1 / 26

SBSM BOF Session-Based Security Model for SNMPv3

Agenda. Blue Sheets

cheche
Télécharger la présentation

SBSM BOF Session-Based Security Model for SNMPv3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. SBSM BOF Session-Based Security Model for SNMPv3 Wes Hardaker David T. Perkins November 12, 2003 (draft-hardaker-snmp-sbsm-00.txt)

    2. Agenda Blue Sheets & Minutes Wes 2.5 min Agenda Bashing Wes 2.5 min Solution Space David P. 25 min Space Discussion 25 min Current SBSM proposal Wes 25 min Proposal Discussion 25 min Charter Proposal ? 15 min

    3. SBSM Protocol Proposal Current draft: draft-hardaker-snmp-sbsm-00.txt -01 Update expected by January Creates a session between two points Meets all requirements described in David's presentation

    4. SBSM Protocol Details Works over any transport (UDP/TCP/...) Requires no modifications to other SNMPv3 components apps, MP, Dispatcher, VACM, ... Requires no new SNMP PDU types All security and parameter negotiation is application invisible

    5. SBSM Protocol Security Supports multiple types of identification Reuses existing infrastructure Identities are protected from sniffers Initiator identity's protected from active identity discovery attacks Protects against replay entirely Retries will resend the exact same response Protects against reordering to a configurable level

    6. SBSM Protocol Security Based on the SIGMA key-exchange protocol. Uses a Diffie-Helman exchange A proven secure protocol Also used in the widely deployed IKE protocol All negotiation is signed appropriately. Uses existing SNMPv3 security algorithms for message authentication and encryption SHA1/MD5 & DES/AES

    7. SBSM Protocol Protocol divided into 3 phases: Initialization Running Closing (Not in -00) All SBSM messages encapsulated into the SNMPv3 security parameters field. Initialization PDUs sent are GET/REPORT PDUs, but the application never sees them. Similar to EngineID discovery today

    8. Session State Information Status (initializing, running, closed) Remote identity type and name Remote EngineID Anti-replay support parameters Authentication & Encryption parameters Algorithms, incoming/outgoing keys, algorthim specific parameters Session parameters: Numeric identifiers, start time, max length Additional implementation specific parameters

More Related