External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Akshat Sharma Samarth Shah
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Filtering and Security By Mohammad Shanehsaz June 2004.
Chapter 19: Network Management Business Data Communications, 5e.
Authentication & Kerberos
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
802.1x EAP Authentication Protocols
Protected Extensible Authentication Protocol
IEEE Wireless Local Area Networks (WLAN’s).
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Integrated Security Model for SNMPv3 (ISMS) pronounced "is" "miss" David T. Perkins & Wes Hardaker 60 th IETF August 6, 2004.
Session-based Security Model for SNMPv3 (SNMPv3/SBSM) David T. Perkins Wes Hardaker IETF November 12, 2003.
Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Wireless and Security CSCI 5857: Encoding and Encryption.
PPSP Tracker Protocol draft-gu-ppsp-tracker-protocol PPSP WG IETF 82 Taipei Rui Cruz (presenter) Mário Nunes, Yingjie Gu, Jinwei Xia, David Bryan, João.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
Slide 1 SNMPv3, SSH & Cisco Matthew G. Marsh Chief Scientist of the NEbraskaCERT.
RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.
EAP Keying Problem Draft-aboba-pppext-key-problem-03.txt Bernard Aboba
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Chapter 3: Authentication, Authorization, and Accounting
Lecture 24 Wireless Network Security
November 2005IETF 64, Vancouver, Canada1 EAP-POTP The Protected One-Time Password EAP Method Magnus Nystrom, David Mitton RSA Security, Inc.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
SSHSM Issues David Harrington IETF64 ISMS WG Vancouver, BC.
IP Multicast Receiver Access Control draft-atwood-mboned-mrac-req draft-atwood-mboned-mrac-arch.
Washinton D.C., November 2004 IETF 61 st – mip6 WG MIPv6 authorization and configuration based on EAP (draft-giaretta-mip6-authorization-eap-02) Gerardo.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Presentation at ISMS WG Meeting1 ISMS – March 2005 IETF David T. Perkins.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Port Based Network Access Control
Lec 3: Infrastructure of Network Management Part2 Organized by: Nada Alhirabi NET 311.
Open issues with PANA Protocol
Phil Hunt, Hannes Tschofenig
Radius, LDAP, Radius used in Authenticating Users
Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016.
Chinese wall model in the internet Environment
Chapter 5 SNMP Management
Chapter 5 SNMP Management
Presentation transcript:

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004

Deployment issues with SNMPv3 SNMPv3 does not integrate well with administrative security schemes such as AAA servers defined for existing management interfaces like the device command line interfaces. Unified identity is vital, cannot have separate user islands for CLI and SNMP. SNMPv3 standard does not address the issue of management and distribution of the keying material for SNMP User and User keys need to be configured on a per agent basis, it does not scale, same issues as local telnet passwords, pre-shared keys.

Design Considerations  The requirement of a Security Model for SNMPv3 To integrate SNMPv3 authentication with external AAA server to unify the approach to administrative security for SNMPv3 and CLI. To use strong authentication and key exchange, eliminating need to use long term secrets to protect SNMPv3 packets. To minimize number of changes, preferably none, to SNMPv3 packet format given the current status of the SNMPv3 standard. The Security Model MUST extend capability of the AAA server to provide authentication, privacy and integrity protection for SNMPv3 agents. provide support for variety of client authentication mechanisms including passwords, tokens and certificates. optimize key management scheme to scale to large numbers of agents. ensure a separate AAA request is not generated for every SNMP request. be generic and should apply to existing and future AAA protocols.

