A review of the security role of ISP mandated ONUs and ONTs in GPONs

Home fiber connections are largely realized by using passive optical networks, in their most common form today relying on the GPON standard. Among other things, this standard specifies how the first node inside of customers' homes, the so called ONU or ONT, has to behave, and which security features have to be supported. Currently, customers in some European countries, including Germany, have freedom of choice between using terminal equipment provided by the ISP or a self-selected open market device.We analyze the security implications resulting from this freedom of choice and whether or not ISP-mandated hardware would increase the security of the GPON. Our review reveals that there are no differences between an ISP-mandated ONU/ONT and a standard conforming subscriber-selected ONU/ONT that would justify the security based recommendation of an ISP-mandated ONU/ONT.