If communication between CPEs and ACS is not encrypted, it represents a significant cybersecurity risk of attackers, hijack CPEs, turn them into a botnet or directly compromise customer privacy. TeskaLabs SeaCat PKI is cybersecurity product which provides the highest possible level of cryptographic protection.
With thousands of devices in place, handling of certificates represents a large administrative overhead, which could be an obstacle in cybersecurity deployment. TeskaLabs SeaCat PKI automatically manages TLS certificates of CPEs over their entire lifecycle removing this obstacle completely.
Strong encryption protects sensitive customers’ data and prevents data leakages. The actor not authorized via the enrolment procedure (PCKS#10 / CSR) is not allowed to communicate with ACS or CPE.
TeskaLabs SeaCat PKI secures the communication of ACS server and CPEs for one of the largest Telecommunication provider in Slovakia – O2. Now there are more than 50 000 CPEs that are using encrypted communication channel and managed automatically from centralized server.
The network access is authenticated and authorized by TeskaLabs SeaCat PKI to allow only approved CPEs to communicate with the ACS, using strong TLS/SSL mutual authentication method.This method also excludes any unauthorized communication..
Hundreds of thousands actively communicating concurrent actors can be handled from a single instance of the system. The system is also designed for vertical and horizontal scaling. The high throughput with authorization is delivered even for extreme workloads with optimal investments in the hardware infrastructure.
Clustering is natively supported to provide linear scalability for huge fleets of CPEs or deployments with high-availability requirements. The cluster could be configured in fully redundant setup with no single point of failure (SPOF).
Server CA Certificates validity: 20-30 years
PE CA Certificates validity: 20-30 years (configurable)
CPE Certificates validity: ~1 year (automatic renewal)
Server Certificate: 3 months (automatic renewal)
RSA 2048 for CPE
RSA 4096 for Server
RSA 8192 for CA
TLS_RSA_WITH_AES_128_CBC_SHA (cypher specification)
EC cryptography: NIST P-256, Brainpool P-256, Brainpool P-384
|Certificate enrolment protocols||
We also offer complete outsourcing of the TR-069 cyber security. It represents mainly a delegated work with CPE vendors so that they are compliant with the cyber security standards. That consists of initial technical specification clarifications, technical assistance, test environment and formal verification prior to introducing of the CPE type into the network.
We guarantee that your email and other personal information are confidential and will not be sold or rented.