📄 rfc2264.txt
字号:
Network Working Group U. BlumenthalRequest for Comments: 2264 IBM T. J. Watson ResearchCategory: Standards Track B. Wijnen IBM T. J. Watson Research January 1998 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (1997). All Rights Reserved.Abstract This document describes the User-based Security Model (USM) for SNMP version 3 for use in the SNMP architecture [RFC2261]. It defines the Elements of Procedure for providing SNMP message level security. This document also includes a MIB for remotely monitoring/managing the configuration parameters for this Security Model.Table of Contents1. Introduction 31.1. Threats 41.2. Goals and Constraints 51.3. Security Services 61.4. Module Organization 71.4.1. Timeliness Module 71.4.2. Authentication Protocol 81.4.3. Privacy Protocol 81.5. Protection against Message Replay, Delay and Redirection 81.5.1. Authoritative SNMP engine 81.5.2. Mechanisms 81.6. Abstract Service Interfaces. 101.6.1. User-based Security Model Primitives for Authentication 111.6.2. User-based Security Model Primitives for Privacy 112. Elements of the Model 122.1. User-based Security Model Users 12Blumenthal & Wijnen Standards Track [Page 1]
RFC 2264 USM for SNMPv3 January 19982.2. Replay Protection 132.2.1. msgAuthoritativeEngineID 132.2.2. msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime 142.2.3. Time Window 152.3. Time Synchronization 152.4. SNMP Messages Using this Security Model 162.5. Services provided by the User-based Security Model 172.5.1. Services for Generating an Outgoing SNMP Message 172.5.2. Services for Processing an Incoming SNMP Message 192.6. Key Localization Algorithm. 213. Elements of Procedure 213.1. Generating an Outgoing SNMP Message 223.2. Processing an Incoming SNMP Message 254. Discovery 305. Definitions 316. HMAC-MD5-96 Authentication Protocol 456.1. Mechanisms 456.1.1. Digest Authentication Mechanism 466.2. Elements of the Digest Authentication Protocol 466.2.1. Users 466.2.2. msgAuthoritativeEngineID 476.2.3. SNMP Messages Using this Authentication Protocol 476.2.4. Services provided by the HMAC-MD5-96 Authentication Module 476.2.4.1. Services for Generating an Outgoing SNMP Message 476.2.4.2. Services for Processing an Incoming SNMP Message 486.3. Elements of Procedure 496.3.1. Processing an Outgoing Message 496.3.2. Processing an Incoming Message 507. HMAC-SHA-96 Authentication Protocol 517.1. Mechanisms 517.1.1. Digest Authentication Mechanism 517.2. Elements of the HMAC-SHA-96 Authentication Protocol 527.2.1. Users 527.2.2. msgAuthoritativeEngineID 527.2.3. SNMP Messages Using this Authentication Protocol 537.2.4. Services provided by the HMAC-SHA-96 Authentication Module 537.2.4.1. Services for Generating an Outgoing SNMP Message 537.2.4.2. Services for Processing an Incoming SNMP Message 547.3. Elements of Procedure 547.3.1. Processing an Outgoing Message 557.3.2. Processing an Incoming Message 558. CBC-DES Symmetric Encryption Protocol 568.1. Mechanisms 568.1.1. Symmetric Encryption Protocol 578.1.1.1. DES key and Initialization Vector. 578.1.1.2. Data Encryption. 588.1.1.3. Data Decryption 598.2. Elements of the DES Privacy Protocol 59Blumenthal & Wijnen Standards Track [Page 2]
RFC 2264 USM for SNMPv3 January 19988.2.1. Users 598.2.2. msgAuthoritativeEngineID 598.2.3. SNMP Messages Using this Privacy Protocol 608.2.4. Services provided by the DES Privacy Module 608.2.4.1. Services for Encrypting Outgoing Data 608.2.4.2. Services for Decrypting Incoming Data 618.3. Elements of Procedure. 618.3.1. Processing an Outgoing Message 618.3.2. Processing an Incoming Message 629. Intellectual Property 6210. Acknowledgements 6311. Security Considerations 6411.1. Recommended Practices 6411.2. Defining Users 6611.3. Conformance 6712. References 6713. Editors' Addresses 69A.1. SNMP engine Installation Parameters 70A.2. Password to Key Algorithm 71A.2.1. Password to Key Sample Code for MD5 71A.2.2. Password to Key Sample Code for SHA 72A.3. Password to Key Sample Results 73A.3.1. Password to Key Sample Results using MD5 73A.3.2. Password to Key Sample Results using SHA 74A.4. Sample encoding of msgSecurityParameters 74B. Full Copyright Statement 761. Introduction The Architecture for describing Internet Management Frameworks [RFC2261] describes that an SNMP engine is composed of: 1) a Dispatcher 2) a Message Processing Subsystem, 3) a Security Subsystem, and 4) an Access Control Subsystem. Applications make use of the services of these subsystems. It is important to understand the SNMP architecture and the terminology of the architecture to understand where the Security Model described in this document fits into the architecture and interacts with other subsystems within the architecture. The reader is expected to have read and understood the description of the SNMP architecture, as defined in [RFC2261].Blumenthal & Wijnen Standards Track [Page 3]
