📄 rfc2574.txt
字号:
Network Working Group U. BlumenthalRequest for Comments: 2574 IBM T. J. Watson ResearchObsoletes: 2274 B. WijnenCategory: Standards Track IBM T. J. Watson Research April 1999 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (1999). All Rights Reserved.Abstract This document describes the User-based Security Model (USM) for SNMP version 3 for use in the SNMP architecture [RFC2571]. It defines the Elements of Procedure for providing SNMP message level security. This document also includes a MIB for remotely monitoring/managing the configuration parameters for this Security Model.Table of Contents 1. Introduction 3 1.1. Threats 4 1.2. Goals and Constraints 5 1.3. Security Services 6 1.4. Module Organization 7 1.4.1. Timeliness Module 7 1.4.2. Authentication Protocol 8 1.4.3. Privacy Protocol 8 1.5. Protection against Message Replay, Delay and Redirection 8 1.5.1. Authoritative SNMP engine 8 1.5.2. Mechanisms 9 1.6. Abstract Service Interfaces 10 1.6.1. User-based Security Model Primitives for Authentication 11 1.6.2. User-based Security Model Primitives for Privacy 11 2. Elements of the Model 12 2.1. User-based Security Model Users 12Blumenthal & Wijnen Standards Track [Page 1]
RFC 2574 USM for SNMPv3 April 1999 2.2. Replay Protection 13 2.2.1. msgAuthoritativeEngineID 13 2.2.2. msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime14 2.2.3. Time Window 15 2.3. Time Synchronization 15 2.4. SNMP Messages Using this Security Model 16 2.5. Services provided by the User-based Security Model 17 2.5.1. Services for Generating an Outgoing SNMP Message 17 2.5.2. Services for Processing an Incoming SNMP Message 19 2.6. Key Localization Algorithm. 21 3. Elements of Procedure 21 3.1. Generating an Outgoing SNMP Message 22 3.2. Processing an Incoming SNMP Message 25 4. Discovery 30 5. Definitions 31 6. HMAC-MD5-96 Authentication Protocol 50 6.1. Mechanisms 50 6.1.1. Digest Authentication Mechanism 50 6.2. Elements of the Digest Authentication Protocol 51 6.2.1. Users 51 6.2.2. msgAuthoritativeEngineID 51 6.2.3. SNMP Messages Using this Authentication Protocol 51 6.2.4. Services provided by the HMAC-MD5-96 Authentication Module52 6.2.4.1. Services for Generating an Outgoing SNMP Message 52 6.2.4.2. Services for Processing an Incoming SNMP Message 53 6.3. Elements of Procedure 53 6.3.1. Processing an Outgoing Message 54 6.3.2. Processing an Incoming Message 54 7. HMAC-SHA-96 Authentication Protocol 55 7.1. Mechanisms 55 7.1.1. Digest Authentication Mechanism 56 7.2. Elements of the HMAC-SHA-96 Authentication Protocol 56 7.2.1. Users 56 7.2.2. msgAuthoritativeEngineID 57 7.2.3. SNMP Messages Using this Authentication Protocol 57 7.2.4. Services provided by the HMAC-SHA-96 Authentication Module57 7.2.4.1. Services for Generating an Outgoing SNMP Message 57 7.2.4.2. Services for Processing an Incoming SNMP Message 58 7.3. Elements of Procedure 59 7.3.1. Processing an Outgoing Message 59 7.3.2. Processing an Incoming Message 60 8. CBC-DES Symmetric Encryption Protocol 61 8.1. Mechanisms 61 8.1.1. Symmetric Encryption Protocol 61 8.1.1.1. DES key and Initialization Vector. 62 8.1.1.2. Data Encryption. 63 8.1.1.3. Data Decryption 63 8.2. Elements of the DES Privacy Protocol 63Blumenthal & Wijnen Standards Track [Page 2]
RFC 2574 USM for SNMPv3 April 1999 8.2.1. Users 63 8.2.2. msgAuthoritativeEngineID 64 8.2.3. SNMP Messages Using this Privacy Protocol 64 8.2.4. Services provided by the DES Privacy Module 64 8.2.4.1. Services for Encrypting Outgoing Data 64 8.2.4.2. Services for Decrypting Incoming Data 65 8.3. Elements of Procedure. 66 8.3.1. Processing an Outgoing Message 66 8.3.2. Processing an Incoming Message 66 9. Intellectual Property 67 10. Acknowledgements 67 11. Security Considerations 69 11.1. Recommended Practices 69 11.2. Defining Users 71 11.3. Conformance 72 11.4. Use of Reports 72 11.5. Access to the SNMP-USER-BASED-SM-MIB 72 12. References 73 13. Editors' Addresses 75 A.1. SNMP engine Installation Parameters 76 A.2. Password to Key Algorithm 78 A.2.1. Password to Key Sample Code for MD5 79 A.2.2. Password to Key Sample Code for SHA 80 A.3. Password to Key Sample Results 81 A.3.1. Password to Key Sample Results using MD5 81 A.3.2. Password to Key Sample Results using SHA 81 A.4. Sample encoding of msgSecurityParameters 82 A.5. Sample keyChange Results 83 A.5.1. Sample keyChange Results using MD5 83 A.5.2. Sample keyChange Results using SHA 84 B. Change Log 85 C. Full Copyright Statement 861. Introduction The Architecture for describing Internet Management Frameworks [RFC2571] describes that an SNMP engine is composed of: 1) a Dispatcher 2) a Message Processing Subsystem, 3) a Security Subsystem, and 4) an Access Control Subsystem. Applications make use of the services of these subsystems. It is important to understand the SNMP architecture and the terminology of the architecture to understand where the Security Model described in this document fits into the architecture andBlumenthal & Wijnen Standards Track [Page 3]
