In the Name of the Most High SNMPv3 by Behzad Akbari Fall 2011 These slides are based in parts upon slides of Prof. Dssouli (Concordia university) 1 Key Features of SNMPv3 Modularization of documentation and architecture SNMP engine defined Enables the use of SNMPv1 and SNMPv2 with the newly developed SNMPv3. – A model for the processing of SNMP messages. New Security features – Secure information to prevent tampering of data – Access control to determine proper access to MIB. 2 Documentation 3 SNMP Architecture Distributed, interacting collection of SNMP entities SNMP entity implements a portion of the SNMP capability: It acts either as an agent or manager or both A collection of modules interacting with each other to provide services SNMP ENTITY SNMP APPLICATIONS COMMAND GENERATOR COMMAND RESPONDER NOTIFICATION ORIGINATOR NOTIFICATION RECEIVER PROXY FORWARDER OTHER OTHER SNMP ENGINE DISPATCHER MESSAGE PROCESSING SUBSYSTEM SECURITY SUBSYSTEM ACCESS CONTROL SUBSYSTEM SNMP Architecture Advantages: The role of SNMP entity is determined by the modules implemented in that entity o Security subsystem provides services such as authentication and privacy of messages o Certain set of modules are required for agent, while a different set is required for a manager Multiple security models can coexist Set of authorization services an application can use for checking access rights o Access Control SNMP Architecture-Manager COMMAND GENERATOR PDU DISPATCHER NOTIFICATION RECEIVER MESSAGE PROCESSING SUBSYSTEM SNMPv1 MESSAGE DISPATCHER SNMPv2C NOTIFICATION ORIGINATOR SECURITY SUBSYSTEM COMMUNITY BASED SECURITY MODEL USER BASED SECURITY MODEL SNMPv3 TRANSPORT MAPPINGS OTHER OTHER SECURITY MODEL SNMPv3 Architecture-Manager Command Generator Application o Monitor and manipulate management data at remote agents o Make use of SNMPv1,v2 PDUs: Get, GetNext, GetBulk, etc. Notification Originator Application Initiates messages, such as InformRequest PDU Notification Receiver Application o Receive messages from other managers or agents o InformRequest, SNMPv1- and SNMPv2-Traps, etc… These applications make use of the services provided by the SNMP engine: o Get Outgoing PDUs, process them and generates SNMP messages for transmission over the transport layer o Accept incoming SNMP messages, process them, and extracts PDUs and passes them to appropriate SNMP application SNMPv3 Architecture-Manager SNMP Engine (identified by snmpEngineID) Dispatcher Security Subsystem One dispatcher in an SNMP engine o o o Message Processing Subsystem Accepts PDUs from applications Handles multiple version messages (SNMPv1, v2, v3) Interfaces with application modules, network, and message processing models Three components for three functions Transport mapper delivers messages over the transport protocol Routes messages between network and appropriate module of MPS PDU dispatcher handles messages between application and MPS SNMPv3 Architecture-Manager SNMP Engine (identified by snmpEngineID) Dispatcher Message Processing Subsystem Security Subsystem Accepts outgoing PDUs from Dispatcher, attach appropriate header, and return message to Dispatcher Accepts incoming messages, process each message header, and return the enclosed PDU to the Dispatcher Contains one or more Message Processing Models, each for each SNMP version SNMP version identified in the header SNMPv3 Architecture-Manager SNMP Engine (identified by snmpEngineID) Dispatcher Message Processing Subsystem Security Subsystem Security subsystems perform authentication and encryption functions for each outgoing/incoming message Outgoing PDUs may be encrypted and authentication codes generated and appended to the message header o The message is then returned to the MPS Incoming messages are passed to the security subsystem o Message decryption o Messages authenticated SNMPv3 Architecture-Agent MANAGEMENT INFORMATION BASE ACCESS CONTROL SUBSYSTEM COMMAND RESPONDER PDU DISPATCHER VIEW BASED ACCESS CONTROL MESSAGE PROCESSING SUBSYSTEM SNMPv1 MESSAGE DISPATCHER SNMPv2C NOTIFICATION ORIGINATOR Proxy Forwarder Applications SECURITY SUBSYSTEM COMMUNITY BASED SECURITY MODEL USER BASED SECURITY MODEL SNMPv3 TRANSPORT MAPPINGS OTHER OTHER SECURITY MODEL SNMPv3 Architecture-Agent Command Responder Application o Provides access to management data o Responds to incoming requests by retrieving and/or setting managed objects and issuing Response PDU Notification Originator Application o e.g., SNMPv1, v2 Trap PDU Proxy Forwarder Application o Forwards messages between entities Access Control Subsystem o Provides authorization services to “control access” to the MIB for reading and setting management objects o Who can access o What can be accessed Terminology SNMP Engine ID snmpEngineID -- associated with each SNMP entity Principal principal Security Name Context Engine ID -- person or group or application requesting services securityName -- human readable name contextEngineID -- each entity has a unique context ID (identical to snmpEngineID) Context Name contextName --a context associated with a managed object (for access control) An SNMP agent can monitor more than one network element (context) Example: SNMP Engine ID Principal Security Name IP address John Smith Administrator snmpEngineID SNMP ENTITY OT HE R SNMP ENGINE snmpEngineID=1 SNMP ENTITY O TH ER SNMP ENGINE snmpEngineID=2 SNMP ENTITY O TH ER SNMP ENTITY O TH ER SNMP ENGINE snmpEngineID=3 SNMP ENGINE snmpEngineID=4 Abstract Service Interfaces Abstract service interface is a conceptual interface between modules, independent of implementation Defines a set of primitives o A primitive specifies the function to be performed (e.g., procedural call) Primitives associated with receiving entities o An interface defined using primitive and parameters is referred to as “abstract service interface” e.g., Dispatcher primitives: o Handle messages to and from applications o registering and un-registering of application modules o transmitting to and receiving messages from network IN and OUT parameters Status information / result sendPdu Command Generator sendPdu sendPduHandle/ Error Indication Abstract Service Interface Dispatcher prepareOutgoingMessage Dispatcher Primitives Message Processing Model Abstract Service Interface Used by a command generator to send SNMP request or notification PDU to another SNMP entity When successfully preparing the message by the Dispatcher: a sendPduHandle (unique identifier) is returned (to track any response, if any is expected) The application also provides transport domain/address for the PDU as well as message processing model, security model, principal, level of security, the context for this PDU, and the PDU itself sendPdu Command Generator sendPduHandle/ errorIndication processResponsePdu Dispatcher prepareOutgoingMessage Dispatcher Primitives Message Processing Model Abstract Service Interface processResponsePdu Used by Dispatcher to pass an incoming response PDU to an application The application checks whether it is matched with a preceding request or notification PDU by checking the sendPduHandle: Success or failure returnResponsePdu Command Responder Dispatcher processPdu processPdu prepareResponseMessage Dispatcher Primitives Message Processing Model Abstract Service Interface Used by Dispatcher to pass an incoming request or notification PDU to an application (command responder) Security related information is required to generate a matching response message The security subsystem (access control) will check whether access is allowed and a response will be generated accordingly returnResponsePdu Used by command responder to return an SNMP response in response to an incoming request or notification sendPdu Command Generator sendPduHandle/ errorIndication Dispatcher prepareOutgoingMessage Message Processing Subsystem Primitives Message Processing Model Abstract Service Interface prepareOutgoingMessage Prepare a message for an outgoing SNMP request or notification PDU The IN parameter is a PDU and OUT parameter is the message Success or failure is returned returnResponsePdu Command Responder Dispatcher processPdu prepareResponseMessage Message Processing Subsystem Primitives Message Processing Model Abstract Service Interface prepareResponseMessage Request the preparation of a message containing an outgoing SNMP response PDU, in response to an incoming request or notification PDU Security Subsystem Primitives generateRequestMessage Generate a “message” containing an outgoing SNMP request or notification PDU Returns to the MPS a message (with possibly authentication and encryption) and associated security parameters processIncomingMessage Provide security function for incoming messages Return success or failure indicating the result of the security check If successful, a PDU is returned to the MPS generateResponseMessage Generate a message containing outgoing SNMP response PDU in response to incoming request or notification Returns to the MPS a message (with some authentication and encryption applied) and associated security parameters Applications Application(s) Command Generator Notification Receiver Proxy Forwarder Subsystem Command Responder Notification Originator Other Application • Command generator • Command responder • Notification originator • Notification receiver • Proxy Forwarder (SNMP versions only) • Other Example get-request get-response trap generation trap processing get-bulk to get-next Special application 22 Command Generator Command Generator Command Generator: 1)-Examine parameters from the received PDU and match/compare them with a cached copy (security model/level/name, contextName, etc.). If no match, message is discarded 2)-Check the received PDU (check request-id, etc.) Message Processing Model Dispatcher Security Model sendPdu prepareOutgoingMessage generateRequestMsg PduHandle send get-request message Network receive get-response