Skip to Main Content
We consider the security of an ITU standard for ATM-based passive optical networks. First, we show that the standard's encryption algorithm, called churning, has an effective 8-bit key length and thus is trivial to break with exhaustive keysearch. Second, we show that the authentication mechanisms have significant weaknesses. The conclusion is that these measures should not be relied upon to provide security.