RFC 2574 USM for SNMPv3 April 1999 interacts with other subsystems within the architecture. The reader is expected to have read and understood the description of the SNMP architecture, as defined in [RFC2571]. This memo [RFC2274] describes the User-based Security Model as it is used within the SNMP Architecture. The main idea is that we use the traditional concept of a user (identified by a userName) with which to associate security information. This memo describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the authentication protocols and the use of CBC-DES as the privacy protocol. The User-based Security Model however allows for other such protocols to be used instead of or concurrent with these protocols. Therefore, the description of HMAC-MD5-96, HMAC-SHA-96 and CBC-DES are in separate sections to reflect their self-contained nature and to indicate that they can be replaced or supplemented in the future. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].1.1. Threats Several of the classical threats to network protocols are applicable to the network management problem and therefore would be applicable to any SNMP Security Model. Other threats are not applicable to the network management problem. This section discusses principal threats, secondary threats, and threats which are of lesser importance. The principal threats against which this SNMP Security Model should provide protection are: - Modification of Information The modification threat is the danger that some unauthorized entity may alter in-transit SNMP messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object. - Masquerade The masquerade threat is the danger that management operations not authorized for some user may be attempted by assuming the identity of another user that has the appropriate authorizations. Two secondary threats are also identified. The Security Model defined in this memo provides limited protection against:Blumenthal & Wijnen Standards Track [Page 4]
RFC 2574 USM for SNMPv3 April 1999 - Disclosure The disclosure threat is the danger of eavesdropping on the exchanges between managed agents and a management station. Protecting against this threat may be required as a matter of local policy. - Message Stream Modification The SNMP protocol is typically based upon a connection-less transport service which may operate over any sub-network service. The re-ordering, delay or replay of messages can and does occur through the natural operation of many such sub-network services. The message stream modification threat is the danger that messages may be maliciously re-ordered, delayed or replayed to an extent which is greater than can occur through the natural operation of a sub-network service, in order to effect unauthorized management operations. There are at least two threats that an SNMP Security Model need not protect against. The security protocols defined in this memo do not provide protection against: - Denial of Service This SNMP Security Model does not attempt to address the broad range of attacks by which service on behalf of authorized users is denied. Indeed, such denial-of-service attacks are in many cases indistinguishable from the type of network failures with which any viable network management protocol must cope as a matter of course. - Traffic Analysis This SNMP Security Model does not attempt to address traffic analysis attacks. Indeed, many traffic patterns are predictable - devices may be managed on a regular basis by a relatively small number of management applications - and therefore there is no significant advantage afforded by protecting against traffic analysis.1.2. Goals and Constraints Based on the foregoing account of threats in the SNMP network management environment, the goals of this SNMP Security Model are as follows. 1) Provide for verification that each received SNMP message has not been modified during its transmission through the network. 2) Provide for verification of the identity of the user on whose behalf a received SNMP message claims to have been generated.Blumenthal & Wijnen Standards Track [Page 5]
RFC 2574 USM for SNMPv3 April 1999 3) Provide for detection of received SNMP messages, which request or contain management information, whose time of generation was not recent. 4) Provide, when necessary, that the contents of each received SNMP message are protected from disclosure. In addition to the principal goal of supporting secure network management, the design of this SNMP Security Model is also influenced by the following constraints:⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -