modes in response to an
authorization challenge from the softswitch
•
configuration of an FTP server username and password, when downloading XML
configuration profile files
These security measures are not supported on package C and D ONTs. DHCP Option
90 is not supported on I-240W-S ONTs.

DHCP Option 90

DHCP Option 90 provides a signature in a DHCP message for the authentication and
integrity of the message. DHCP Option 90 does not provide privacy. The signature
allows a DHCP client or server to know a responding client or server is valid or a
spoof. It also prevents replay and eavesdropping attacks that can cause a denial of
service.
VoIP clients are programmed with a username secret ID and a shared secret K (Key).
To sign a DHCP message, the invariant parts of the message are used to compute a
hash value with the secret K based on RFC 2104. If the receiver of the message has
the same secret K, the receiver can re-calculate the hash value and determine whether
the sender knows the shared secret K. If the hash value calculated by receiver does
not match the hash value in the Option 90 HMAC-MD5 field, the sender does not
know the correct secret K value or the message was altered during the transmission.
Using the RDM, a receiver can determine whether this message has already been
received and is a replay attack.

HTTP digest

HTTP digest provides a method for client authentication and message integrity to the
server, and optional authentication of server and server messages. HTTP digest does
not provide privacy. HTTP digest may be used within Transport Layer Security
(TLS) to perform client authentication. Server authentication is mandatory in TLS.
Each VoIP client is provisioned with at least one set that includes a realm identifier,
username, and password (shared secret). The information is also stored on the
network servers.
5.10

VoIP call and performance monitoring statistics

VoIP call and performance monitoring statistics are gathered for the last incoming or
outgoing call on each POTS port configured for VoIP on some ONTs. Up to 32
previous call statistics are supported individually. VoIP call statistics are not
supported on package C, D, or I-240W-S ONTs.
An RTCP failure alarm is raised at the P-OLT if RTCP packets are not received
during a VoIP call.
Alcatel-Lucent 7302 ISAM | 7330 ISAM FTTN | 7360 ISAM FX ONT R04.06.02
3FE 55873 AAAA TCZZA Edition 01
ONT Product Information Guide
5 — VoIP overview
November 2013 5-81