External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004
Deployment issues with SNMPv3 SNMPv3 does not integrate well with administrative security schemes such as AAA servers defined for existing management interfaces like the device command line interfaces. Unified identity is vital, cannot have separate user islands for CLI and SNMP. SNMPv3 standard does not address the issue of management and distribution of the keying material for SNMP User and User keys need to be configured on a per agent basis, it does not scale, same issues as local telnet passwords, pre-shared keys.
Design Considerations The requirement of a Security Model for SNMPv3 To integrate SNMPv3 authentication with external AAA server to unify the approach to administrative security for SNMPv3 and CLI. To use strong authentication and key exchange, eliminating need to use long term secrets to protect SNMPv3 packets. To minimize number of changes, preferably none, to SNMPv3 packet format given the current status of the SNMPv3 standard. The Security Model MUST extend capability of the AAA server to provide authentication, privacy and integrity protection for SNMPv3 agents. provide support for variety of client authentication mechanisms including passwords, tokens and certificates. optimize key management scheme to scale to large numbers of agents. ensure a separate AAA request is not generated for every SNMP request. be generic and should apply to existing and future AAA protocols.
EUSM Architecture Overview Key Server SNMP Manager Key Setup Protocol Establish Security Context & Master Session Key Key Request Protocol Get SNMPv3 session keys Pass Security Context Identifier SNMPv3 Packet Key Request Protocol Return SNMPv3 session keys Return SNMPv3 localized auth. and priv. keys derived from the master session key for this particular security context Return cache lifetime. Return User Group SNMPv3 Agent
EUSM Overview Definition of External User Security Model (EUSM) for SNMPv3, a new security model for SNMPv3. EUSM will use Key_Setup/Key_Request protocols to obtain keying material from the Key server for achieving the security goals defined for USM Security Context setup between the SNMPv3 Manager and the Key server using Key_Setup protocol. The security context establishment authenticates the peers and setups master session keys at the SNMPv3 Manager and Key server. The user principal is used to authenticate the SNMPv3 Manager The master session keys are localized to generate per agent SNMPv3 authentication and privacy keys. SNMPv3 Agents request for keys from the Key server using Key_Request protocol. Keys distributed by the Key server to the agents are cached for short durations at the agent, this avoids the need for a protocol request for every SNMPv3 operation.
Key_Setup Protocol Requirements The Key_Setup protocol is required to the setup of a security context between the SNMPv3 Manager and the Key server The security context refers to a pair of data structures that contain shared state information, which is required in order that per-message security services may be provided to SNMPv3 packets. The Key_Setup protocol is required to mutually authenticate the SNMPv3 Manager and the Key server and provide an identifier to uniquely identify the Security Context. The Key_Setup protocol should be flexible to support different auth credentials. Examples of state that are shared between SNMPv3 Manager and the Key server as part of a security context are cryptographic keys, and message sequence numbers. The security context specified here is different from the SNMP context described in [RFC3411].
Key_Request Protocol Requirements The Key_Request protocol MAY use AAA protocols such as RADIUS/TACACS+ to pass on the keys derived from the master session key to the SNMPv3 agents. The Key_Request protocol MUST ensure that it is distributing the keys to the agent that is authorized to see those keys. The Key_Request protocol MUST respond back to agents with key material, i.e. symmetric key based on request identified by a specific security context identifier. The Key_Request protocol MUST secure the exchange, it MAY use security mechanisms relevant to the AAA protocol, one such scheme MAY involve encryption of the keying material using pre-configured secrets.
SNMPv3 Trap and Inform Processing The SNMPv3 EUSM Trap processing uses an identical flow as specified for SNMPv3 request processing. The SNMPv3 Manager is responsible for the setup of the master session key at the Key server. The authoritative engine is the SNMPv3 agent. The SNMPv3 agent requests for session keys from Key server to use for protecting SNMPv3 traps. The SNMPv3 EUSM Inform processing uses an identical flow as specified for the SNMPv3 request processing, except that the roles are reversed between the SNMPv3 manager and agent The SNMPv3 Agent is responsible for the setup of the master session key at the Key server. The agent generates session keys from the master session key based on the engine ID of the Inform recipient, i.e. the SNMPv3 Manager. The authoritative engine is the SNMPv3 manager. The SNMPv3 manager requests for session keys from the Key server.
EUSM Inform Processing Key_Setup Protocol Key Server SNMP Manager Key_Request Protocol SNMPv3 Inform SNMPv3 Agent
EUSM with EAP as Key_Setup protocol RADIUS Server SNMP Manager EAP Exchange Establish Security Context AAA Protocol {EAP Exchange Establish Security Context} AAA Protocol Acquire Localized Session Keys SNMPv3 Packet Network Management Operation SNMPv3 Agent *Radius Server acts as a key server
EUSM with RADIUS as Key_Request protocol RADIUS Access_Request/ Access_Accept PEAP Exchange RADIUS Server SNMP Manager RADIUS (Key_Request) Key (App ID) Calling-Station-ID UserName SNMPv3 Packet RADIUS (Key_Response) Key (Key, IV, Key ID, Lifetime, App ID, KEK ID) SNMP-Protection-Type SNMP-Group-Name SNMPv3 Agent
Key Caching Session keys are cached at the SNMPv3 agent typically for duration of 90-180 seconds. The common pattern of manager-agent interaction is in bursts with a duration of less than 90 seconds. Master Session Key is cached for the duration of 8-10 hours. Residual timer on the master session key used to address cache synchronization issues. Key durations are configurable entities on the Key server.
Implementation Status We are providing the WG with feedback from an implementation. EUSM prototype implementation in IOS close to completion. EUSM prototype implementations in Cisco AAA server (Ciscosecure ACS) and Ciscoworks applications currently in progress. So far, no implementation problems.