JP2002535933A - Detecting replication participants in a two-way modem environment - Google Patents

Abstract

A replication participant (eg, a cloned subscriber device) (274) monitors a physical layer of a network to detect transmission differences between such devices. Is detected in communication networks such as hybrid fiber / coaxial (HFC) cable television networks. The subscriber unit (14, 16, 18, 274, 276) is a cable modem that transmits an upstream signal with an associated identifier to the headend (10, 200), for example for accessing the Internet or for telephone calls. The measured properties of the upstream signal include (1) propagation time (235), (2) frequency (240), (3) power (245), and (4) spectral properties (250). For the propagation time, the reception time of the upstream message is compared to the headend clock (215) and to other messages with the same modem ID. For spectral characteristics, an adjustment factor is provided to the device to normalize the spectrum of the upstream signal with respect to the baseline spectrum. When a mismatch is detected that indicates that the duplicate modem is operating in the network for the upstream signal, the corresponding device account is terminated.

Description

DETAILED DESCRIPTION OF THE INVENTION

BACKGROUND OF THE INVENTION This application is based on US Provisional Patent Application No. 60 / 116,731, filed on January 22, 1999.

The following acronyms are used: The present invention relates to subscriber networks such as HFC cable television networks, and in particular to HFC-hybrid fiber / coaxial ID-identifier IP-Internet protocol MAC-medium access control. , Controlling access to services provided through a network. In particular, the invention is suitable for use in networks having a subscriber terminal / set-top box that uses a two-way modem such as a CM connected to the network.

[0003] Such modems are increasingly being used to allow network users to transmit and receive data, such as Internet data, at relatively high speeds. Modems also provide telephone capabilities. In general, the invention is useful for terminals that have any upstream signaling capabilities through the network, for example, to the network headend.

[0004] It is important for network operators to control access to services delivered over the network. However, there is a trade-off between the level of security distributed over any communication network and the cost. The extremes of this tradeoff are: (a) Placing all security within the CPE (such as in the user's house), where only the physical security associated with, for example, the encryption key is given.

(B) Deploying all security in the network, for example, implementing a network security protocol that relies on the trust associated with the absolute identity of the physical placement of the distributed elements of the network in this case.

[0006] In the latter case, if duplicate CPEs are identified with absolute certainty, security protocols and procedures relying on this trust are implemented. For the purposes of this disclosure, the terms "consumer premises equipment", "subscriber equipment", "terminal", "set top box", "cable modem", etc. are used interchangeably.

[0007] Unauthorized persons (pirates or attackers) have successfully gained access to the network using various attack techniques. One possible attack on a network of the type described above is with a first subscriber device (eg, a CM or other CP).
E) to move the permanent identity, so that the subscriber has paid for services provided by the network to a second cloned subscriber device in the network. The first subscriber device is known as the clone master. This cloning is performed if the security information or the device ID of the first subscriber device is not protected from theft. Such cloning allows one individual to legally purchase programming or other data services from a network and gain the ability to access the services (perhaps along a modified terminal) without the benefit of an unauthorized person. Can be sold to others for.

[0008] An alternative motivation is to steal the identity of the device, and sell that identity to those who want to use other network services illegally and without paying. For example, current network users who pay for base-level services can get enhanced services without paying. Network operators suffer significant revenue losses if compromised device identities are used, for example, to access long distance telephone services or to get free unrestricted Internet access through CMs.

In order to remain undetected in the network, the cloned device must handle all characteristics of the clone master. If a clone matches the clone master, the clone simply uses the bandwidth and the clone master's ID. Further, if the cloning device has multiple (N) clone IDs, any of these identities will be used to gain access to the network. If N is large enough, a concentration ratio of N: 1 allows the cloned device to operate in the network with little chance of collision.

[0010] If a network operator (eg, the CMTS and related services are operated or for a service provider) detects anomalies that are readily visible in network traffic, such as multiple IP addresses, increasing traffic flows, etc. Otherwise, the cloned device can continue to operate undetected. Additionally, the clone continues to operate undetected, even if the network operator authenticates the identity of the device sending the upstream message. This is achieved because authentication of the identity of the subscriber device (eg, a CM or other CPE) is performed before the modem is registered on the network. The ID specifies a manufacturer serial number, an IEEE MAC address, and the like. However, there is no practical way for any network operator to associate this address with a particular modem prior to modem registration.

