snmpv3 * * mani subramanian “network management: principles and practice”, addison-wesley, 2000

SNMPv3*

*Mani Subramanian “Network Management: Principles and practice”, Addison-Wesley, 2000.

SNMPv3

Background and security threats

SNMPv3 Architecture SNMPv3 Applications Message Format User-based Security Model

(USM) View-based Access Control

Model (VCAM)

Background SGMP: monitor gateways SNMP: simple but powerful

facilities to monitor and control NEs

o SMIo MIBo Protocol

SNMP deficiencies: Difficulties in monitoring

networks as opposed to nodes on networks,

RMON Lack of security facilities,

S-SNMP SNMPv2

SNMPv2 SNMPv2 Working Group:

charged with all non security aspects

o SMI, MIB, Protocol, Conformance issues, compatibility issues

SNMPv2 Security WGo Based on S-SNMP, many

unresolved issues SNMPv2 was finally issued

w/out security features and security work and previous efforts resulted in creating a new standard, SNMPv3

Design Requirements Address the need for

secure support (especially those required by set-request operations)

Define and architecture that allows for longevity for SNMP

Allow different portions of the architecture to move at different speeds towards standard status

Allow for future extensions (Modular Implementation)

Keep SNMP simple

Allow for minimal implementations

Support also more complex features, which are required in large networks

Re-use existing specifications, whenever possible

Security Threats

Modification of Information an entity may alter in-transit SNMP messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object

Masquerade management operations not authorized for some entity may be attempted by assuming the identity of another entity that has the appropriate authorizations

ManagementEntity A

ManagementEntity B

Modification of informationMasquerade

Message stream modification

Disclosure

Security Threats

Message Stream Modification SNMP is typically based upon a connectionless transport service. Messages may be maliciously re-ordered, delayed or replayed, in order to effect unauthorized management operations.

oFor example, a message to reboot a system could be copied and replayed later

Disclosure Eavesdropping or intercepting on the exchanges between SNMP engines

ManagementEntity A

ManagementEntity B



Disclosure

Security Threats

SNMPv3 is not intended to secure against these two threats: Denial of Service: An attacker may prevent exchanges between manager and agent

DOS are indistinguishable from network element failuresDOS may disrupt all services (not just those pertaining to NM)

Traffic Analysis: An attacker may observe the general pattern of traffic between managers and agents

ManagementEntity A

ManagementEntity B



Disclosure

SNMPv3




Model (VCAM)

SNMP Architecture Distributed, interacting collection of SNMP entities SNMP entity implements a portion of the SNMP capability:

It acts either as an agent or manager or both A collection of modules interacting with each other to provide services

OTHERNOTIFICATIONORIGINATOR

COMMANDRESPONDER

COMMANDGENERATOR

NOTIFICATIONRECEIVER

PROXYFORWARDER

SNMP APPLICATIONS

SNMP ENGINE

MESSAGE PROCESSING

SUBSYSTEMDISPATCHERSECURITY

SUBSYSTEMACCESS CONTROL

SUBSYSTEM

SNMP ENTITY

OTHER

SNMP Architecture

Advantages:

The role of SNMP entity is determined by the modules implemented in that entity

oCertain set of modules are required for agent, while a different set is required for a manager

Security subsystem provides services such as authentication and privacy of messages

oMultiple security models can coexist

Set of authorization services an application can use for checking access rights

oAccess Control

SNMP Architecture-Manager

NOTIFICATIONRECEIVER

COMMANDGENERATOR

PDUDISPATCHER

USER BASEDSECURITY MODEL

OTHERSECURITY MODEL

SECURITY SUBSYSTEM

SNMPv1

SNMPv2C

SNMPv3

OTHER

MESSAGE PROCESSINGSUBSYSTEM

MESSAGEDISPATCHER

TRANSPORTMAPPINGS

NOTIFICATIONORIGINATOR

SECURITY MODELCOMMUNITY BASED

SNMPv3 Architecture-ManagerCommand Generator Application

oMonitor and manipulate management data at remote agentsoMake use of SNMPv1,v2 PDUs: Get, GetNext, GetBulk, etc.

