rfc2574.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,446 行 · 第 1/5 页
TXT
1,446 行
Network Working Group U. Blumenthal
Request for Comments: 2574 IBM T. J. Watson Research
Obsoletes: 2274 B. Wijnen
Category: Standards Track IBM T. J. Watson Research
April 1999
User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
This document describes the User-based Security Model (USM) for SNMP
version 3 for use in the SNMP architecture [RFC2571]. It defines the
Elements of Procedure for providing SNMP message level security.
This document also includes a MIB for remotely monitoring/managing
the configuration parameters for this Security Model.
Table of Contents
1. Introduction 3
1.1. Threats 4
1.2. Goals and Constraints 5
1.3. Security Services 6
1.4. Module Organization 7
1.4.1. Timeliness Module 7
1.4.2. Authentication Protocol 8
1.4.3. Privacy Protocol 8
1.5. Protection against Message Replay, Delay and Redirection 8
1.5.1. Authoritative SNMP engine 8
1.5.2. Mechanisms 9
1.6. Abstract Service Interfaces 10
1.6.1. User-based Security Model Primitives for Authentication 11
1.6.2. User-based Security Model Primitives for Privacy 11
2. Elements of the Model 12
2.1. User-based Security Model Users 12
Blumenthal & Wijnen Standards Track [Page 1]
RFC 2574 USM for SNMPv3 April 1999
2.2. Replay Protection 13
2.2.1. msgAuthoritativeEngineID 13
2.2.2. msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime14
2.2.3. Time Window 15
2.3. Time Synchronization 15
2.4. SNMP Messages Using this Security Model 16
2.5. Services provided by the User-based Security Model 17
2.5.1. Services for Generating an Outgoing SNMP Message 17
2.5.2. Services for Processing an Incoming SNMP Message 19
2.6. Key Localization Algorithm. 21
3. Elements of Procedure 21
3.1. Generating an Outgoing SNMP Message 22
3.2. Processing an Incoming SNMP Message 25
4. Discovery 30
5. Definitions 31
6. HMAC-MD5-96 Authentication Protocol 50
6.1. Mechanisms 50
6.1.1. Digest Authentication Mechanism 50
6.2. Elements of the Digest Authentication Protocol 51
6.2.1. Users 51
6.2.2. msgAuthoritativeEngineID 51
6.2.3. SNMP Messages Using this Authentication Protocol 51
6.2.4. Services provided by the HMAC-MD5-96 Authentication Module52
6.2.4.1. Services for Generating an Outgoing SNMP Message 52
6.2.4.2. Services for Processing an Incoming SNMP Message 53
6.3. Elements of Procedure 53
6.3.1. Processing an Outgoing Message 54
6.3.2. Processing an Incoming Message 54
7. HMAC-SHA-96 Authentication Protocol 55
7.1. Mechanisms 55
7.1.1. Digest Authentication Mechanism 56
7.2. Elements of the HMAC-SHA-96 Authentication Protocol 56
7.2.1. Users 56
7.2.2. msgAuthoritativeEngineID 57
7.2.3. SNMP Messages Using this Authentication Protocol 57
7.2.4. Services provided by the HMAC-SHA-96 Authentication Module57
7.2.4.1. Services for Generating an Outgoing SNMP Message 57
7.2.4.2. Services for Processing an Incoming SNMP Message 58
7.3. Elements of Procedure 59
7.3.1. Processing an Outgoing Message 59
7.3.2. Processing an Incoming Message 60
8. CBC-DES Symmetric Encryption Protocol 61
8.1. Mechanisms 61
8.1.1. Symmetric Encryption Protocol 61
8.1.1.1. DES key and Initialization Vector. 62
8.1.1.2. Data Encryption. 63
8.1.1.3. Data Decryption 63
8.2. Elements of the DES Privacy Protocol 63
Blumenthal & Wijnen Standards Track [Page 2]
RFC 2574 USM for SNMPv3 April 1999
8.2.1. Users 63
8.2.2. msgAuthoritativeEngineID 64
8.2.3. SNMP Messages Using this Privacy Protocol 64
8.2.4. Services provided by the DES Privacy Module 64
8.2.4.1. Services for Encrypting Outgoing Data 64
8.2.4.2. Services for Decrypting Incoming Data 65
8.3. Elements of Procedure. 66
8.3.1. Processing an Outgoing Message 66
8.3.2. Processing an Incoming Message 66
9. Intellectual Property 67
10. Acknowledgements 67
11. Security Considerations 69
11.1. Recommended Practices 69
11.2. Defining Users 71
11.3. Conformance 72
11.4. Use of Reports 72
11.5. Access to the SNMP-USER-BASED-SM-MIB 72
12. References 73
13. Editors' Addresses 75
A.1. SNMP engine Installation Parameters 76
A.2. Password to Key Algorithm 78
A.2.1. Password to Key Sample Code for MD5 79
A.2.2. Password to Key Sample Code for SHA 80
A.3. Password to Key Sample Results 81
A.3.1. Password to Key Sample Results using MD5 81
A.3.2. Password to Key Sample Results using SHA 81
A.4. Sample encoding of msgSecurityParameters 82
A.5. Sample keyChange Results 83
A.5.1. Sample keyChange Results using MD5 83
A.5.2. Sample keyChange Results using SHA 84
B. Change Log 85
C. Full Copyright Statement 86
1. Introduction
The Architecture for describing Internet Management Frameworks
[RFC2571] describes that an SNMP engine is composed of:
1) a Dispatcher
2) a Message Processing Subsystem,
3) a Security Subsystem, and
4) an Access Control Subsystem.