[0011] The cloned network elements remain undetected as long as there is no discernable difference between any master and the cloned device, and they are in a logically and physically possible manner within the network. Works with

For example, one method for detecting a cloned analog mobile phone is
To identify telephone calls originating from physically separated parts of the network within a short time window. However, such a method of clone detection,
Unlicensed calls are not flagged in the same general neighborhood (eg, the same city) as unauthorized calls, and are therefore inherently useful in identifying cloned phones. Additionally, data indicating the location where the network cell is to be used must be communicated upstream of the central processing facility. In addition, this technique is not easily used in subscriber networks such as HFC cable television networks because there is no facility to identify the network path (eg, branch or hub) that is traversed by upstream messages from the clone terminal. .

Therefore, it would be advantageous to provide a reliable system for detecting clone devices, such as CMs, in a network. The system must be viable at relatively low cost and complexity without significant disruption in service. The system allows some unique features of the physical layer to be exploited by a system that supports CM or telephone services (eg, HFC cable television, etc.), so that subscriber equipment (eg, modems) Recognize and take advantage of the fact that a unique ID is uniquely identified even if cloned to another device.

The system must be compatible with the "Data over Service Interface Specification RF Interface" (DOCSIS RFI) standard.

The present invention provides a system having the above and other advantages.

SUMMARY OF THE INVENTION The present invention provides for the detection of duplicate participants in a network having a terminal population capable of two-way communication by analyzing transmission differences in the physical layer of the network.

The physical layer is concerned with transmitting raw bits over the communication channel. Examples of physical layer attributes used to identify a subscriber device according to the present invention are device timing offset, device frequency offset, device power offset, and device spectral characteristics.

If the Pirate's device remains undetected, it continues to operate as a clone master clone in the network. The invention relates to any detectable characteristic of a cloned subscriber device in which the cloned ID distinguishes the cloned subscriber device from other cloned subscriber devices (of the same ID) or the cloned master. Determine what is being used by detecting the difference.

Since the transmissions of the cloned devices do not all take the same upstream path to the CMTS in the network, the differences in these paths will make the device appear to be identical to the CMTS and the network. Gives the opportunity to detect piracy by identifying. Thus, the differences in the return path are used in accordance with the invention to "tag" each device separately. This approach relies not only on assumed differences in path length, but also on each clone modem that does not know the exact details of the correction (adjustment) sent to the clone master.

A particular method for detecting a cloned subscriber device in a communication network includes recording transmission characteristics of the original subscriber device authorized for use in the network. The recorded transmission characteristics are compared with comparable transmission characteristics of the subscriber unit claiming to be the original subscriber unit on the network. For example, the asserting device has the same ID as the authorized device in the upstream message. The difference between the compared transmission characteristics indicates that the asserting subscriber device is a clone subscriber device.

The observed transmission characteristics are (1) propagation time, (2) frequency, (3) power, and (4)
Includes spectral properties. For the propagation time, the enhancement includes providing data for adjusting the assigned transmission time to the subscriber unit at a resolution lower than the resolution at which the offset is initially determined. In this way, even if the cloned subscriber device tries to block the offset and thus adjust its own transmission time, the CM
TS detects when the transmission time offset goes out of the expected range.

[0022] The enhancement is extended to other properties.

A corresponding device is also provided.

DETAILED DESCRIPTION OF THE INVENTION FIG. 1 shows, in block diagram form, an HFC cable television plant in which the invention may be implemented. Although an HFC cable television plant is illustrated for the purposes of this disclosure, it should be recognized that the invention may be used in other network types where the potential for cloned CPE is an issue. Transmitters and receivers located at the cable headend 10 (ie, service provider equipment such as a CMTS) communicate with subscriber units 14, 16 communicating with the headend via a network 12.
, 18 (CPE). Given the number of subscriber units up to the network capacity, each is monitored by the headend.

FIG. 2 shows the headend 200, an authorized consumer premises equipment (CPE) 276, and a clone CPE 274 in the subscriber network. Cable headend 200 controls 212
, A clock 215, a database 210, a transmitter 220, a receiver 230, and a programming service function 255. The programming service function 255 provides, for example, a television program over a network. Receiver 230 has time offset function 235, frequency offset function 240, power offset function 245, and spectrum characteristic offset function
Related to 250. Control 212 provides full control of the functions at headend 200.

The transmitter 220 transmits data to the authorized CPE (ie, master device) through the hub 260, the network link 265, and the example hubs 270 and 272. The transmitter transmits data to the example clone CPE 274 via the example hub 270. Any number of clone devices can be provided in the network.

The clone CPE 274 includes a control 282, a transmitter 284, and a receiver 288. Further transmitter 2
84 is a clock 285, an identifier (ID) function 286, and a filter 287 having a filter coefficient.
including. Similarly, the licensed CPE 276 includes a control 290, a transmitter 292 (with a filter having a clock 294, an ID function 296, and a filter coefficient 296) and a receiver 299.

Each of the CPE devices 274, 276 sends upstream signals to and receives signals from the headend (or CMTS) 200. For example, if the device is a CM, the upstream signal is for accessing the Internet, general IP-based media services, or placing a telephone call. Usually, a television, PC or other output device is associated with each CPE device. The data sent to the devices 274, 276 is transmitted to the service being used, along with data from the headend 200 to allocate time slots to the devices for upstream transmission according to their respective bandwidth requirements. Contains relevant data.

According to the present invention, the transmission characteristics of the upstream signal are measured by the headend 200 to detect clones. These characteristics include one or more of (1) propagation time, (2) frequency, (3) power, and (4) spectral characteristics. Each of these is described in more detail below. 1. In the first clone detection technique, the propagation / reception time of the upstream signal from the device is measured.

In general, the ability to physically place a subscriber device in a network is a key factor in eliminating timing offset attacks. If the Pirates
Few network operators can look for clones or pirate equipment if they can be tricked into believing that CPEs are located elsewhere in the network. This is especially true if the Pirate device is transmitting to the headend from a virtual location in the network that appears to be at the same location as the legitimate modem.

HYPERLINK “http://www.cablemodem.com” Available at www.cablemodem.com ”
The Data Over Cable Service Interface Specification RF Interface "(DOCSIS RFI) specification defines a network wide timestamp that is broadcast to all devices that are part of the network domain. For the discussion here, "domain" and "C" on a single downstream channel
The MTS broadcast is considered the same. The DOCSIS specification defines a periodically transmitted message containing a 32-bit time stamp. The least significant bit (LSB) of this time stamp is in units of 6.25 μs / 64 And is based on a 10.24MHz clock.CPE
The modem uses this timestamp to 1) synchronize with the internal reference clock and 2) define the exact time (within a small guard time) for transmission to the upstream channel.

Since all subscriber units (eg, 274 and 276) in the network are not at the same distance from the receiver in the CMTS 200, the burst arrival times of individual subscriber units will cause all modems to have the same virtual Is normalized to look like the target distance. DOCS
The IS system reaches this by a process called "ranging".

FIG. 3A shows the calculation of the signal propagation time before ranging according to the present invention. The time offset t1 (300) from the first cable modem CM1 is the measured propagation time for the traveling signal from CM1 to CMTS and corresponds to the physical propagation distance. Similarly the second
The time offset t2 (310) from the cable modem CM2 is the measured propagation time for the signal traveling from CM2 to CMTS.

FIG. 3B shows a ranging area according to the present invention. Here, the ranging area 320 is
Defined for all CMs in the network from the CM closest to the CMTS to the CM farthest from the CMTS. Additionally, CM1 has a time offset 302 to transmit the message at t1 ± Δt1, where Δt1 is the uncertainty for the clock rate used at the headend. Similarly, CM2 has a time offset 312 to transmit the message at t2 ± Δt2, where Δt2 is the corresponding uncertainty.

Referring to FIG. 2, the ranging area 320 defined within the upstream bandwidth allocation is a CMT
Wide enough to accommodate the closest and farthest CPE from S receiver 230. CMTS receiver 230 is a ranging burst (burst defined to occur in this region)
And the propagation time is determined based on the difference between the local time as determined by clock 215 and the upstream transmission time assigned based on clocks 285, 294. Clocks 285 and 294 are clocked through the system time stamp
Synchronized to 215. The time offset is determined by the time offset function 235. The difference is then sent as a timing offset for CPEs 274, 276 in the ranging response message and used as an adjustment factor for modem upstream transmission time.

The effect of this process is that all subscriber devices appear to be at the same virtual distance from the CMTS receiver. In fact, they appear to be at zero physical distance from the CMTS upstream receiver, since the times indicated by the corrected timestamps match the local times at the CMTS 200. Therefore, the CMTS receiver knows the absolute propagation time and the transmission path length for each CPE on the network in its domain. The resolution of this measurement (worst case) is almost 100 feet, and a CMTS
Assuming a sampling clock of 0.24 MHz, use the propagation constant of the magnetic field radiation in free space (ie 3 × 10 ⁸ m / sec / 10.24 × 10 ⁶ Hz / 0.3048 m / ft = 95.8 ft).

The propagation constant of a coaxial cable and an optical cable is approximately 88% of that of free space, respectively.
And 69%. The coaxial to fiber ratio is generally known by the plant manager, but varies widely in different networks. Since it is not possible to determine the exact coaxial-to-fiber ratio in any single plant, the free space propagation constant is used as the worst case. In addition, if the sampling rate is doubled (20.48 MHz), a worst case resolution of almost 50 feet is achieved. Other changes in the sampling rate thus affect the resolution.

FIG. 3 (c) shows the allocated upstream transmission slots after ranging according to the present invention. The assigned upstream transmission slot 330 is allocated time 3 with associated uncertainty
14 shows CM1 and CM2 transmissions at 04 and 314, respectively.

FIG. 3 (d) shows an uncertain region for the signal propagation time according to the present invention. The uncertainty area 350 can be hundreds or thousands of devices, all devices in the network (CM
) Account for the uncertainty ratio. The uncertainty region width represents the worst case uncertainty based on the measurement resolution of the burst in the headend and the value of the LSB within the ranging offset sent to the CM.

The CM1 burst 306 and the CM2 burst 316 are shown as offsets from the reception times 340 expected by the corresponding uncertainties.

The ability to determine the distance of the subscriber device from a known location, such as the headend, and the resolution of this determination is primarily due to the service provider's return path receiver 230 receiving communications back from the subscriber device. By execution.

Thus, in accordance with the present invention, a cloned subscriber device is detected by measuring the propagation time of each upstream message having a given device ID.

If the network operator determines that two different propagation times have been detected from receiving an upstream transmission with the same ID, it is inferred that at least one device is a clone. The operator then takes the appropriate steps to end the transaction for any device that uses the ID.

Thus, the invention allows a network operator to determine that there are multiple subscriber devices with the same identity in the network. It is also possible to detect the movement of a single subscriber device in the network.

With respect to transit time differences, as described above, the CMTS (or comparable service provider device) normalizes all subscriber devices, even if they are located at physically different distances from the CMTS. Appears to be at zero distance from the CMTS.

However, if the client (subscriber) is located at a different distance from the CMTS receiver
If the device could be tricked into believing that it was indeed located at the same distance from the CMTS, the above method of intrusion detection would probably be broken. In this case, a time offset check at the CMTS can no longer reveal the clone device. For example,
Assume that CM1 is a clone master with valid network agreement and CM2 is a clone of that modem. It should be noted that there is additional out-of-band coordination required between the clone master CM and the clone CM for DOCSIS transmission allocation and power control.

The clone first performs ranging, as described in the previous section. However, the clone does not use its own MAC address during the initial ranging process. Instead, it uses the MAC address of another valid CM or perhaps a random MAC address if the CMTS receives it.