Notification Originator ApplicationInitiates messages, such as InformRequest PDU

Notification Receiver ApplicationoReceive messages from other managers or agentsoInformRequest, SNMPv1- and SNMPv2-Traps, etc…

These applications make use of the services provided by the SNMP engine:

oGet Outgoing PDUs, process them and generates SNMP messages for transmission over the transport layeroAccept incoming SNMP messages, process them, and extracts PDUs and passes them to appropriate SNMP application

SNMPv3 Architecture-Manager

One dispatcher in an SNMP engineoAccepts PDUs from applicationsoHandles multiple version messages (SNMPv1, v2, v3)oInterfaces with application modules, network, and message processing models

Three components for three functionsTransport mapper delivers messages over the transport protocolRoutes messages between network and appropriate module of MPSPDU dispatcher handles messages between application and MPS

SNMP Engine (identified by snmpEngineID)

DispatcherMessage

ProcessingSubsystem

SecuritySubsystem


Accepts outgoing PDUs from Dispatcher, attach appropriate header, and return message to Dispatcher

Accepts incoming messages, process each message header, and return the enclosed PDU to the Dispatcher

Contains one or more Message Processing Models, each for each SNMP version

SNMP version identified in the header


MessageProcessingSubsystem

SecuritySubsystem

Dispatcher


Security subsystems perform authentication and encryption functions for each outgoing/incoming messageOutgoing PDUs may be encrypted and authentication codes generated and appended to the message header

oThe message is then returned to the MPSIncoming messages are passed to the security subsystem

oMessage decryption oMessages authenticated


SecuritySubsystem

DispatcherMessage

ProcessingSubsystem

SNMPv3 Architecture-Agent

PDUDISPATCHER

SNMPv1

SNMPv2C

SNMPv3

OTHER

MESSAGE PROCESSINGSUBSYSTEM

MESSAGEDISPATCHER

TRANSPORTMAPPINGS

MANAGEMENT INFORMATION BASE

VIEW BASEDACCESS CONTROL

ACCESS CONTROL SUBSYSTEM

NOTIFICATIONORIGINATOR

COMMANDRESPONDER

USER BASEDSECURITY MODEL

OTHERSECURITY MODEL

SECURITY SUBSYSTEM

Proxy ForwarderApplications

COMMUNITY BASEDSECURITY MODEL

SNMPv3 Architecture-Agent

Command Responder ApplicationoProvides access to management dataoResponds to incoming requests by retrieving and/or setting managed objects and issuing Response PDU

Notification Originator Applicationoe.g., SNMPv1, v2 Trap PDU

Proxy Forwarder Application oForwards messages between entities

Access Control SubsystemoProvides authorization services to “control access” to the MIB for reading and setting management objectsoWho can accessoWhat can be accessed

Terminology

SNMP Engine ID snmpEngineID -- associated with each SNMP entity

Principal principal -- person or group or application requesting services

Security Name securityName -- human readable name

Context Engine ID contextEngineID -- each entity has a unique context ID (identical to snmpEngineID)

Context Name contextName --a context associated with a managed object (for access control)

An SNMP agent can monitor more than one network element (context)

Example: SNMP Engine ID IP address Principal John Smith Security Name Administrator

snmpEngineID

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=4

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=2

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=3

OT HE R

SNMP ENGINE

SNMP ENTITY

snmpEngineID=1

Abstract Service InterfacesAbstract service interface is a conceptual interface between modules, independent of implementation

Defines a set of primitives oA primitive specifies the function to be performed (e.g., procedure call)

Primitives associated with receiving entitiesoAn interface defined used primitive and parameters is referred to as “abstract service interface”

e.g., Dispatcher primitives:oHandle messages to and from applicationsoregistering and un-registering of application modulesotransmitting to and receiving messages from network

IN and OUT parameters

Status information / result

Dispatcher Primitives

sendPdu

Used by a command generator to send SNMP request or notification PDU to another SNMP entityWhen successfully preparing the message by the Dispatcher:

a sendPduHandle (unique identifier) is returned (to track any response, if any is expected)

The application also provides transport domain/address for the PDU as well as message processing model, security model, principal, level of security, the context for this PDU, and the PDU itself

CommandGenerator

Dispatcher

AbstractService

Interface

sendPdu

AbstractService

Interface

prep

areO

utgo

ingM

essa

ge

MessageProcessing

Model

sendPduHandle/Error Indication


processResponsePduUsed by Dispatcher to pass an incoming response PDU to an applicationThe application checks whether it is matched with a preceding request or notification PDU by checking the sendPduHandle:

Success or failure

CommandGenerator

Dispatcher

sendPdu

AbstractService

Interface

prep

areO

utgo

ingM

essa

ge

MessageProcessing

Model

sendPduHandle/errorIndication

processResponsePdu


processPduUsed by Dispatcher to pass an incoming request or notification PDU to an applicationSecurity related information is required to generate a matching response message

The security subsystem will check whether access is allowed and a response will be generated accordingly

returnResponsePduUsed by command responder to return an SNMP response in response to an incoming request or notification

CommandGenerator

Dispatcher

sendPdu

AbstractService

Interface

prep

areO

utgo

ingM

essa

ge

MessageProcessing

Model


processPdu

Message Processing Subsystem Primitives

prepareOutgoingMessage Prepare a message for an outgoing SNMP request or notification PDU The IN parameter is a PDU and OUT parameter is the message Success or failure is returned

prepareResponseMessage Request the preparation of a message containing an outgoing SNMP response PDU, in response to an incoming request or notification PDU

CommandGenerator

Dispatcher

sendPdu

AbstractService

Interface

prep

areO

utgo

ingM

essa

ge

MessageProcessing

Model


Security Subsystem PrimitivesgenerateRequestMessage

Generate a “message” containing an outgoing SNMP request or notification PDUReturns to the MPS a message (with possibly authentication and encryption) and associated security parameters

processIncomingMessageProvide security function for incoming messagesReturn success or failure indicating the result of the security checkIf successful, a PDU is returned to the MPS

generateResponseMessageGenerate a message containing outgoing SNMP response PDU in response to incoming request or notificationReturns to the MPS a message (with some authentication and encryption applied) and associated security parameters

SNMPv3




Model (VCAM)

Command Generator

Network

send get-request message

receive get-response message

CommandGenerator Dispatcher

MessageProcessing

ModelSecurityModel

sendPdu

PduHandle

prepareOutgoingMessage

generateRequestMsg

processResponsePdu

prepareDataElemetsprocessIncomingMsg

CommandGenerator

DispatcherMessage

ProcessingModel

SecurityModel

Command Generator:1)-Examine parameters

from the received PDU and match/compare them with a cached copy (security model/level/name, contextName, etc.). If not math, message is discarded

2)-Check the received PDU (check request-id, etc.)

3)- if all OK, then take action

Command Responder

Network

receive get-request message

send get-response message

CommandResponder

Dispatcher

MessageProcessing

ModelSecurityModel

processPdu

processIncomingMsg

prepareDataElements

Figure 7.6 Command Responder Application

returnResponsePdu

prepareResponseMsg

generateResponseMsg

DispatcherMessage

ProcessingModel

SecurityModel

registerContextEngineID

Command Responder:1)-examines content of

request PDU. Check whether object has already registered with the responder

2)- isAccessAllowed is invoked (to determine whether object can be accessed by the principal making the request) check the security level

3)- if access permitted, prepare a response.

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

MESSAGEPROCESSINGSUBSYSTEM

SECURITYSUBSYSTEM DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters

transportDomaintransportAddress

messageProcessingModel

securityModelsecurityName

securityLevel

contextEngineIDcontextName

pduVersion

PDU

expectResponse

maxSizeResponseScopedPDU

stateReferencestatusInformation

sendPduHandle

destTransportDomaindestTransportAddress

outgoingMessageoutgoingMessageLength

wholeMsgwholeMsgLength

pduType

viewTypevariableName

globalDatamaxMessageSize

securityEngineID

scopedPDU

securityParameterssecurityStateReference

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


sendPdu

APPLICATIONS

Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareOutgoingMessage

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


generateRequestMsg


Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


send and receive

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareDataElements

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processIncomingMsg


Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processPdu

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


isAccessAllowed

APPLICATIONS

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


returnResponsePdu

APPLICATIONS

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareResponseMessage

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


generateResponseMsg


Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


send and receive

DISPATCHER

Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareDataElements

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processIncomingMsg


Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processResponsePdu

DISPATCHER

SNMPv3




Model (VCAM)

Message Format

VersionGlobal/Header

Data

SecurityParameters

Plaintext / EncryptedscopedPDU Data

MessageID

MessageMax. Size

MessageFlag

MessageSecurityModel

Header Data

ContextEngine ID

ContextName

Data

scopedPDU

AuthoritativeEngine ID

AuthoritativeEngine Boots

AuthoritativeEngine Time

User Name

AuthenticationParameters

PrivacyParameters

Security Parameters

Whole Message

1 SNMPv12 SNMPv23 SNMPv3

reportableFlagprivFlagauthFlag

Time synch. between entities to avoid message replay and achieve timeliness

Message FormatField Object name Description

Version msgVersion SNMP version number of the message format

Message ID msgID Administrative ID associated with the message

Message Max. Size msgMaxSize Maximum size supported by the sender

Message flags msgFlags Bit fields identifying report, authentication, and privacy of the

message

Message Security Model

msgSecurityModel Security model used for the message; concurrent multiple models allowed

Security Parameters (See Table 7.8)

msgSecurityParameters Security parameters used for communication between sending and

receiving security modules

Plaintext/Encrypted scopedPDU Data

scopedPduData Choice of plaintext or encrypted scopedPDU; scopedPDU uniquely

identifies context and PDU

Context Engine ID contextEngineID Unique ID of a context (managed entity) with a context name realized by

an SNMP entity

Context Name contextName Name of the context (managed entity)

PDU data Contains unencrypted PDU

SNMPv3




Model (VCAM)

Security Model Goals

Verification that each received SNMP message has not been modified during its transmission through the network

oData Integrity (Authentication)

Verification of the identity of the user on whose behalf a received SNMP message claims to have been generated.

oAuthentication

Detection of received SNMP messages, which request or contain management information, whose time of generation was not recent

oMessage redirection/re-ordering/delay/replay

Ensure that the contents of each received SNMP message are protected from disclosure

oData encryption/decryption

Security Model

The Security model authenticates and forwards incoming and outgoing messages to the MPM

3 different modulesoAuthentication moduleoPrivacy moduleoTimeliness module

Security Subsystem

MessageProcessing

Model

AuthenticationModule

PrivacyModule

TimelinessModule

Data Integrity

Data Origin Authentication

Data Confidentiality

Message Timeliness &Limited Replay Protection

Authentication Module

Data integrityomessage authentication at sender and validation at receiveroEnsure that a message is not modified by an unauthorized intruderoAuthentication protocols: HMAC-MD5-96 / HMAC-SHA-96

Data origin authenticationoCheck the identity of a user on whose behalf a message is sentoAppend to the message a unique Identifier associated with authoritativeauthoritative SNMP engine

Security Subsystem

MessageProcessing

Model


PrivacyModule

TimelinessModule

Data Integrity




Privacy Module

Data confidentiality ensures that data is not made available to unauthorized users or entities

Encryption is applied at the sender and decryption at receiver (CBC-DES)

Security Subsystem

MessageProcessing

Model


PrivacyModule

TimelinessModule

Data Integrity




Timeliness Module

Prevent message redirection, delay and replay

Configure a receiver window for accepting message (e.g., 150 s for SNMPv3)

Three objects: snmpEngineIP, snmpEngineBoots, snmpEngineTime

Security Subsystem

MessageProcessing

Model


PrivacyModule

TimelinessModule

Data Integrity




Authoritative vs. non-authoritative engine

Responsibility of Authoritative engine

o Unique SNMP engine IDo Time-stamp (a clock maintained by the authoritative engine)

Non-authoritative engine should keep a table of the time-stamp and authoritative engine ID

oSynchronize its clock with regard to that of the authoritative engine

Non-Authoritative Engine(NMS)

Non-Authoritative Engine(NMS)

Authoritative Engine(Agent)

Authoritative Engine(Agent)

User-based Security Model (USM)

USM primitives across abstract service interfaces

o Authentication service primitiveso authenticateOutgoingMsgo authenticateIncomingMsg

o Privacy Serviceso encryptData // outgoing PDUo decryptData // incoming PDU


Security Subsystem

PrivacyModule

scopedPDU

Encryption keyUser-based

SecurityModel

EncryptedscopedPDU

Privacyparameters


Whole Message

Authentication key

AuthenticatedWhole Message

Privacy and Authentication Service for Outgoing Message

MessageProcessing

Model

MPM Information

Header data

Security data

scopedPDU

(Authenticated/encrypted)whole message

Whole message length

Security Parameters


Security Subsystem

PrivacyModule

scopedPDU

Encryption keyUser-based

SecurityModel

EncryptedscopedPDU

Privacyparameters


Whole Message

Authentication key


MessageProcessing

Model

MPM Information

Header data

Security data

scopedPDU

(Authenticated/encrypted)whole message

Whole message length

Security Parameters

USM invokes privacy module w/ encryption key and scopedPDU

Privacy module returns privacy parameters and encrypted scopedPDU

USM then invokes the authentication module w/authentication key and whole message and receives authenticated whole message


Processing secure incoming message reverse of secure outgoing message Authentication validation done first by the authentication module Decryption of the message done then by the privacy module

Security Subsystem

User-basedSecurityModel

MessageProcessing

Model

MPM Information

Header data

Security parameters

whole message

(Decrypted) scopedPDU PrivacyModule

Decrypt key

DecryptedscopedPDU

Privacyparameters


Whole Message(as received from network)

Authentication key


Authenticationparameters

Encrypted PDU


Security Parameters and Corresponding MIB Objects

Security Parameters USM User Group Objects msgAuthoritativeEngineID snmpEngineID (under snmpEngine Group) msgAuthoritativeEngineBoots snmpEngineBoots (under snmpEngine

Group) msgAuthoritativeEngineTime snmpEngineTime (under snmpEngine Group) msgUserName usmUserName (in usmUserTable) msgAuthenticationParameters usmUserAuthProtocol (in usmUserTable) msgPrivacyParameters usmUserPrivProtocol (in usmUserTable)

msgUserName: user or a principal on whose behalf the message is being exchanged msgAuthenticationParameters: defined by authentication protocol msgPrivacyParameters: type of privacy protocol used

SNMPv3-Next!

Background and security threats SNMPv3 Architecture SNMPv3 Applications Message Format User-based Security Model (USM)

USM Timeliness Mechanism Cryptographic Functions USM Message Processing Discovery Key Management

View-based Access Control Model (VCAM)

USM Timeliness Mechanism

Management of authoritative clocksAll authoritative engines must maintain two objects:

o snmpEngineBootso snmpEngineTime

Initially, both are set to 0snmpEngineTime is incremented once per secondsnmpEngineBoots is incremented if the system has rebooted or if snmpEngineTime reaches its maximum value (231 -1)

o if an authoritative engine does not know its latest snmpEngineBoots snmpEngineBoots = 231 -1 o variable latched at its maximum needs to be manually reconfigured and new snmpEngineID is assigned

USM Timeliness MechanismSynchronization

A non-authoritative engine must remain loosely synchronized with each authoritative engine with which it communicates

A non-authoritative engine keeps a local copy of 3 variables for each authoritative engine:

o snmpEngineBoots: o Most recent value from authoritative engine

o snmpEngineTime: o Synchronized to the authoritative engine. Between synch events, it is incremented once per second to maintain loose synch

o latestReceivedEngineTime:o Highest value of msgAuthoritativeEngineTime.

oIt protects against a replay message attacko These values are stored in a cache indexed by snmpEngineID

USM Timeliness MechanismSynchronization (cont’d)

If message is authentic non auth. updates its local variables according to this rule:(msgAuthoritativeEngineBoots > snmpEngineBoots) OR

[(msgAuthoritativeEngineBoots = snmpEngineBoots) AND

(msgAuthoritativeEngineTime > latestReceivedEngineTime)]

authoritative non-authoritative

msgAuthoritativeEngineBoots, msgAthoritativeEngineTime,msgAthoritativeEngineID

If two messages arrive out of order or a replay attack is underway!