message prepareDataElemets processIncomingMsg 3)- if all OK, then take action processResponsePdu Command Generator Dispatcher Message Processing Model Security Model Command Responder Command Responder Command Responder: 1)-examines content of request PDU. Check whether object has already registered with the responder 2)- isAccessAllowed primitive is invoked (to determine whether object can be accessed by the principal making the request) check the security level 3)- if access permitted, prepare a response. Message Processing Model Dispatcher Security Model processPdu processIncomingMsg prepareDataElements registerContextEngineID receive get-request message Network send get-response message generateResponseMsg prepareResponseMsg returnResponsePdu Dispatcher Message Processing Model Figure 7.6 Command Responder Application Security Model Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS sendPdu ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM prepareOutgoingMessage ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM generateRequestMsg ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM send and receive ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM prepareDataElements contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM processIncomingMsg contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS processPdu ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS isAccessAllowed ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS returnResponsePdu ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM prepareResponseMessage contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM generateResponseMsg contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM send and receive ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM prepareDataElements ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM processIncomingMsg ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Scenario Diagrams Parameters APPLICATIONS APPLICATIONS processResponsePdu ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM ACCESS CONTROL SUBSYSTEM DISPATCHER SECURITY SUBSYSTEM MESSAGE PROCESSING SUBSYSTEM contextEngineID contextName destTransportAddress destTransportDomain expectResponse globalData maxMessageSize maxSizeResponseScopedPDU messageProcessingModel outgoingMessage outgoingMessageLength PDU pduType pduVersion scopedPDU stateReference statusInformation securityEngineID securityLevel securityModel securityName securityParameters securityStateReference sendPduHandle transportAddress transportDomain variableName viewType wholeMsg wholeMsgLength Message Format reportableFlag privFlag authFlag Header Data Message ID Message Max. Size Message Flag Version scopedPDU Message Security Model Global/ Header Data 1 SNMPv1 2 SNMPv2 3 SNMPv3 Security Parameters Context Engine ID Plaintext / Encrypted scopedPDU Data Context Name Whole Message Security Parameters Authoritative Engine ID Authoritative Engine Boots Authoritative Engine Time Time synch. between entities to avoid message replay and achieve timeliness User Name Authentication Parameters Data Privacy Parameters Message Format Field Version Message ID Message Max. Size Message flags Message Security Model Object name Description msgVersion SNMP version number of the message format msgID Administrative ID associated with the message msgMaxSize Maximum size supported by the sender msgFlags Bit fields identifying report, authentication, and privacy of the message msgSecurityModel Security model used for the message; concurrent multiple models allowed Security Parameters msgSecurityParameters Security parameters used for (See Table 7.8) communication between sending and receiving security modules Plaintext/Encrypted scopedPDU Data scopedPduData Choice of plaintext or encrypted scopedPDU; scopedPDU uniquely identifies context and PDU Context Engine ID contextEngineID Unique ID of a context (managed entity) with a context name realized by an SNMP entity contextName Name of the context (managed entity) data Contains unencrypted PDU Context Name PDU See p. 304 43 Security Threats Modification of Information an entity may alter in-transit SNMP messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object Masquerade management operations not authorized for some entity may be attempted by assuming the identity of another entity that has the appropriate authorizations Modification of information Masquerade Message stream modification Management Entity A Management Entity B Disclosure Security Threats Message Stream Modification SNMP is typically based upon a connectionless transport service. Messages may be maliciously reordered, delayed or replayed, in order to effect unauthorized management operations. o For example, a message to reboot a system could be copied and replayed later Disclosure Eavesdropping or intercepting on the exchanges between SNMP engines Modification of information Masquerade Message stream modification Management Entity A Management Entity B Disclosure Security Threats SNMPv3 is not intended to secure against these two threats: Denial of Service: An attacker may prevent exchanges between manager and agent DOS are indistinguishable from network element failures DOS may disrupt all services (not just those pertaining to NM) Modification of information Masquerade Message stream modification Management Entity A Management Entity B Disclosure Traffic Analysis: An attacker may observe the general pattern of traffic between managers and agents Security Model Goals o Data Integrity (Authentication) o Authentication o Message redirection/re-ordering/delay/replay o Data encryption/decryption Security Model Security Subsystem Data Integrity Data Origin Authentication Message Processing Model Authentication Module Data Confidentiality Privacy Module Message Timeliness & Limited Replay Protection Timeliness Module The Security model authenticates and forwards incoming and outgoing messages to the MPM 3 different modules o Authentication module o Privacy module o Timeliness module Authentication Module Security Subsystem Data Integrity Data Origin Authentication Message Processing Model Data Confidentiality Privacy Module Message Timeliness & Limited Replay Protection Timeliness Module Data integrity o o o Authentication Module message authentication at sender and validation at receiver Ensure that a message is not modified by an unauthorized intruder Authentication protocols: HMAC-MD5-96 / HMAC-SHA-96 Data origin authentication o o Check the identity of a user on whose behalf a message is sent Append to the message a unique Identifier associated with authoritative SNMP engine Privacy Module Security Subsystem Data Integrity Data Origin Authentication Message Processing Model Data Confidentiality Message Timeliness & Limited Replay Protection Authentication Module Privacy Module Timeliness Module Data confidentiality ensures that data is not made available to unauthorized users or entities Encryption is applied at the sender and decryption at receiver (CBC-DES) Timeliness Module Security Subsystem Data Integrity Data Origin Authentication Message Processing Model Data Confidentiality Message Timeliness & Limited Replay Protection Authentication Module Privacy Module Timeliness Module Prevent message redirection, delay and replay Configure a receiver window for accepting message (e.g., 150 s for SNMPv3) Three objects: snmpEngineIP, snmpEngineBoots, snmpEngineTime Authoritative vs. non-authoritative engine Responsibility of Authoritative engine o Unique SNMP engine ID o Time-stamp (a clock maintained by the authoritative engine) Non-authoritative engine should keep a table of the time-stamp and authoritative engine ID o Synchronize its clock with regard to that of the authoritative engine Non-Authoritative Engine (NMS) Authoritative Engine (Agent) User-based Security Model (USM) USM primitives across abstract service interfaces o Authentication service primitives o o o authenticateOutgoingMsg authenticateIncomingMsg Privacy Services o o encryptData // outgoing PDU decryptData // incoming PDU User-based Security Model (USM) Security Subsystem MPM Information Header data Security data scopedPDU User-based Security Model Encryption key scopedPDU Privacy parameters Privacy Module Encrypted scopedPDU Message Processing Model (Authenticated/encrypted) whole message Whole message length Authentication key Whole Message Authenticated Whole Message Security Parameters Privacy and Authentication Service for Outgoing Message Authentication Module User-based Security Model (USM) Security Subsystem MPM Information Header data Security data scopedPDU User-based Security Model Encryption key scopedPDU Privacy Module Privacy parameters Encrypted scopedPDU Message Processing Model (Authenticated/encrypted) whole message Whole message length Authentication key Whole Message Authenticated Whole Message Authentication Module Security Parameters USM invokes privacy module w/ encryption key and scopedPDU Privacy module returns privacy parameters and encrypted scopedPDU USM then invokes the authentication module w/authentication key and whole message and receives authenticated whole message User-based Security Model (USM) Security Subsystem MPM Information Header data Security parameters whole message Authentication key User-based Security Model Whole Message (as received from network) Authentication parameters Authentication Module Authenticated Whole Message Message Processing Model Decrypt key Encrypted PDU (Decrypted) scopedPDU Privacy parameters Privacy Module Decrypted scopedPDU Processing secure incoming message reverse of secure outgoing message Authentication validation done first by the authentication module Decryption of the message done then by the privacy module User-based Security Model (USM) Security Parameters and Corresponding MIB Objects Security Parameters msgAuthoritativeEngineID msgAuthoritativeEngineBoots msgAuthoritativeEngineTime msgUserName msgAuthenticationParameters msgPrivacyParameters USM User Group Objects snmpEngineID (under snmpEngine Group) snmpEngineBoots (under snmpEngine Group) snmpEngineTime (under snmpEngine Group) usmUserName (in usmUserTable) usmUserAuthProtocol (in usmUserTable) usmUserPrivProtocol (in usmUserTable) msgUserName: user or a principal on whose behalf the message is being exchanged msgAuthenticationParameters: defined by authentication protocol msgPrivacyParameters: type of privacy protocol used SNMPv3-Next! Background and security threats SNMPv3 Architecture SNMPv3 Applications Message Format User-based Security Model (USM) USM Timeliness Mechanism Cryptographic Functions USM Message Processing Discovery Key Management USM Timeliness Mechanism Management of authoritative clocks All authoritative engines must maintain two objects: o o snmpEngineBoots snmpEngineTime Initially, both are set to 0 snmpEngineTime is incremented once per second snmpEngineBoots is incremented if the system has rebooted or if snmpEngineTime reaches its maximum value (231 -1) USM Timeliness Mechanism Synchronization A non-authoritative engine must remain loosely synchronized with each authoritative engine with which it communicates A non-authoritative engine keeps a local copy of 3 variables for each authoritative engine: snmpEngineBoots: o o snmpEngineTime: o o Synchronized to the authoritative engine. Between synch events, it is incremented once per second to maintain loose synch latestReceivedEngineTime: o o o Most recent value of snmpEngineBoots for the remote authoritative engine Highest value of msgAuthoritativeEngineTime. o It protects against a replay message attack These values are stored in a cache indexed by snmpEngineID USM Timeliness Mechanism Synchronization (cont’d) authoritative non-authoritative msgAuthoritativeEngineBoots, msgAthoritativeEngineTime, msgAthoritativeEngineID If message is authentic non auth. updates its local variables according to this rule: (msgAuthoritativeEngineBoots > snmpEngineBoots) OR [(msgAuthoritativeEngineBoots = snmpEngineBoots) AND (msgAuthoritativeEngineTime > latestReceivedEngineTime)] If two messages arrive out of order or a replay attack is underway! USM Timeliness Mechanism Synchronization (cont’d) If an update is called for, then snmpEngineBoots := msgAuthoritativeEngineBoots snmpEngineTime := msgAuthoritativeEngineTime latestReceivedEngineTime := msgAuthoritativeEngineTime If (msgAuthoritativeEngineBoots < snmpEngineBoots) then no update occurs [Message not authentic to be discarded] If [(msgAuthoritativeEngineBoots = snmpEngineBoots) AND (msgAuthoritativeEngineTime < latestReceivedEngineTime)] then no update occurs [Message may be authentic but may be misordered Update of snmpEngineTime is not warranted] USM Timeliness Mechanism Timeliness checking by authoritative receiver Ensure that messages are received within a reasonable time window (avoid delays and replays) Too small time window authentic messages may be considered as unauthentic Too large increase vulnerability for attacks Incoming message is considered outside the time window if the following is true : snmpEngineBoots = (231 -1) OR msgAuthoritativeEngineBoots snmpEngineBoots OR The value of msgAuthoritativeEngineTime differs from that of snmpEngineTime by more than ± 150 seconds. message is considered not authentic (discarded and error message returned) USM Timeliness Mechanism Timeliness checking by non-authoritative receiver Incoming message is considered outside the time window if the following is true: snmpEngineBoots = (231 -1) OR msgAuthoritativeEngineBoots < snmpEngineBoots OR [(msgAuthoritativeEngineBoots = snmpEngineBoots) AND msgAuthoritativeEngineTime < snmpEngineTime – 150] NOTE: msgAuthoritativeEngineBoots > snmpEngineBoots is allowed Cryptographic Functions-Authentication 2 functions defined by USM authentication: authKey encryption: privKey authKey and privKey are derived from the password and are not accessible via SNMP 1- Authentication Two authentication protocols o o HMAC: message authentication code generation from authKey HMAC-MD5-96 (Message Digest) HMAC-SHA1-96 (Secure Hash Algorithm) A 96-bit MAC code generated and inserted in msgAuthenticationParameters field of the message MD-5 (16-octet) and SHA1 (20-octet) are the underlying hash functions Cryptographic Functions-Authentication Procedure: 1. Derive extendedAuthKey: Supplement authKey with 0s to get 64-byte string 2. Define ipad, opad, K1, and K2: ipad = 0x36 (00110110) repeated 64 times opad = 0x5c (01011100) repeated 64 times K1 = extendedAuthKey XOR ipad K2 = extendedAuthKey XOR opad 3. Derive HMAC by hashing algorithm used HMAC = H (K2, H (K1, wholeMsg)) Depending on whether MD-5 or SHA-1 is used, the algorithm produces a 16 (MD-5) or 20 (SHA-1)-octet length output which is truncated to produce a 12-octet MAC HMAC Structure 67 Cryptographic