After this initial ranging, the clone will have its time offset from the CMTS,
That is, t2 is known. The intrusion detection technology described earlier cannot catch this clone because it does not use its MAC address. In fact, if the clone uses the MAC address of another valid CM, an intrusion detection attempt will unlock the valid CM, resulting in a denial of service attack.

After this initial ranging, the clones again line up with the cloned MAC address. The steps are as follows.

1) CM2 (cable modem clone) is a ranging offset t2 from CMTS
Perform initial ranging with a random but valid MAC address to obtain

2) CM2 with clone master identity (including MAC address)
Listens to clone master initial ranging information. Based on detecting the initial ranging response from the CMTS to the clone master ("peep") (or through some out-of-band method), CM2 knows the value of t1.

3) CM2 then calculates the difference between its time offset (t2) and the clone master's time offset (t1).

4) CM2 performs subsequent initial ranging using the clone master ID,
It appears to the CMTS as being in the same position as the M1 (clone master). CM2 does this by sending a ranging request t2-t1 seconds faster than assumed.

5) CM2 monitors downstream (or “smells”) any use of CM1 (or through an out-of-band method), and if clear, CM2 requests an upstream transmission slot using CM1's identity. be able to.

6) The headend sees the transmission in the correct assignment with the correct time offset and cannot tell the difference without a more sophisticated transmission arrival time detection technique.

An advantage of this method to an attacker is that the CMTS only sees one transient ranging request with an unsubscribed ID. All subsequent initial ranging is performed by one of the clone modems using the clone master's identity.

The intrusion detection techniques described herein can increase these higher frequencies by increasing the frequency of the sampling clock at the CMTS (or other comparable service provider device) to provide a resolution of, for example, greater than 100 feet. Enhanced to detect high performance attacks. This provides additional ranging resolution, so that additional cloning devices can be detected.

Another enhancement is to reduce the number of bits sent to each CPE in the ranging response time offset message, but continue measuring at the current resolution. If, for example, the granularity of the LSB is reduced (eg, by truncating the last three LSBs), the measurement resolution is reduced to 800 feet. As a result of the same sampling frequency, the measurement resolution is still 100 feet. This technique has the effect of increasing transmission time uncertainty based on the physical location of the modem from the cable headend CMTS, and thus the likelihood of copying a CM is detected. This method has the disadvantage that bandwidth is sacrificed.

[0059] Alternatively, these same LSBs are randomized and sent to each of the clone modems. This has the added advantage of not giving an attacker an indication that any intrusion techniques are available. The uncertainties of these measurements are shown in FIG.

[0060] 2. In a second clone detection technique, the frequency difference in the upstream signal from the subscriber device is used to distinguish clone CPE devices. In particular, each CPE 274, 276 transmits on its assigned center frequency. Service provider (for example, CMTS200)
Receives the transmitted signal by matching the frequency of this signal and extracting the information contained in the signal. The exact received frequency is measured by the CMTS 200 by the frequency detector 240 or other service provider equipment that detects the copier.

In addition, adjustment data is provided to the original subscriber device to change its center frequency.

[0062] 3. In a third clone detection technique, the difference in power in the upstream signal from the subscriber device is used to distinguish clone devices. Each CPE 274, 276 transmits at the assigned power level. The CMTS 200 (or other service provider device) sends a command to each CPE to set the power level to use for upstream transmission of the device. However, the power of the signal from each device is weakened by a different amount as the signal travels upstream in the network, so that the level measured at the CMTS 200 is less than the specified transmission level. These reductions are the result of differences in signal attenuation or a portion of the upstream spectrum returning to the CMTS 200 as the signal from each CPE traverses a different path.

The power detector 245 of the CMTS 200 monitors each transmitted burst (upstream signal) and measures power to determine a baseline of expected power level for each device ID. Thus, a clone device is identified when the measured power for a given ID does not match the expected level. Additionally, adjustment data is provided to the original subscriber device to change the power of the signal.

[0064] 4. In a fourth clone detection technique, differences in the spectral characteristics of the upstream signal from the subscriber device are used to distinguish clone devices. Each device transmits through a single path across the cable plant returning to the service provider. The path causes a change in the spectral characteristics of the received upstream signal.

Each burst (upstream signal) received by CTMS 200 is demodulated by CMTS 200
The spectral characteristic detector 250) includes a preamble so that it is "trained" during a time interval before the actual start of the data. During this training time, the demodulator determines the spectral characteristics of the burst and attempts to equalize the burst for optimal reception. One set of equalization (filter) coefficients is derived as a result of the preamble spectrum analysis and sent to each CM. These coefficients are also stored in database 21
Stored within 0 and used to define each individual device together under the assumption that each of these devices traverses a physically different path.

FIG. 4 represents a measurement of the signal power spectrum of the upstream signal received at the headend. Using known frequency domain processing techniques, the power spectrum of the received signal is measured as shown at 400 during the training time interval. The measured spectrum is normalized to a baseline spectrum 420 using the equalization factor.
Any significant deviation from baseline 420 after the training time interval indicates a clone device.

The present invention monitors replicas (eg, cloned subscriptions) in a communications network, such as an HFC cable television network, by monitoring the physical layer of the network to detect transmission differences between devices. It should be appreciated that a technique for searching for a third party device is provided. If such transmission differences are discovered from devices using a common ID, it is clear that a clone device is being used.

The measured properties are one or more of (1) propagation time, (2) frequency,
(3) power, and (4) spectral characteristics. In addition, a combination of properties is used to give greater certainty that a clone is present.

Furthermore, it is not necessary to monitor each characteristic for every upstream signal. For example, only one or two properties need to be measured. The transit time and spectral properties are believed to be particularly effective in detecting clones.
If a mismatch is detected for the device ID, it is probably flagged as a clone and other characteristics are measured to give a more specific decision.

In addition, the selected device IDs are measured if they are suspected for some reason, such as often high call rates from that ID.

A random or continuous measurement of the device is also performed.

Furthermore, the invention is not limited to use in cable modems, but in any network where it is possible to measure the properties disclosed herein and to associate any discrepancies with a specific device ID. Can be used.

Although the invention has been described in connection with various specific embodiments, it will be appreciated that various additions and modifications may be made without departing from the spirit and aspects of the invention as set forth in the appended claims. What the traders know.

[Brief description of the drawings]

FIG. 1 is a block diagram of an HFC network implementing the present invention.

FIG. 2 shows a headend, licensed consumer premises equipment (CPE) and clone CPE according to the present invention.

FIG. 3 (a) shows the calculation of the signal propagation time before ranging according to the present invention, and FIG. 3 (b)
Shows a ranging area according to the present invention, FIG. 3 (c) shows an upstream transmission slot allocated after ranging according to the present invention, and FIG. 3 (d) shows an uncertainty area for a signal propagation time according to the present invention.

FIG. 4 shows a measurement of the power spectrum of the upstream signal received at the headend according to the invention.

[Procedure amendment]

[Submission date] August 3, 2001 (2001.8.3)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claims

[Correction method] Change

[Contents of correction]

[Claims]

──────────────────────────────────────────────────続 き Continuation of front page (81) Designated country EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE ), OA (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, GM, KE, LS, MW, SD, SL, SZ, TZ, UG, ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, CA, CH, CN, CR, CU, CZ, DE, DK, DM, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID , IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZWF terms (Reference) 5K035 BB04 DD01 EE04 FF03 5K042 AA04 CA06 CA18 DA15 DA16 DA22 DA24 EA15 FA15 GA01 NA04 [Continued from the abstract]

Claims (25)

[Claims] 1. A method for detecting a cloned subscriber device in a communication network, the method comprising: recording transmission characteristics of a signal from an original subscriber device authorized for use in the network; Measuring a comparable transmission characteristic of a signal from the subscriber unit claiming to be the original subscriber unit above, and wherein a difference exists between the measured transmission characteristic and the recorded transmission characteristic. Deciding whether or not to do so, wherein any such difference indicates that the asserting subscriber device is a cloned subscriber device. 2. The method according to claim 1, wherein said recording, measuring and determining steps occur at the head end of the network. 3. The method of claim 1, wherein the measured transmission characteristics are associated with a physical layer of the network. 4. The method according to claim 1, wherein said network is a hybrid fiber / coaxial cable television network. 5. The method of claim 4, wherein the original and the claimed subscriber unit are cable modems. 6. The method of claim 4, wherein said original and claimed subscriber unit comprises hybrid fiber / coaxial consumer premises equipment. 7. The method according to claim 1, wherein the recorded transmission characteristics comprise at least one propagation time and a propagation time offset to the signal of the original subscriber unit. 8. The method according to claim 7, wherein the propagation time offset is determined by comparing the assigned propagation time of the signal of the original subscriber unit to its reception time. 9. The method of claim 7, further comprising: providing adjustment data to adjust the propagation time offset to a desired value; and the original subscription for use in adjusting the propagation time offset. Communicating the adjustment data to every subscriber device in the network using an identifier associated with the subscriber device. 10. The method of claim 9, wherein the adjustment data is provided by a network headend. 11. The method of claim 9, further comprising: determining a propagation time offset by sampling a signal of the original subscriber unit using a clock having a clock rate corresponding to the first resolution. Providing adjustment data at a second coarser resolution. 12. The method according to claim 11, wherein the clock rate is a propagation time offset from a nominal level corresponding to said second resolution to recover upstream transmissions from the subscriber unit in the network. The method of increasing to a higher level to reach a first resolution to determine. 13. The method of claim 11, wherein the clock rate operates at a first resolution to initially provide adjustment data, wherein the adjustment data is reduced by omitting at least one of its least significant bits. The method where it is given in two resolutions. 14. The method of claim 11, wherein the clock rate operates at a first resolution to initially provide adjustment data, wherein the adjustment data is randomized in at least one of its least significant bits. The method given in the second resolution. 15. The method according to claim 1, wherein the recorded transmission characteristic comprises at least one frequency and a frequency offset. 16. The method of claim 15, further comprising: providing adjustment data to adjust the frequency offset to a desired value; and the original subscriber device for use in adjusting the frequency. Communicating the adjustment data to any subscriber device in the network using an identifier associated with the method. 17. The method according to claim 1, wherein the recorded transmission characteristic comprises at least one power and a power offset. 18. The method of claim 17, further comprising: providing adjustment data to adjust the power offset to a desired value; and the original subscriber device for use in adjusting the power. Communicating the adjustment data to any subscriber device in the network using an identifier associated with the method. 19. The method of claim 1, wherein the recorded transmission characteristics comprise spectral characteristics. 20. The method according to claim 19, wherein the spectral characteristic comprises at least one power spectrum and a power spectrum offset. 21. The method of claim 20, further comprising: providing adjustment data to adjust the power spectrum offset to a desired value; and an original subscription for use in adjusting the power spectrum. Communicating the adjustment data to every subscriber device in the network using an identifier associated with the subscriber device. 22. The method according to claim 21, wherein the adjustment data comprises filter coefficient data. 23. The method according to claim 1, wherein the recorded transmission characteristics are obtained from a measurement of the signal of the original subscriber device. 24. Apparatus for detecting a cloned subscriber device in a communication network, said means for recording transmission characteristics of a signal from an original subscriber device authorized for use in said network. Means for measuring a comparable transmission characteristic of a signal from a subscriber unit on the network claiming to be the original subscriber unit, and between the measured transmission characteristic and the recorded transmission characteristic. Means for determining whether a difference exists in the subscriber device, wherein any such difference indicates that the asserting subscriber device is a cloned subscriber device. 25. An apparatus for detecting a cloned subscriber device in a communication network, said means for recording transmission characteristics of an original subscriber device authorized for use in said network; Means for comparing the determined transmission characteristics with the comparable transmission characteristics of the subscriber device on the network claiming to be the original subscriber device, the difference between the compared transmission characteristics being the claimed subscriber. A device where the device is a clone subscriber device.