USM Timeliness MechanismSynchronization (cont’d)

If an update is called for, thensnmpEngineBoots := msgAuthoritativeEngineBoots

snmpEngineTime := msgAuthoritativeEngineTime

latestReceivedEngineTime := msgAuthoritativeEngineTime

If (msgAuthoritativeEngineBoots < snmpEngineBoots) then no update occurs [Message not authentic to be discarded]

If [(msgAuthoritativeEngineBoots = snmpEngineBoots) AND(msgAuthoritativeEngineTime < latestReceivedEngineTime)] then no update occurs [Message may be authentic but may be misordered Update of snmpEngineTime is not warranted]

USM Timeliness MechanismTimeliness checking by authoritative receiver

Ensure that messages are received within a reasonable time window (avoid delays and replays)

Too small time window authentic messages may be considered as unauthenticToo large increase vulnerability for attacks

Incoming message is considered outside the time window if the following is true :

snmpEngineBoots = (231 -1) OR

msgAuthoritativeEngineBoots snmpEngineBoots ORThe value of msgAuthoritativeEngineTime differs from that of snmpEngineTime by more than ± 150 seconds.

message is considered not authentic (discarded and error message returned)

USM Timeliness MechanismTimeliness checking by non-authoritative receiver

Incoming message is considered outside the time window if the following is true:

snmpEngineBoots = (231 -1) OR

msgAuthoritativeEngineBoots < snmpEngineBoots OR

[(msgAuthoritativeEngineBoots = snmpEngineBoots) AND msgAuthoritativeEngineTime < snmpEngineTime – 150]

Cryptographic Functions-Authentication

2 functions defined by USM authentication: authKey encryption: privKey authKey and privKey are derived from the password and are not accessible via SNMP

1- Authentication Two authentication protocols

o HMAC-MD5-96 (Message Digest)o HMAC-SHA1-96 (Secure Hash Algorithm)

HMAC: message authentication code generation from authKey

A 96-bit MAC code generated and inserted in msgAuthenticationParameters field of the message

MD-5 (16-octet) and SHA1 (20-octet) are the underlying hash functions


Procedure:

1. Derive extendedAuthKey: Supplement authKey with 0s to get 64-byte string

2. Define ipad, opad, K1, and K2: ipad = 0x36 (00110110) repeated 64 times opad = 0x5c (01011100) repeated 64 times K1 = extendedAuthKey XOR ipad K2 = extendedAuthKey XOR opad

3. Derive HMAC by hashing algorithm used HMAC = H (K2, H (K1, wholeMsg))

Depending on whether MD-5 or SHA-1 is used, the algorithm produces a 16 (MD-5) or 20 (SHA-1)-octet length output which is truncated to produce a 12-octet MAC


HASH FUNCTION

DATAKEY

MAC

ADD THE MESSAGE AUTHENTICATION CODE (MAC) TO THE DATAAND SEND THE RESULT

To authenticate

HASH FUNCTION

KEY

MAC

DATAUSER MAC

DATA

HASH FUNCTION

KEY

MAC

DATAUSER MAC

DATA

=?

sender receiver

Cryptographic Functions-Encryption

2- Encryption and decryption of scoped PDU(context engine ID, context name, and PDU)

CBC - DES (Cipher Block Chaining - Data Encryption Standard) symmetric protocol

o 16 octet privKey (derived from password, similar to authKey ) is used as input to encryption protocolo First 8 octets of privKey are used as DES key (only 56 bits LSB of each octet is ignored)


CBC ModeoLast 8-octet of privKey used as pre-initialization vector (pre-IV)oGenerate salt value (8 octets): <snmpEgineBoots || local value>

Initialization vector: IV = salt XOR pre-IV

oTransmit salt in msgPrivacyParameters so that receiver can recover the IV

Local value: 4-octet integer, implementation dependent, modified after each use.


