1) In a cable-modem system, the layer-1 signal to/from your cable is physically present in your neighbors' homes.
2) To defend against the obvious privacy problems this implies, the standards provide for Baseline Privacy (BPI) which encrypts the signals.
So you're safe, right?
3) Evidence suggests that most cable-modem customers in the US are not protected. Many service providers have Baseline Privacy turned off. Defeated. Disabled. Skipped. No privacy.
The evidence for this comes from
-- directly examining the configuration of a few modems
-- talking to The Cable Guy
-- noting that when certain small providers do implement
BPI, they brag about it and claim this gives them an
advantage over the "established" providers.
http://gemnets.com/c5_technical.html#question54) From this it appears that in most cases, all that protects your privacy is security-by-obscurity.
And if you want an upper bound on how much obscurity there is, note that there is a vibrant community of cable-modem firmware hackers: http://www.cablemodemhack.com/
5) It's interesting to think what customers ought to do about this, short-term and/or long-term. -- Obviously end-to-end security is needed. But it is not always feasible at present. I would connect to google via SSL if I could, but google doesn't implement https. And that would still leave me open to traffic analysis. -- Link-by-link security is never a substitute for overall security, but you need some link-by-link security just to cut down on traffic analysis and DoS attacks, including ARP poisoning and the like.
One idea that comes to mind is to use IPsec to secure the connections to an onion routing system. Or mist / crowd / whatever.
Comments? Suggestions?
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