EUSM Architecture Overview Key Server SNMP Manager Key Setup Protocol Establish Security Context & Master Session Key Key Request Protocol Get SNMPv3 session keys Pass Security Context Identifier SNMPv3 Packet Key Request Protocol Return SNMPv3 session keys Return SNMPv3 localized auth. and priv. keys derived from the master session key for this particular security context Return cache lifetime. Return User Group SNMPv3 Agent

EUSM Overview Definition of External User Security Model (EUSM) for SNMPv3, a new security model for SNMPv3. EUSM will use Key_Setup/Key_Request protocols to obtain keying material from the Key server for achieving the security goals defined for USM Security Context setup between the SNMPv3 Manager and the Key server using Key_Setup protocol. The security context establishment authenticates the peers and setups master session keys at the SNMPv3 Manager and Key server. The user principal is used to authenticate the SNMPv3 Manager The master session keys are localized to generate per agent SNMPv3 authentication and privacy keys. SNMPv3 Agents request for keys from the Key server using Key_Request protocol. Keys distributed by the Key server to the agents are cached for short durations at the agent, this avoids the need for a protocol request for every SNMPv3 operation.

Key_Setup Protocol Requirements The Key_Setup protocol is required to the setup of a security context between the SNMPv3 Manager and the Key server The security context refers to a pair of data structures that contain shared state information, which is required in order that per-message security services may be provided to SNMPv3 packets. The Key_Setup protocol is required to mutually authenticate the SNMPv3 Manager and the Key server and provide an identifier to uniquely identify the Security Context. The Key_Setup protocol should be flexible to support different auth credentials. Examples of state that are shared between SNMPv3 Manager and the Key server as part of a security context are cryptographic keys, and message sequence numbers. The security context specified here is different from the SNMP context described in [RFC3411].

Key_Request Protocol Requirements The Key_Request protocol MAY use AAA protocols such as RADIUS/TACACS+ to pass on the keys derived from the master session key to the SNMPv3 agents. The Key_Request protocol MUST ensure that it is distributing the keys to the agent that is authorized to see those keys. The Key_Request protocol MUST respond back to agents with key material, i.e. symmetric key based on request identified by a specific security context identifier. The Key_Request protocol MUST secure the exchange, it MAY use security mechanisms relevant to the AAA protocol, one such scheme MAY involve encryption of the keying material using pre-configured secrets.

SNMPv3 Trap and Inform Processing The SNMPv3 EUSM Trap processing uses an identical flow as specified for SNMPv3 request processing. The SNMPv3 Manager is responsible for the setup of the master session key at the Key server. The authoritative engine is the SNMPv3 agent. The SNMPv3 agent requests for session keys from Key server to use for protecting SNMPv3 traps. The SNMPv3 EUSM Inform processing uses an identical flow as specified for the SNMPv3 request processing, except that the roles are reversed between the SNMPv3 manager and agent The SNMPv3 Agent is responsible for the setup of the master session key at the Key server. The agent generates session keys from the master session key based on the engine ID of the Inform recipient, i.e. the SNMPv3 Manager. The authoritative engine is the SNMPv3 manager. The SNMPv3 manager requests for session keys from the Key server.

EUSM Inform Processing Key_Setup Protocol Key Server SNMP Manager Key_Request Protocol SNMPv3 Inform SNMPv3 Agent

EUSM with EAP as Key_Setup protocol RADIUS Server SNMP Manager EAP Exchange Establish Security Context AAA Protocol {EAP Exchange Establish Security Context} AAA Protocol Acquire Localized Session Keys SNMPv3 Packet Network Management Operation SNMPv3 Agent *Radius Server acts as a key server

EUSM with RADIUS as Key_Request protocol RADIUS Access_Request/ Access_Accept PEAP Exchange RADIUS Server SNMP Manager RADIUS (Key_Request) Key (App ID) Calling-Station-ID UserName SNMPv3 Packet RADIUS (Key_Response) Key (Key, IV, Key ID, Lifetime, App ID, KEK ID) SNMP-Protection-Type SNMP-Group-Name SNMPv3 Agent

Key Caching Session keys are cached at the SNMPv3 agent typically for duration of 90-180 seconds. The common pattern of manager-agent interaction is in bursts with a duration of less than 90 seconds. Master Session Key is cached for the duration of 8-10 hours. Residual timer on the master session key used to address cache synchronization issues. Key durations are configurable entities on the Key server.

Implementation Status We are providing the WG with feedback from an implementation. EUSM prototype implementation in IOS close to completion. EUSM prototype implementations in Cisco AAA server (Ciscosecure ACS) and Ciscoworks applications currently in progress. So far, no implementation problems.