RFC 2264 USM for SNMPv3 January 1998 This memo [RFC2264] describes the User-based Security Model as it is used within the SNMP Architecture. The main idea is that we use the traditional concept of a user (identified by a userName) with which to associate security information. This memo describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the authentication protocols and the use of CBC-DES as the privacy protocol. The User-based Security Model however allows for other such protocols to be used instead of or concurrent with these protocols. Therefore, the description of HMAC-MD5-96, HMAC-SHA-96 and CBC-DES are in separate sections to reflect their self-contained nature and to indicate that they can be replaced or supplemented in the future. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].1.1. Threats Several of the classical threats to network protocols are applicable to the network management problem and therefore would be applicable to any SNMP Security Model. Other threats are not applicable to the network management problem. This section discusses principal threats, secondary threats, and threats which are of lesser importance. The principal threats against which this SNMP Security Model should provide protection are: - Modification of Information The modification threat is the danger that some unauthorized entity may alter in-transit SNMP messages generated on behalf of an authorized user in such a way as to effect unauthorized management operations, including falsifying the value of an object. - Masquerade The masquerade threat is the danger that management operations not authorized for some user may be attempted by assuming the identity of another user that has the appropriate authorizations. Two secondary threats are also identified. The Security Model defined in this memo provides limited protection against: - Disclosure The disclosure threat is the danger of eavesdropping on the exchanges between managed agents and a management station. Protecting against this threat may be required as a matter of local policy.Blumenthal & Wijnen Standards Track [Page 4]
RFC 2264 USM for SNMPv3 January 1998 - Message Stream Modification The SNMP protocol is typically based upon a connection-less transport service which may operate over any sub-network service. The re-ordering, delay or replay of messages can and does occur through the natural operation of many such sub-network services. The message stream modification threat is the danger that messages may be maliciously re-ordered, delayed or replayed to an extent which is greater than can occur through the natural operation of a sub-network service, in order to effect unauthorized management operations. There are at least two threats that an SNMP Security Model need not protect against. The security protocols defined in this memo do not provide protection against: - Denial of Service This SNMP Security Model does not attempt to address the broad range of attacks by which service on behalf of authorized users is denied. Indeed, such denial-of-service attacks are in many cases indistinguishable from the type of network failures with which any viable network management protocol must cope as a matter of course. - Traffic Analysis This SNMP Security Model does not attempt to address traffic analysis attacks. Indeed, many traffic patterns are predictable - devices may be managed on a regular basis by a relatively small number of management applications - and therefore there is no significant advantage afforded by protecting against traffic analysis.1.2. Goals and Constraints Based on the foregoing account of threats in the SNMP network management environment, the goals of this SNMP Security Model are as follows. 1) Provide for verification that each received SNMP message has not been modified during its transmission through the network. 2) Provide for verification of the identity of the user on whose behalf a received SNMP message claims to have been generated. 3) Provide for detection of received SNMP messages, which request or contain management information, whose time of generation was not recent. 4) Provide, when necessary, that the contents of each received SNMP message are protected from disclosure.Blumenthal & Wijnen Standards Track [Page 5]
RFC 2264 USM for SNMPv3 January 1998 In addition to the principal goal of supporting secure network management, the design of this SNMP Security Model is also influenced by the following constraints: 1) When the requirements of effective management in times of network stress are inconsistent with those of security, the design should prefer the former. 2) Neither the security protocol nor its underlying security mechanisms should depend upon the ready availability of other network services (e.g., Network Time Protocol (NTP) or key management protocols).⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -