1 SNMPv3 by Behzad Akbari Fall 2011 In the Name of the Most High These slides are based in parts...

1

SNMPv3

by

Behzad Akbari

Fall 2011

In the Name of the Most High

These slides are based in parts upon slides of Prof. Dssouli (Concordia university)

2

Key Features of SNMPv3

Modularization of documentation and architecture Enables the use of SNMPv1 and SNMPv2 with the newly

developed SNMPv3.

SNMP engine defined – A model for the processing of SNMP messages.

New Security features – Secure information to prevent tampering of data – Access control to determine proper access to MIB.

3

Documentation

SNMP Architecture

Distributed, interacting collection of SNMP entities SNMP entity implements a portion of the SNMP capability:

It acts either as an agent or manager or both A collection of modules interacting with each other to provide services

OTHERNOTIFICATIONORIGINATOR

COMMANDRESPONDER

COMMANDGENERATOR

NOTIFICATIONRECEIVER

PROXYFORWARDER

SNMP APPLICATIONS

SNMP ENGINE

MESSAGE PROCESSING

SUBSYSTEMDISPATCHERSECURITY

SUBSYSTEMACCESS CONTROL

SUBSYSTEM

SNMP ENTITY

OTHER

SNMP Architecture

Advantages:

The role of SNMP entity is determined by the modules implemented in that entityo Certain set of modules are required for agent, while

a different set is required for a manager

Security subsystem provides services such as authentication and privacy of messageso Multiple security models can coexist

Set of authorization services an application can use for checking access rightso Access Control

SNMP Architecture-Manager

NOTIFICATIONRECEIVER

COMMANDGENERATOR

PDUDISPATCHER

USER BASEDSECURITY MODEL

OTHERSECURITY MODEL

SECURITY SUBSYSTEM

SNMPv1

SNMPv2C

SNMPv3

OTHER

MESSAGE PROCESSINGSUBSYSTEM

MESSAGEDISPATCHER

TRANSPORTMAPPINGS

NOTIFICATIONORIGINATOR

SECURITY MODELCOMMUNITY BASED

SNMPv3 Architecture-Manager Command Generator Application

o Monitor and manipulate management data at remote agentso Make use of SNMPv1,v2 PDUs: Get, GetNext, GetBulk, etc.

Notification Originator Application Initiates messages, such as InformRequest PDU

Notification Receiver Applicationo Receive messages from other managers or agentso InformRequest, SNMPv1- and SNMPv2-Traps, etc…

These applications make use of the services provided by the SNMP engine:o Get Outgoing PDUs, process them and generates SNMP

messages for transmission over the transport layero Accept incoming SNMP messages, process them, and extracts

PDUs and passes them to appropriate SNMP application

SNMPv3 Architecture-Manager

One dispatcher in an SNMP engineo Accepts PDUs from applicationso Handles multiple version messages (SNMPv1, v2, v3)o Interfaces with application modules, network, and message processing

models Three components for three functions

Transport mapper delivers messages over the transport protocol Routes messages between network and appropriate module of

MPS PDU dispatcher handles messages between application and MPS

SNMP Engine (identified by snmpEngineID)

DispatcherMessage

ProcessingSubsystem

SecuritySubsystem


Accepts outgoing PDUs from Dispatcher, attach appropriate header, and return message to Dispatcher

Accepts incoming messages, process each message header, and return the enclosed PDU to the Dispatcher

Contains one or more Message Processing Models, each for each SNMP version

SNMP version identified in the header


MessageProcessingSubsystem

SecuritySubsystem

Dispatcher


Security subsystems perform authentication and encryption functions for each outgoing/incoming message

Outgoing PDUs may be encrypted and authentication codes generated and appended to the message headero The message is then returned to the MPS

Incoming messages are passed to the security subsystemo Message decryption o Messages authenticated


SecuritySubsystem

DispatcherMessage

ProcessingSubsystem

SNMPv3 Architecture-Agent

PDUDISPATCHER

SNMPv1

SNMPv2C

SNMPv3

OTHER

MESSAGE PROCESSINGSUBSYSTEM

MESSAGEDISPATCHER

TRANSPORTMAPPINGS

MANAGEMENT INFORMATION BASE

VIEW BASEDACCESS CONTROL

ACCESS CONTROL SUBSYSTEM

NOTIFICATIONORIGINATOR

COMMANDRESPONDER

USER BASEDSECURITY MODEL

OTHERSECURITY MODEL

SECURITY SUBSYSTEM

Proxy ForwarderApplications

COMMUNITY BASEDSECURITY MODEL

SNMPv3 Architecture-Agent

Command Responder Applicationo Provides access to management datao Responds to incoming requests by retrieving and/or setting

managed objects and issuing Response PDU

Notification Originator Applicationo e.g., SNMPv1, v2 Trap PDU

Proxy Forwarder Application o Forwards messages between entities

Access Control Subsystemo Provides authorization services to “control access” to the MIB

for reading and setting management objectso Who can accesso What can be accessed

Terminology

SNMP Engine ID snmpEngineID -- associated with each SNMP entity

Principal principal -- person or group or application requesting services

Security Name securityName -- human readable name

Context Engine ID contextEngineID -- each entity has a unique context ID (identical to snmpEngineID)

Context Name contextName --a context associated with a managed object (for access control)

An SNMP agent can monitor more than one network element (context)

Example: SNMP Engine ID IP address

Principal John Smith Security Name Administrator

snmpEngineID

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=4

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=2

O TH ER

SNMP ENGINE

SNMP ENTITY

snmpEngineID=3

OT HE R

SNMP ENGINE

SNMP ENTITY

snmpEngineID=1

Abstract Service Interfaces

Abstract service interface is a conceptual interface between modules, independent of implementation

Defines a set of primitives o A primitive specifies the function to be performed (e.g.,

procedural call)

Primitives associated with receiving entitieso An interface defined using primitive and parameters is referred

to as “abstract service interface”

e.g., Dispatcher primitives:o Handle messages to and from applicationso registering and un-registering of application moduleso transmitting to and receiving messages from network

IN and OUT parameters

Status information / result

Dispatcher Primitives

sendPdu

Used by a command generator to send SNMP request or notification PDU to another SNMP entity

When successfully preparing the message by the Dispatcher: a sendPduHandle (unique identifier) is returned (to track any response, if

any is expected)

The application also provides transport domain/address for the PDU as well as message processing model, security model, principal, level of security, the context for this PDU, and the PDU itself

CommandGenerator

Dispatcher

AbstractService

Interface

sendPdu

AbstractService

Interface

prep

areO

utgo

ingM

essa

ge

MessageProcessing

Model

sendPduHandle/Error Indication


processResponsePdu Used by Dispatcher to pass an incoming response PDU to

an application The application checks whether it is matched with a

preceding request or notification PDU by checking the sendPduHandle: Success or failure

CommandGenerator

Dispatcher

sendPdu

AbstractService

Interface

prep

areO

utgo

ingM

essa

ge

MessageProcessing

Model

sendPduHandle/errorIndication

processResponsePdu


processPdu Used by Dispatcher to pass an incoming request or

notification PDU to an application (command responder) Security related information is required to generate a matching

response message The security subsystem (access control) will check whether access

is allowed and a response will be generated accordingly

returnResponsePdu Used by command responder to return an SNMP response in

response to an incoming request or notification

CommandResponder

Dispatcher

returnResponsePdu

AbstractService

Interface

prep

areR

espo

nseM

essa

ge

MessageProcessing

ModelprocessPdu

Message Processing Subsystem Primitives

prepareOutgoingMessage Prepare a message for an outgoing SNMP request or notification

PDU The IN parameter is a PDU and OUT parameter is the message Success or failure is returned

CommandGenerator

Dispatcher

sendPdu

AbstractService

Interface

prep

areO

utgo

ingM

essa

ge

MessageProcessing

Model

sendPduHandle/errorIndication

Message Processing Subsystem Primitives

prepareResponseMessage Request the preparation of a message containing an

outgoing SNMP response PDU, in response to an incoming request or notification PDU

CommandResponder

Dispatcher

returnResponsePdu

AbstractService

Interface

prep

areR

espo

nseM

essa

ge

MessageProcessing

ModelprocessPdu

Security Subsystem Primitives

generateRequestMessage Generate a “message” containing an outgoing SNMP request or

notification PDU Returns to the MPS a message (with possibly authentication and

encryption) and associated security parameters

processIncomingMessage Provide security function for incoming messages Return success or failure indicating the result of the security check If successful, a PDU is returned to the MPS

generateResponseMessage Generate a message containing outgoing SNMP response PDU in

response to incoming request or notification Returns to the MPS a message (with some authentication and encryption

applied) and associated security parameters

22

Applications

Application(s)

CommandGenerator

NotificationReceiver

ProxyForwarderSubsystem

CommandResponder

NotificationOriginator

Other

Application Example • Command generator get-request• Command responder get-response• Notification originator trap generation• Notification receiver trap processing• Proxy Forwarder get-bulk to get-next (SNMP versions only)• Other Special application

Command Generator

Network

send get-request message

receive get-response message

CommandGenerator Dispatcher

MessageProcessing

ModelSecurityModel

sendPdu

PduHandle

prepareOutgoingMessage

generateRequestMsg

processResponsePdu

prepareDataElemetsprocessIncomingMsg

CommandGenerator

DispatcherMessage

ProcessingModel

SecurityModel

Command Generator:

1)-Examine parameters from the received PDU and match/compare them with a cached copy (security model/level/name, contextName, etc.). If no match, message is discarded

2)-Check the received PDU (check request-id, etc.)

3)- if all OK, then take action

Command Responder

Network

receive get-request message

send get-response message

CommandResponder

Dispatcher

MessageProcessing

ModelSecurityModel

processPdu

processIncomingMsg

prepareDataElements

Figure 7.6 Command Responder Application

returnResponsePdu

prepareResponseMsg

generateResponseMsg

DispatcherMessage

ProcessingModel

SecurityModel

registerContextEngineID

Command Responder:

1)-examines content of request PDU. Check whether object has already registered with the responder

2)- isAccessAllowed primitive is invoked (to determine whether object can be accessed by the principal making the request)

check the security level

3)- if access permitted, prepare a response.

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

MESSAGEPROCESSINGSUBSYSTEM

SECURITYSUBSYSTEM DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters

transportDomaintransportAddress

messageProcessingModel

securityModelsecurityName

securityLevel

contextEngineIDcontextName

pduVersion

PDU

expectResponse

maxSizeResponseScopedPDU

stateReferencestatusInformation

sendPduHandle

destTransportDomaindestTransportAddress

outgoingMessageoutgoingMessageLength

wholeMsgwholeMsgLength

pduType

viewTypevariableName

globalDatamaxMessageSize

securityEngineID

scopedPDU

securityParameterssecurityStateReference

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


sendPdu

APPLICATIONS

Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareOutgoingMessage

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


generateRequestMsg


Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


send and receive

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareDataElements

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processIncomingMsg


Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processPdu

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


isAccessAllowed

APPLICATIONS

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


returnResponsePdu

APPLICATIONS

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareResponseMessage

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS

SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


generateResponseMsg


Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


send and receive

DISPATCHER

Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


prepareDataElements

DISPATCHER

Scenario Diagrams

DISPATCHER

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processIncomingMsg


Scenario Diagrams

ACCESSCONTROL

SUBSYSTEM

APPLICATIONS



ACCESSCONTROL

SUBSYSTEM

APPLICATIONS


SECURITYSUBSYSTEM

Parameters




securityLevel


pduVersion

PDU

expectResponse



sendPduHandle




pduType



securityEngineID

scopedPDU


processResponsePdu

DISPATCHER

Message Format

VersionGlobal/Header

Data

SecurityParameters

Plaintext / EncryptedscopedPDU Data

MessageID

MessageMax. Size

MessageFlag

MessageSecurityModel

Header Data

ContextEngine ID

ContextName

Data

scopedPDU

AuthoritativeEngine ID

AuthoritativeEngine Boots

AuthoritativeEngine Time

User Name

AuthenticationParameters

PrivacyParameters

Security Parameters

Whole Message

1 SNMPv12 SNMPv23 SNMPv3

reportableFlagprivFlagauthFlag

Time synch. between entities to avoid message replay and achieve timeliness

Message FormatField Object name Description

Version msgVersion SNMP version number of the message format

Message ID msgID Administrative ID associated with the message

Message Max. Size msgMaxSize Maximum size supported by the sender

Message flags msgFlags Bit fields identifying report, authentication, and privacy of the

message

Message Security Model

msgSecurityModel Security model used for the message; concurrent multiple models allowed

Security Parameters (See Table 7.8)

msgSecurityParameters Security parameters used for communication between sending and

receiving security modules

Plaintext/Encrypted scopedPDU Data

scopedPduData Choice of plaintext or encrypted scopedPDU; scopedPDU uniquely

identifies context and PDU

Context Engine ID contextEngineID Unique ID of a context (managed entity) with a context name realized by

an SNMP entity

Context Name contextName Name of the context (managed entity)

PDU data Contains unencrypted PDU

43See p. 304

Security Threats

Modification of Information an entity may alter in-transit SNMP

messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object

Masquerade management operations not

authorized for some entity may be attempted by assuming the identity of another entity that has the appropriate authorizations

ManagementEntity A

ManagementEntity B

Modification of informationMasquerade

Message stream modification

Disclosure

Security Threats

Message Stream Modification SNMP is typically based upon a

connectionless transport service. Messages may be maliciously re-ordered, delayed or replayed, in order to effect unauthorized management operations. o For example, a message to reboot

a system could be copied and replayed later

Disclosure Eavesdropping or intercepting on

the exchanges between SNMP engines

ManagementEntity A

ManagementEntity B



Disclosure

Security Threats

SNMPv3 is not intended to secure against these two threats:

Denial of Service: An attacker may prevent

exchanges between manager and agent DOS are indistinguishable from

network element failures DOS may disrupt all services (not

just those pertaining to NM)

Traffic Analysis: An attacker may observe the

general pattern of traffic between managers and agents

ManagementEntity A

ManagementEntity B



Disclosure

Security Model Goals

o Data Integrity (Authentication)

o Authentication

o Message redirection/re-ordering/delay/replay

o Data encryption/decryption

Security Model

The Security model authenticates and forwards incoming and outgoing messages to the MPM

3 different moduleso Authentication moduleo Privacy moduleo Timeliness module

Security Subsystem

MessageProcessing

Model

AuthenticationModule

PrivacyModule

TimelinessModule

Data Integrity

Data Origin Authentication

Data Confidentiality

Message Timeliness &Limited Replay Protection

Authentication Module

Data integrityo message authentication at sender and validation at receivero Ensure that a message is not modified by an unauthorized intrudero Authentication protocols: HMAC-MD5-96 / HMAC-SHA-96

Data origin authenticationo Check the identity of a user on whose behalf a message is sento Append to the message a unique Identifier associated with

authoritativeauthoritative SNMP engine

Security Subsystem

MessageProcessing

Model


PrivacyModule

TimelinessModule

Data Integrity




Privacy Module

Data confidentiality ensures that data is not made available to unauthorized users or entities

Encryption is applied at the sender and decryption at receiver (CBC-DES)

Security Subsystem

MessageProcessing

Model


PrivacyModule

TimelinessModule

Data Integrity




Timeliness Module

Prevent message redirection, delay and replay

Configure a receiver window for accepting message (e.g., 150 s for SNMPv3)

Three objects: snmpEngineIP, snmpEngineBoots, snmpEngineTime

Security Subsystem

MessageProcessing

Model


PrivacyModule

TimelinessModule

Data Integrity




Authoritative vs. non-authoritative engine

Responsibility of Authoritative engineo Unique SNMP engine IDo Time-stamp (a clock maintained

by the authoritative engine)

Non-authoritative engine should keep a table of the time-stamp and authoritative engine IDo Synchronize its clock with regard

to that of the authoritative engine

Non-Authoritative Engine(NMS)

Non-Authoritative Engine(NMS)

Authoritative Engine(Agent)

Authoritative Engine(Agent)

User-based Security Model (USM) USM primitives across abstract service

interfaceso Authentication service primitives

o authenticateOutgoingMsgo authenticateIncomingMsg

o Privacy Serviceso encryptData // outgoing PDUo decryptData // incoming PDU

User-based Security Model (USM)

Security Subsystem

PrivacyModule

scopedPDU

Encryption keyUser-based

SecurityModel

EncryptedscopedPDU

Privacyparameters


Whole Message

Authentication key

AuthenticatedWhole Message

Privacy and Authentication Service for Outgoing Message

MessageProcessing

Model

MPM Information

Header data

Security data

scopedPDU

(Authenticated/encrypted)whole message

Whole message length

Security Parameters


USM invokes privacy module w/ encryption key and scopedPDU

Privacy module returns privacy parameters and encrypted scopedPDU

USM then invokes the authentication module w/authentication key and whole message and receives authenticated whole message

Security Subsystem

PrivacyModule

scopedPDU

Encryption keyUser-based

SecurityModel

EncryptedscopedPDU

Privacyparameters


Whole Message

Authentication key


MessageProcessing

Model

MPM Information

Header data

Security data

scopedPDU

(Authenticated/encrypted)whole message

Whole message length

Security Parameters


Processing secure incoming message reverse of secure outgoing message Authentication validation done first by the authentication module Decryption of the message done then by the privacy module

Security Subsystem

User-basedSecurityModel

MessageProcessing

Model

MPM Information

Header data

Security parameters

whole message

(Decrypted) scopedPDU PrivacyModule

Decrypt key

DecryptedscopedPDU

Privacyparameters


Whole Message(as received from network)

Authentication key


Authenticationparameters

Encrypted PDU


msgUserName: user or a principal on whose behalf the message is being exchanged

msgAuthenticationParameters: defined by authentication protocol

msgPrivacyParameters: type of privacy protocol used

Security Parameters and Corresponding MIB Objects

Security Parameters USM User Group Objects msgAuthoritativeEngineID snmpEngineID (under snmpEngine Group) msgAuthoritativeEngineBoots snmpEngineBoots (under snmpEngine

Group) msgAuthoritativeEngineTime snmpEngineTime (under snmpEngine Group) msgUserName usmUserName (in usmUserTable) msgAuthenticationParameters usmUserAuthProtocol (in usmUserTable) msgPrivacyParameters usmUserPrivProtocol (in usmUserTable)

SNMPv3-Next!

Background and security threats SNMPv3 Architecture SNMPv3 Applications Message Format User-based Security Model (USM)

USM Timeliness Mechanism Cryptographic Functions USM Message Processing Discovery Key Management

USM Timeliness MechanismManagement of authoritative clocks

All authoritative engines must maintain two objects:o snmpEngineBootso snmpEngineTime

Initially, both are set to 0 snmpEngineTime is incremented once per second snmpEngineBoots is incremented if the system has

rebooted or if snmpEngineTime reaches its maximum value (231 -1)

USM Timeliness MechanismSynchronization

A non-authoritative engine must remain loosely synchronized with each authoritative engine with which it communicates

A non-authoritative engine keeps a local copy of 3 variables for each authoritative engine:o snmpEngineBoots:

o Most recent value of snmpEngineBoots for the remote authoritative engine

o snmpEngineTime: o Synchronized to the authoritative engine. Between synch

events, it is incremented once per second to maintain loose synch

o latestReceivedEngineTime:o Highest value of msgAuthoritativeEngineTime.

o It protects against a replay message attacko These values are stored in a cache indexed by

snmpEngineID

USM Timeliness MechanismSynchronization (cont’d)

If message is authentic non auth. updates its local variables according to this rule:

(msgAuthoritativeEngineBoots > snmpEngineBoots) OR

[(msgAuthoritativeEngineBoots = snmpEngineBoots) AND

(msgAuthoritativeEngineTime > latestReceivedEngineTime)]

authoritative non-authoritative

msgAuthoritativeEngineBoots, msgAthoritativeEngineTime,msgAthoritativeEngineID

If two messages arrive out of order or a replay attack is underway!

USM Timeliness MechanismSynchronization (cont’d)

If an update is called for, thensnmpEngineBoots := msgAuthoritativeEngineBoots

snmpEngineTime := msgAuthoritativeEngineTime

latestReceivedEngineTime := msgAuthoritativeEngineTime

If (msgAuthoritativeEngineBoots < snmpEngineBoots) then no update occurs [Message not authentic to be discarded]

If [(msgAuthoritativeEngineBoots = snmpEngineBoots) AND

(msgAuthoritativeEngineTime < latestReceivedEngineTime)] then no update occurs [Message may be authentic but may be misordered Update of snmpEngineTime is not warranted]

USM Timeliness MechanismTimeliness checking by authoritative receiver

Ensure that messages are received within a reasonable time window (avoid delays and replays) Too small time window authentic messages may be considered

as unauthentic Too large increase vulnerability for attacks

Incoming message is considered outside the time window if the following is true :snmpEngineBoots = (231 -1) OR

msgAuthoritativeEngineBoots snmpEngineBoots ORThe value of msgAuthoritativeEngineTime differs from that of

snmpEngineTime by more than ± 150 seconds.

message is considered not authentic (discarded and error message returned)

USM Timeliness MechanismTimeliness checking by non-authoritative receiver

Incoming message is considered outside the time window if the following is true:snmpEngineBoots = (231 -1) OR

msgAuthoritativeEngineBoots < snmpEngineBoots OR

[(msgAuthoritativeEngineBoots = snmpEngineBoots) AND msgAuthoritativeEngineTime < snmpEngineTime – 150]

NOTE:

msgAuthoritativeEngineBoots > snmpEngineBoots is allowed

Cryptographic Functions-Authentication2 functions defined by USM

authentication: authKey encryption: privKey authKey and privKey are derived from the password and are not

accessible via SNMP

1- Authentication Two authentication protocols

o HMAC-MD5-96 (Message Digest)o HMAC-SHA1-96 (Secure Hash Algorithm)

HMAC: message authentication code generation from authKey A 96-bit MAC code generated and inserted in msgAuthenticationParameters

field of the message MD-5 (16-octet) and SHA1 (20-octet) are the underlying hash functions

Cryptographic Functions-Authentication Procedure:

1. Derive extendedAuthKey: Supplement authKey with 0s to get 64-byte string

2. Define ipad, opad, K1, and K2: ipad = 0x36 (00110110) repeated 64 times opad = 0x5c (01011100) repeated 64 times K1 = extendedAuthKey XOR ipad K2 = extendedAuthKey XOR opad

3. Derive HMAC by hashing algorithm used HMAC = H (K2, H (K1, wholeMsg))

Depending on whether MD-5 or SHA-1 is used, the algorithm produces a 16 (MD-5) or 20 (SHA-1)-octet length output which is truncated to produce a 12-octet MAC

67

HMAC Structure

Cryptographic Functions-Authentication

HASH FUNCTION

DATAKEY

MAC

ADD THE MESSAGE AUTHENTICATION CODE (MAC) TO THE DATAAND SEND THE RESULT

To authenticate

HASH FUNCTION

KEY

MAC

DATAUSER MAC

DATA

HASH FUNCTION

KEY

MAC

DATAUSER MAC

DATA

=?

sender receiver

Cryptographic Functions-Encryption

2- Encryption and decryption of scoped PDU

(context engine ID, context name, and PDU)

CBC - DES (Cipher Block Chaining - Data Encryption Standard) symmetric protocolo 16 octet privKey (derived from password, similar to

authKey ) is used as input to encryption protocolo First 8 octets of privKey are used as DES key (only 56 bits

LSB of each octet is ignored)


CBC Modeo Last 8-octet of privKey used as pre-

initialization vector (pre-IV)o Generate salt value (8 octets):

<snmpEgineBoots || local value>

Initialization vector:

IV = salt XOR pre-IV

o Transmit salt in msgPrivacyParameters so that receiver can recover the IV

Local value: 4-octet integer, implementation dependent, modified after each use.