Applications make use of the services of these subsystems.
It is important to understand the SNMP architecture and the
terminology of the architecture to understand where the Security
Model described in this document fits into the architecture and
Blumenthal & Wijnen Standards Track [Page 3]
RFC 2574 USM for SNMPv3 April 1999
interacts with other subsystems within the architecture. The reader
is expected to have read and understood the description of the SNMP
architecture, as defined in [RFC2571].
This memo [RFC2274] describes the User-based Security Model as it is
used within the SNMP Architecture. The main idea is that we use the
traditional concept of a user (identified by a userName) with which
to associate security information.
This memo describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the
authentication protocols and the use of CBC-DES as the privacy
protocol. The User-based Security Model however allows for other such
protocols to be used instead of or concurrent with these protocols.
Therefore, the description of HMAC-MD5-96, HMAC-SHA-96 and CBC-DES
are in separate sections to reflect their self-contained nature and
to indicate that they can be replaced or supplemented in the future.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.1. Threats
Several of the classical threats to network protocols are applicable
to the network management problem and therefore would be applicable
to any SNMP Security Model. Other threats are not applicable to the
network management problem. This section discusses principal
threats, secondary threats, and threats which are of lesser
importance.
The principal threats against which this SNMP Security Model should
provide protection are:
- Modification of Information
The modification threat is the danger that some unauthorized entity
may alter in-transit SNMP messages generated on behalf of an
authorized principal in such a way as to effect unauthorized
management operations, including falsifying the value of an object.
- Masquerade
The masquerade threat is the danger that management operations not
authorized for some user may be attempted by assuming the identity
of another user that has the appropriate authorizations.
Two secondary threats are also identified. The Security Model
defined in this memo provides limited protection against:
Blumenthal & Wijnen Standards Track [Page 4]
RFC 2574 USM for SNMPv3 April 1999
- Disclosure
The disclosure threat is the danger of eavesdropping on the
exchanges between managed agents and a management station.
Protecting against this threat may be required as a matter of local
policy.
- Message Stream Modification
The SNMP protocol is typically based upon a connection-less
transport service which may operate over any sub-network service.
The re-ordering, delay or replay of messages can and does occur
through the natural operation of many such sub-network services.
The message stream modification threat is the danger that messages
may be maliciously re-ordered, delayed or replayed to an extent
which is greater than can occur through the natural operation of a
sub-network service, in order to effect unauthorized management
operations.
There are at least two threats that an SNMP Security Model need not
protect against. The security protocols defined in this memo do not
provide protection against:
- Denial of Service
This SNMP Security Model does not attempt to address the broad
range of attacks by which service on behalf of authorized users is
denied. Indeed, such denial-of-service attacks are in many cases
indistinguishable from the type of network failures with which any
viable network management protocol must cope as a matter of course.
- Traffic Analysis
This SNMP Security Model does not attempt to address traffic
analysis attacks. Indeed, many traffic patterns are predictable -
devices may be managed on a regular basis by a relatively small
number of management applications - and therefore there is no
significant advantage afforded by protecting against traffic
analysis.
1.2. Goals and Constraints
Based on the foregoing account of threats in the SNMP network
management environment, the goals of this SNMP Security Model are as
follows.
1) Provide for verification that each received SNMP message has
not been modified during its transmission through the network.
2) Provide for verification of the identity of the user on whose
behalf a received SNMP message claims to have been generated.
Blumenthal & Wijnen Standards Track [Page 5]
RFC 2574 USM for SNMPv3 April 1999
3) Provide for detection of received SNMP messages, which request
or contain management information, whose time of generation was
not recent.
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?