SBSM BOF Session-Based Security Model for SNMPv3 - PowerPoint PPT Presentation

About This Presentation
Title:

SBSM BOF Session-Based Security Model for SNMPv3

Description:

Session-Based Security Model for SNMPv3. Wes Hardaker David T. ... Ticket. Master. ISMS BOF: SBSM. August 6, 2004. Hardaker/Perkins. Identification Schemes ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 15
Provided by: ietf
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: SBSM BOF Session-Based Security Model for SNMPv3


1
SBSM BOFSession-Based Security Model for SNMPv3
  • Wes Hardaker David T. Perkins
  • August 06, 2004
  • (draft-hardaker-snmp-sbsm-03.txt)

2
SBSM Protocol Proposal
  • Current draft
  • draft-hardaker-snmp-sbsm-03.txt
  • Creates a session between two points

3
SBSM Protocol Details
  • Works over any transport (UDP/TCP/...)
  • Requires no modifications to existing SNMPv3
    components
  • apps, MP, Dispatcher, VACM,
  • Requires no new SNMP PDU types
  • All security and parameter negotiation (eg,
    auth/priv types) is application invisible
  • Compression before encryption support

4
SBSM Protocol Security
  • Supports multiple types of identification
  • Reuses existing infrastructure
  • Identities are protected from sniffers
  • Initiator identity's protected from active
    identity discovery attacks
  • Requires no outside infrastructure, but can use
    if available
  • Able to handle all operator authentication needs
  • Authenticates both sides independently
  • Protects against replay entirely
  • Retries will resend the exact same response

5
SBSM Protocol Security
  • Based on the SIGMA key-exchange protocol.
  • Uses a Diffie-Helman exchange
  • A proven secure protocol
  • Also used in the widely deployed IKE protocol
  • Uses existing SNMPv3 security algorithms for
    message authentication and encryption
  • SHA1/MD5 DES/AES
  • Security parameters are negotiated

6
SBSM Protocol
  • SNMPv3/SBSM divided into 3 phases
  • Initialization
  • Running
  • Closing
  • Initialization PDUs sent are GET/REPORT PDUs, but
    the application never sees them.
  • Similar to EngineID discovery today

7
Session State Information
  • Status (initializing, running, closed)
  • Remote identity type and name
  • Remote EngineID
  • Anti-replay support parameters
  • Authentication Encryption parameters
  • Algorithms, incoming/outgoing keys, algorthim
    specific parameters
  • Session parameters
  • Numeric identifiers, start time, max length
  • Additional implementation specific parameters

8
Session Message Flow
SNMP App
SBSM Initiator
SNMP App
SBSM Responder
Traffic protected by SBSM
...
Note Other SNMPv3 components (MP, etc) not
shown but exist where expected
9
Questions?
  • Note this was a high level presentation
  • More details in the last BOF when this was the
    only candidate

10
Identification Schemes
Local DB
  • Used for
  • Current USM model
  • Local Accounts
  • SSH Identities

11
Identification Schemes
  • Used for
  • Radius
  • Tacsplus

12
Identification Schemes
  • Used for
  • Kerberos

13
Identification Schemes
  • Used for
  • PKI deployments (CA use is optional on both
    sides)

14
VACM interaction
From Network
Security model SBSM Security model Identity
security model
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SBSM BOF Session-Based Security Model for SNMPv3" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!