k

IV

P1

C1

k

P2

C2

k

Pn

Cn

DES Encrypt

DES Encrypt

DES Encrypt

Cn-1

Data is divided into blocks of 64 bits each.K is shared between sender and receiver

Encryption


k

IV

P1

C1

k

P2

C2

k

Pn

Cn

DES Decrypt

DES Decrypt

DES Decrypt

Cn-1

IV at the receiver is generated from the salt that is transmitted in the message

Decryption

USM Message Processing

Retrieve user information

Privacy Required?

msgPrivacyParamters NULL

Authent.Required?

msgAuthent.Paramters NULL

Encrypt scopedPDUset msgPrivacyParamters

YES

NO

Compute MACset msgAuthent.Paramters

YES

Message Transmission

Security name of principalAuth. snmpEngineIDDetermine security level …

NO

USM Message Processing

Retrieve msgparameters

Authent.Required?

PrivacyRequired?

Encrypt scopedPDUset msgPrivacyParamters

YES

NO

YES

Message reception

Compute MACmsgAuthent.Paramters

Determine if msg is within time window

Decrypt scopedPDU

NO

security level Security modelSecurity name….

Time synch.Timeliness check

Discovery

The non-authoritative engine sends a Request message:securityLevel = noAuthnoPrivmsgUserName = “initial”msgAuthoritativeEngineID = nullvarBindList = null

The authoritative engine responds with:msgAuthoritativeEngineID = snmpEngineID (its own)

If authenticated communication is requiredo The non-authoritative engine establishes time synchronization with the

authoritative engineo Authoritative engine sends an Report message with its current values:

msgAuthoritativeEngineBoots = snmpEngineBoots msgAuthoritativeEngineTime = snmpEngineTime

Key Management

Authentication and privacy keys are required

A principal (i.e., NMS) should deploy or use only one auth. key and one priv. key.

Keys are stored for the user’s password Password: human readable, not

easy guessed Keys are not accessible via

SNMP and are not stored in the MIB

Password to key generation

1)- Repeat the psswd to generate 220 bytes digest0

2)-

digest1 = Hash (digest0)

digest1 is 16-octet (MD-5) or 20-octet (SHA-1)

authKey is digest1

NOTE :: A single password can be used (authKey and privKey are the same) or 2 passwords for 2 different keys

Key Localization

A localized key is a secret key shared between a user and one authoritative SNMP Engine Hence, a user can communicate with many agents but maintains

only one key (i.e., only one password)

User 1

User 2

(authKey1_1, privKey1_1)


Agent 1

User 1

User 4



Agent 2

If compromised, other keys are not!If this agent compromised, only its keys are compromised. Other agents are safe.

Generating localized Keys

password Take Hashof expanded

password string

Take Hashof user key and

Remote Engine ID


Remote Engine ID


Remote Engine ID

User Key

(digest1)

Localized Key

digest2

Localized key

Localized key

Localized keys are initially configured in a secure way (could be manual!)

Key Update

To enhance security, Keys are to be updated from time to time: keyOld keyNew

Requestor:1)- Generate random2)- Compute: digest = Hash ( keyOld || random )3)- delta = digest XOR keyNew4)- protocolKeyChange = ( random || delta)Send a message setRequest ( protocolKeyChange )

Receiver:1)- compute digest = Hash( keyOld || random)2)- compute keyNew = digest XOR delta NOTE: digest XOR delta = digest XOR (digest XOR keyNew) = keyNew

Since an attacker does not know keyOld, the update of the key is safe

Access Control

Agent can validate sending sources and their access privilege for command requests.

Step following Authentication Maintain a local database contains access rights

and policies

MIB VIEW Allowed Operations

Allowed managers Required Level of Security

Interface Table

SET John Authentication, Encryption

Interface Table

GET/GETNEXT John, Paul Authentication

Systems Group

GET/GETNEXT Georges None

Access Control

(read, write, or send notification)

1 SNMPv3 by Behzad Akbari Fall 2011 In the Name of the Most High These slides are based in parts...

Documents

Transcript of 1 SNMPv3 by Behzad Akbari Fall 2011 In the Name of the Most High These slides are based in parts...