Alcatel-Lucent 7330 Product Information Manual page 264

5 — VoIP overview
xxyyyyyy
Where xxyyyyyy is a 32-bit value. xx is the top-most 8 bits, and yyyyyy is the next 24
bits. xx represents one of the 16 possible DTMF event values specified in RFC2833
(0 through 15). yyyyyy is not used, it will be ignored in INFO messages received, and
set to 0 for INFO messages generated by the ONT.
As with RFC2833 DTMF transmission, a digit sent with this method will not be sent
in the encoded RTP voice data. INFO based DTMF transmission is enabled with the
enable_info_based_dtmf parameter from Table 5-11.
5.8 Security
For network and ONT security, some ONTs support the following mechanisms:
•
DHCP option 90: supported in any VoIP mode of operation that uses DHCP
•
HTTP Digest/MD5 authentication: supported in SIP modes in response to an
authorization challenge from the softswitch
•
configuration of an FTP server username and password, when downloading XML
configuration profile files
These security measures are not supported on package C and D ONTs.
DHCP Option 90
DHCP Option 90 provides a signature in a DHCP message for the authentication and
integrity of the message. DHCP Option 90 does not provide privacy. The signature
allows a DHCP client or server to know a responding client or server is valid or a
spoof. It also prevents replay and eavesdropping attacks that can cause a denial of
service.
VoIP clients are programmed with a username secret ID and a shared secret K (Key).
To sign a DHCP message, the invariant parts of the message are used to compute a
hash value with the secret K based on RFC 2104. If the receiver of the message has
the same secret K, the receiver can re-calculate the hash value and determine whether
the sender knows the shared secret K. If the hash value calculated by receiver does
not match the hash value in the Option 90 HMAC-MD5 field, the sender does not
know the correct secret K value or the message was altered during the transmission.
Using the RDM, a receiver can determine whether this message has already been
received and is a replay attack.
HTTP digest
HTTP digest provides a method for client authentication and message integrity to the
server, and optional authentication of server and server messages. HTTP digest does
not provide privacy. HTTP digest may be used within Transport Layer Security
(TLS) to perform client authentication. Server authentication is mandatory in TLS.
5-64
Note —
This feature does not change how pulse dialing is handled,
and applies to DTMF only.
March 2011
ONT Product Information Guide Edition 01
Alcatel-Lucent 7330/7302 ISAM FTTN R04.02.42a
3FE 54199 AAAA TCZZA