k

IV

P1

C1

k

P2

C2

k

Pn

Cn

DES Encrypt

DES Encrypt

DES Encrypt

Cn-1

Data is divided into blocks of 64 bits each.K is shared between sender and receiver

Encryption


k

IV

P1

C1

k

P2

C2

k

Pn

Cn

DES Decrypt

DES Decrypt

DES Decrypt

Cn-1

IV at the receiver is generated from the salt that is transmitted in the message

Decryption

USM Message Processing

Retrieve user information

Privacy Required?

msgPrivacyParamters NULL

Authent.Required?

msgAuthent.Paramters NULL

Encrypt scopedPDUset msgPrivacyParamters

YES

NO

Compute MACset msgAuthent.Paramters

YES

Message Transmission

Security name of principalAuth. snmpEngineIDDetermine security level …

NO

USM Message Processing

Retrieve msgparameters

Authent.Required?

PrivacyRequired?

Encrypt scopedPDUset msgPrivacyParamters

YES

NO

YES

Message reception

Compute MACmsgAuthent.Paramters

Determine if msg is within time window

Decrypt scopedPDU

NO

security level Security modelSecurity name….

Time synch.Timeliness check

DiscoveryThe non-authoritative engine sends a Request message:

securityLevel = noAuthnoPrivmsgUserName = “initial”msgAuthoritativeEngineID = nullvarBindList = null

The authoritative engine respond with:msgAuthoritativeEngineID = snmpEngineID (its own)

If authenticated communication is requiredo The non-authoritative engine establishes time synchronization with the authoritative engineo Authoritative engine sends an Report message with its current values:

msgAuthoritativeEngineBoots = snmpEngineBoots msgAuthoritativeEngineTime = snmpEngineTime

Key Management

Authentication and privacy keys are requiredA principal (i.e., NMS) should deploy or use only one auth. key and one priv. key.Keys are stored for the user’s password

Password: human readable, not easy guessed

Keys are not accessible via SNMP and are not stored in the MIB

Password to key generation1)- Repeat the psswd to generate 220 bytes digest0

2)- digest1 = Hash (digest0)

digest1 is 16-octet (MD-5) or 20-octet (SHA-1) authKey is digest1

NOTE :: A single password can be used (authKey and privKey are the same) or 2 passwords for 2 different keys

Key Localization

A localized key is a secret key shared between a user and one authoritative SNMP Engine

Hence, a user can communicate with many agents but maintains only one key (i.e., only one password)

User 1

User 2

(authKey1_1, privKey1_1)


Agent 1

User 1

User 4



Agent 2

If compromised, other keys are not!If this agent compromised, only its keys are compromised. Other agents are safe.

Generating localized Keys

password Take Hashof expanded

password string

Take Hashof user key and

Remote Engine ID


Remote Engine ID


Remote Engine ID

User Key

(digest1)

Localized

Keydigest2

Localized

key

Localized

key

Localized keys are initially configured in a secure way (could be manual!)

Key UpdateTo enhance security, Keys are to be updated from time to time:

keyOld keyNewRequestor:1)- Generate random2)- Compute: digest = Hash ( keyOld || random )3)- delta = digest XOR keyNew4)- protocolKeyChange = ( random || delta)Send a message setRequest ( protocolKeyChange )Receiver:1)- compute digest = Hash( keyOld || random)2)- compute keyNew = digest XOR delta NOTE: digest XOR delta = digest XOR (digest XOR keyNew) = keyNew

Since an attacker does not know keyOld, the update of the key is safe

Access Control Agent can validate sending sources and their access privilege for command requests.Step following AuthenticationMaintain a local database contains access rights and policies

MIB VIEW Allowed Operations

Allowed managers Required Level of Security

Interface Table

SET John Authentication, Encryption

Interface Table

GET/GETNEXT John, Paul Authentication

Systems Group

GET/GETNEXT Georges None

Access Control

(read, write, or send notification)

snmpv3 * * mani subramanian “network management: principles and practice”, addison-wesley, 2000

Documents

snmpv3 slide

snmp architecture

snmp engines management

snmp simple

agents management entity

snmp capabi

security work

snmpv3 background