DS traffic is broadcast to all ONUs, so the encryption is essentially easy for a malicious user to reprogram ONU and capture desired frames. US traffic not seen by other ONUs, so the encryption is not needed.

Do not consider fiber-tappers because EPON does not provide any STANDARD encryption method, but

• Can supplement with IPsec or MACsec.
• Many vendors have added proprietary AES-based mechanisms.

BPON USED a mechanism called churning − Churning was a low cost hardware solution (24b key) with SEVERAL SECURITY flaws

• Engine was linear - simple known-text attack
• 24b key turned out to be derivable in 512 tries
• Therefore, G.983.3 added AES support - now used in GPON.

DS traffic is broadcast to all ONUs, so the encryption is essentially easy for a malicious user to reprogram ONU and capture desired frames. US traffic not seen by other ONUs, so the encryption is not needed.

Do not consider fiber-tappers because EPON does not provide any standard encryption method, but

BPON used a mechanism called churning − Churning was a low cost hardware solution (24b key) with several security flaws