Functions-Authentication KEY DATA HASH FUNCTION MAC ADD THE MESSAGE AUTHENTICATION CODE (MAC) TO THE DATA AND SEND THE RESULT To authenticate KEY DATA HASH FUNCTION KEY DATA HASH FUNCTION MAC MAC =? USER MAC sender DATA USER MAC receiver DATA Cryptographic Functions-Encryption 2- Encryption and decryption of scoped PDU (context engine ID, context name, and PDU) CBC - DES (Cipher Block Chaining - Data Encryption Standard) symmetric protocol o o 16 octet privKey (derived from password, similar to authKey ) is used as input to encryption protocol First 8 octets of privKey are used as DES key (only 56 bits LSB of each octet is ignored) Cryptographic Functions-Encryption CBC Mode o o Last 8-octet of privKey used as preinitialization vector (pre-IV) Generate salt value (8 octets): <snmpEgineBoots || local value> Initialization vector: IV = salt XOR pre-IV o Local value: 4-octet integer, implementation dependent, modified after each use. Transmit salt in msgPrivacyParameters so that receiver can recover the IV Cryptographic Functions-Encryption P1 P2 Pn IV Cn-1 k DES Encrypt C1 k DES Encrypt C2 Encryption Data is divided into blocks of 64 bits each. K is shared between sender and receiver k DES Encrypt Cn Cryptographic Functions-Encryption C1 k DES Decrypt C2 k DES Decrypt Cn k DES Decrypt IV Cn-1 P1 P2 Decryption IV at the receiver is generated from the salt that is transmitted in the message Pn USM Message Processing Retrieve user information Privacy Required? Security name of principal Auth. snmpEngineID Determine security level … YES Encrypt scopedPDU set msgPrivacyParamters NO msgPrivacyParamters NULL Authent. Required? YES NO msgAuthent.Paramters NULL Message Transmission Compute MAC set msgAuthent.Paramters USM Message Processing security level Security model Security name…. Retrieve msg parameters Authent. Required? YES NO Privacy Required? Compute MAC msgAuthent.Paramters Determine if msg is within time window YES NO Message reception Encrypt Decrypt scopedPDU scopedPDU set msgPrivacyParamters Time synch. Timeliness check Discovery The non-authoritative engine sends a Request message: securityLevel = noAuthnoPriv msgUserName = “initial” msgAuthoritativeEngineID = null varBindList = null The authoritative engine responds with: msgAuthoritativeEngineID = snmpEngineID (its own) If authenticated communication is required o o The non-authoritative engine establishes time synchronization with the authoritative engine Authoritative engine sends an Report message with its current values: msgAuthoritativeEngineBoots = snmpEngineBoots msgAuthoritativeEngineTime = snmpEngineTime Key Management Authentication and privacy keys are required A principal (i.e., NMS) should deploy or use only one auth. key and one priv. key. Keys are stored for the user’s password Password: human readable, not easy guessed Keys are not accessible via SNMP and are not stored in the MIB Password to key generation 1)- Repeat the psswd to generate 220 bytes digest0 2)digest1 = Hash (digest0) digest1 is 16-octet (MD-5) or 20octet (SHA-1) authKey is digest1 NOTE :: A single password can be used (authKey and privKey are the same) or 2 passwords for 2 different keys Key Localization A localized key is a secret key shared between a user and one authoritative SNMP Engine Hence, a user can communicate with many agents but maintains only one key (i.e., only one password) Agent 1 Agent 2 User 1 (authKey1_1, privKey1_1) User 1 (authKey2_1, privKey2_1) User 2 (authKey1_2, privKey1_2) User 4 (authKey2_4, privKey2_4) If compromised, other keys are not! If this agent compromised, only its keys are compromised. Other agents are safe. Generating localized Keys Take Hash of user key and Remote Engine ID password Take Hash of expanded password string Take Hash of user key and Remote Engine ID Localized Key digest2 Localized key User Key (digest1) Localized keys are initially configured in a secure way ( could be manual!) Take Hash of user key and Remote Engine ID Localized key Key Update To enhance security, Keys are to be updated from time to time: keyOld keyNew Requestor: 1)- Generate random 2)- Compute: digest = Hash ( keyOld || random ) 3)- delta = digest XOR keyNew 4)- protocolKeyChange = ( random || delta) Send a message setRequest ( protocolKeyChange ) Receiver: 1)- compute digest = Hash( keyOld || random) 2)- compute keyNew = digest XOR delta NOTE: digest XOR delta = digest XOR (digest XOR keyNew) = keyNew Since an attacker does not know keyOld, the update of the key is safe Access Control Agent can validate sending sources and their access privilege for command requests. Step following Authentication Maintain a local database contains access rights and policies MIB VIEW Allowed Operations Allowed managers Required Level of Security Interface Table SET John Authentication , Encryption Interface Table GET/GETNEXT John, Paul Authentication Systems Group GET/GETNEXT Georges None Access Control (read, write, or send notification)