Cryptography and Network

Security
Email security
Pretty Good Privacy(PGP)
S/MIME
 Email Security
• Email is one of the most widely used
network based application
• Since Email is used so extensively, there is
a demand for authentication and
confidentiality services
• Two schemes are popularly used to provide
the above services, they are PGP and
S/MIME
• Currently message contents of Email are
not secure
 Email Security Enhancements
• Confidentiality
– protection from disclosure
• Authentication
– of sender of message
• Message integrity
– protection from modification
• Non-repudiation of origin
– protection from denial by sender
 Pretty Good Privacy (PGP)
• Developed by Phil Zimmermann, PGP
provides confidentiality and authentication
services that can be used for Email and file
storage applications
• Phil has selected the best of already available
cryptographic algorithms as building blocks
• Then, integrated these algorithms into a single
application program that is independent of OS
• Originally it was free, but now commercial
versions are also available
PGP Operation – Authentication
1. The sender creates a message
2. SHA-1 is used to generate a 160-bit hash code
of message
3. The hash code is encrypted with RSA using the
sender's private key, and result is prepended to
the message
4. The receiver uses RSA with sender's public key
to decrypt and recover hash code
5. The receiver generates new hash code for
message and compares it with the decrypted
hash code, if they both match, message is
accepted as authentic
• The combination of SHA-1 and RSA provides an
effective digital signature scheme
 PGP Operation – Confidentiality
• Another basic service provided by PGP is
confidentiality
1. sender generates message and a random 128-bit
number to be used as a session key for this
message only
2. The message is encrypted, using CAST-128 / IDEA
/ 3DES with the above session key
3. The session key is now encrypted using RSA with
recipient's public key, then attached to the message
4. Receiver uses RSA with his/her private key to
decrypt and recover session key
5. Finally, session key is used to decrypt the message
PGP Operation – Confidentiality &
Authentication
• Uses both services on the same message
– Creates signature & attaches to the message
– Encrypts both message & signature
– Attach RSA encrypted session key to the
message. As shown in fig. next slide
PGP Operation – Confidentiality,
Authentication and Both
 PGP Operation – Compression
• By default, PGP compresses message after
applying the signature but before encrypting.
Two reasons for this are:
– It is preferable to sign an uncompressed
message so that one can store only the
uncompressed message together with the
signature for future verification
– Message encryption is applied after compression
to strengthen cryptographic security
• The compression algorithm used is ZIP
 PGP Operation – Email
Compatibility
• When using PGP, we will have binary data to
send (encrypted message etc), which is a
stream of 8-bit octets
• However email was designed only for ASCII text
• So, PGP must encode raw binary data (8-bit
octets) into printable ASCII characters
• For this, PGP uses radix-64 algorithm
– The algorithm maps 3 bytes to 4 printable chars
– It also appends a CRC to identify transmission
errors
• PGP also segments messages if they are too
big
PGP Operation – Summary
 PGP Keys and key Rings
PGP makes use of four types of keys
• One-time session symmetric keys
• Public keys
• Private keys
• Paraphrase based symmetric keys
 PGP Session Keys
• Each session key is associated with a single
message and is used only for the purpose of
encrypting and decrypting that message
– Key is of varying sizes: Key is 56-bit if DES is
used, 128-bit key for CAST or IDEA, 168-bit key
for Triple-DES
• Let us assume that CAST-128 is being used
• So, randomly 128 bit numbers are generated
by using CAST-128, which will be used as
session keys to encrypt messages
 PGP Public & Private Keys
• Since many public/private keys may be in use,
the receiver needs to identify which public key of
the recipient is actually used by the sender to
encrypt session key sent in the message
– For this, the sender could send full public-key
used along with every message
– but this is inefficient and space is wasted
• So, a key identifier is given for each key
– Which is, the least significant 64-bits of the key is
sent along with the message
– This will very likely be unique
• The key ID is also required for PGP digital
signature
PGP Message Format
 PGP Key Rings
• Each PGP user has a pair of keyrings:
– public-key ring contains all the public-keys of
other PGP users known to this user, indexed
by key ID
– private-key ring contains the public/private
key pair(s) for this user, indexed by key ID &
encrypted by a key generated from a hashed
passphrase
 PGP Key Management
• Rather than relying on certificate authorities,
in PGP every user is a own CA
– Sender can sign keys for users they know
directly
• Thus the users form a “web of trust”
– Each user should trust the keys that have been
signed
– User can trust keys others have signed if they
have a chain of signatures to them
• The key ring also includes trust indicators
• PGP users can also revoke their keys
 S/MIME (Secure/Multipurpose
Internet Mail Extensions)
• S/MIME is a security enhancement to MIME
internet e-mail
– The original Internet RFC822 format of email
was text only
– MIME provides support for varying content
types and multi-part messages, with encoding
of binary data to textual form
– S/MIME also added security enhancements
• S/MIME supports various modern mail
agents like MS Outlook, Netscape etc.
 S/MIME Functions
• In general, S/MIME is very similar to PGP.
The functions of S/MIME include:
• Enveloped data
– This consists of encrypted content of any type of
message and the keys used for encryption
• Signed data
– A digital signature is formed by taking the
message digest of the content and then
encrypting it with private key of the sender. The
message plus signature are together encoded
and the recipients only with S/MIME can view the
message contents
 S/MIME Functions
• Clear-signed data
– Similar to signed data, the digital signature is
formed. But only the digital signature is encoded
and the message contents are not encoded. So
any recipient without S/MIME can also view the
message contents
• Signed & enveloped data
– Nesting of signed & encrypted entities. i.e. the
encrypted data may be signed or the signed data
may be encrypted
 S/MIME Cryptographic Algorithms
• The following algorithms are used in
S/MIME:
• Hash functions: SHA-1 & MD5
• Digital signatures: DSS & RSA
• Session key encryption: ElGamal & RSA
• Message encryption: Triple-DES, RC2/40
and some others
• It has a procedure to decide which
algorithms should be used
 S/MIME Certificate Processing
• S/MIME uses X.509 v3 certificates
• It is managed using a hybrid of a strict
X.509 CA hierarchy & PGP’s web of trust
• Each S/MIME client has a list of trusted
CA’s certificates
• Each user also owns public/private key
pairs & certificates
• The certificates must be signed by trusted
CA’s
 Summary
• We have considered:
– E-mail security
– PGP
– S/MIME
Cryptography and Network
Security
IP Security
 IP Security
• We have already considered some
application specific security mechanisms
– Eg. S/MIME, PGP, Kerberos
• However there are always some security
concerns that cut across protocol layers
• One would like the security to be
implemented by the network for all
applications
 IPSec Overview
• In general IP Security mechanisms include
providing
– Authentication
– Confidentiality
– Key management
• So, IPSec is applicable to use over LANs,
across public & private WANs & for the
Internet, Its uses include:
– Secure branch office connectivity over the internet
– Secure remote access over the internet
– Enhancing E-commerce security
An IPSec Scenario
 Benefits of IPSec
• When IPSec is implemented in a firewall /
router, then it provides strong security to all
traffic crossing the perimeter
• IPSec in a firewall is resistant to bypass,
since the firewall is the only entry/exit point
for the entire data of that organization
• IPSec is below transport layer, hence it is
transparent to applications
• IPSec can be transparent to end users
• IPSec can also provide security for individual
users if desired
 IP Security Architecture
• The specification of IPSec is quite complex. It has been
defined in numerous RFC’s
– like RFC 2401/2402/2406/2408
• It is mandatory in IPv6 and optional in IPv4
• IPSec architecture uses two protocols to secure the traffic
or data flow. These protocols are ESP (Encapsulation
Security Payload) and AH (Authentication Header).
• IPSec Architecture includes protocols, algorithms, DOI
(Domain of Interpretation), and Key Management (shown in
fig. next slide). All these components are very important in
order to provide the three main services:
• Confidentiality
• Authentication
• Integrity
IP Security Architecture
 IP Security Architecture
1. Architecture:
Architecture or IP Security Architecture covers the
general concepts, definitions, protocols, algorithms
and security requirements of IP Security technology.
2. ESP Protocol:
ESP(Encapsulation Security Payload) provides the
confidentiality service. Encapsulation Security
Payload is implemented in either of the two ways:
ESP with optional Authentication.
ESP with Authentication.
 IP Security Architecture
• Packet Format:
 IP Security Architecture
• Security Parameter Index(SPI):
This parameter is used in Security Association. It is used
to give a unique number to the connection build between
Client and Server.
• Sequence Number:
Unique Sequence numbers are allotted to every packet so
that at the receiver side packets can be arranged
properly.
• Payload Data:
Payload data means the actual data or the actual
message. The Payload data is in encrypted format to
achieve confidentiality.
 IP Security Architecture
• Padding:
Extra bits or space added to the original message in
order to ensure confidentiality. Padding length is the
size of the added bits or space in the original
message.
• Next Header:
Next header means the next payload or next actual
data.
• Authentication Data
This field is optional in ESP protocol packet format.
 IP Security Architecture
3. Encryption algorithm:
Encryption algorithm is the document that describes various
encryption algorithms used for Encapsulation of Security
Payload.
4. AH Protocol:
AH (Authentication Header) Protocol provides both
Authentication and Integrity service. Authentication Header is
implemented in one way only
 IP Security Architecture
5. Authentication Algorithm:
Authentication Algorithm contains the set of the
documents that describe authentication algorithms
used for AH and for the authentication option of ESP.
6. DOI (Domain of Interpretation):
DOI is the identifier which supports both AH and ESP
protocols. It contains values needed for
documentation related to each other.
7. Key Management:
Key Management contains the document that
describes how the keys are exchanged between
sender and receiver
 IPSec Services
IPSec provides security at the IP layer by
enabling the system to select required
security protocols etc. The services include
• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets
– a form of partial sequence integrity
• Confidentiality (encryption)
• Limited traffic flow confidentiality
 Security Associations (SA)
• The SA is a one-way relationship between
sender & receiver that affords security
services for traffic flow
• It is defined by 3 parameters:
– Security Parameters Index (SPI)
– IP Destination Address
– Security Protocol Identifier
• It has a number of other parameters like
– Seq no, AH & EH info, lifetime etc
 Combining Security Associations
• An individual SA can implement either the
AH or ESP protocol but not both
• Sometimes a particular traffic flow will call
for services provided by both AH and ESP
• To implement both, SA’s need to be
bundled, called as the security association
bundle
 Key Management
• The key management portion of IPSec handles
generation & distribution of secret keys
• IPSec typically needs 2 pairs of keys
– 2 keys (one pair) per direction for AH & ESP
• IPSec document mandates support for two types of
key management, they are:
• Manual key management:
– System admin manually configures every system
with its own keys. This is practical for small
environments
• Automated key management:
– An automated system enables the on demand
creation of keys for SA’s in large systems
– The default automated key management protocol
for IPSec is referred as Oakley & ISAKMP
 Oakley
• It is a key exchange protocol based on
Diffie-Hellman key exchange
• It adds features to address weaknesses of
Diffie-Hellman protocol
– cookies, groups (global params), nonces, DH
key exchange with authentication
• This protocol uses arithmetic in prime
fields or elliptic curve fields
 ISAKMP
• ISAKMP stands for Internet Security
Association and Key Management Protocol
• It provides framework for key management
• This protocol defines procedures and
packet formats to establish, negotiate,
modify, & delete SAs
• It is independent of key exchange protocol,
encryption algorithm & authentication
method
ISAKMP
 Summary
• We have considered:
– IPSec security framework
– AH
– ESP
– Key management & Oakley/ISAKMP
Network Management
Security

Henric Johnson 1
 Outline
• Basic Concepts of SNMP
• SNMPv1 Community Facility
• SNMPv3
• Recommended Reading and WEB Sites

Henric Johnson 2
 Basic Concepts of SNMP
• An integrated collection of tools for
network monitoring and control.
– Single operator interface
– Minimal amount of separate equipment.
Software and network communications
capability built into the existing equipment
• SNMP key elements:
– Management station
– Managament agent
– Management information base
– Network Management protocol
• Get, Set and Notify
Henric Johnson 3
Protocol context of SNMP

Henric Johnson 4
Proxy Configuration

Henric Johnson 5
Henric Johnson 6
 SNMP v1 and v2
• Trap – an unsolicited message
(reporting an alarm condition)
• SNMPv1 is ”connectionless” since it
utilizes UDP (rather than TCP) as the
transport layer protocol.
• SNMPv2 allows the use of TCP for
”reliable, connection-oriented”
service.

Henric Johnson 7
 Comparison of SNMPv1 and SNMPv2
SNMPv1 PDU SNMPv2 PDU Direction Description
GetRequest GetRequest Manager to agent Request value for
each listed object
GetRequest GetRequest Manager to agent Request next value
for each listed
object
------ GetBulkRequest Manager to agent Request multiple
values
SetRequest SetRequest Manager to agent Set value for each
listed object
------ InformRequest Manager to Transmit
manager unsolicited
information
GetResponse Response Agent to manager Respond to
or Manage to manager request
manager(SNMPv2)
Trap SNMPv2-Trap Agent to manager Transmit
Henric Johnson unsolicited 8
information
SNMPv1 Community Facility
• SNMP Community – Relationship
between an SNMP agent and SNMP
managers.
• Three aspect of agent control:
– Authentication service
– Access policy
– Proxy service

Henric Johnson 9
SNMPv1 Administrative
Concepts

Henric Johnson 10
 SNMPv3
• SNMPv3 defines a security capability
to be used in conjunction with SNMPv1
or v2

Henric Johnson 11
SNMPv3 Flow

Henric Johnson 12
Traditional SNMP Manager

Henric Johnson 13
Traditional SNMP Agent

Henric Johnson 14
SNMP3 Message Format
with USM

Henric Johnson 15
User Security Model (USM)
• Designed to secure against:
– Modification of information
– Masquerade
– Message stream modification
– Disclosure
• Not intended to secure against:
– Denial of Service (DoS attack)
– Traffic analysis

Henric Johnson 16
Key Localization Process

Henric Johnson 17
View-Based Access Control
Model (VACM)
• VACM has two characteristics:
– Determines wheter access to a managed
object should be allowed.
– Make use of an MIB that:
• Defines the access control policy for this
agent.
• Makes it possible for remote configuration
to be used.

Henric Johnson 18
Access control decision

Henric Johnson 19
Recommended Reading and
WEB Sites
• Subramanian, Mani. Network
Management. Addison-Wesley, 2000
• Stallings, W. SNMP, SNMPv1,
SNMPv3 and RMON 1 and 2. Addison-
Wesley, 1999
• IETF SNMPv3 working group (Web
sites)
• SNMPv3 Web sites
Henric Johnson 20
Cryptography and Network
Security
Web Security
SSL, TLS
SET
 Web Security
• World Wide Web is now the most widely
used by individuals, businesses and
government,
• But Internet & Web are vulnerable to attacks
• There could be a variety of threats like:
– integrity
– confidentiality
– denial of service
– authentication
• Hence we need enhanced security
mechanisms over the internet and web
 Relative location of security
facilities in TCP/IP Protocol stack
 SSL (Secure Socket Layer)
• It is a transport layer security service
• Originally it was developed by Netscape
• version 3 was designed with public and industry
inputs
• Later it became an Internet standard known as TLS
(Transport Layer Security)
• The first published version of TLS can be viewed as
SSLv3
• It uses TCP to provide a reliable end-to-end service
• SSL has two layers of protocols as shown in the fig.
next slide
SSL Architecture
 SSL Architecture
• The two important concepts of SSL are SSL session
and SSL connection
• SSL connection:
– A transient, peer-to-peer, communication link
– Every connection is associated with one SSL
session
• SSL session:
– A session is an association between client &
server
– Sessions are created by the Handshake Protocol
– Sessions define a set of cryptographic parameters
which can be shared by multiple SSL connections
 SSL Record Protocol
• The SSL record protocol provides two
services for SSL connections:
• confidentiality
– Achieved by using symmetric encryption with a
shared secret key defined by Handshake
Protocol
– Algorithms can be IDEA, RC2-40, DES-40,
DES, 3DES, Fortezza, RC4-40, RC4-128
– And message is compressed before encryption
• message integrity
– Achieved by using MAC with shared secret key
– It is similar to HMAC but with different padding
SSL Record Protocol
 SSL Change Cipher Spec Protocol
• It is one of three SSL specific protocols which
use the SSL Record protocol
• This protocol consists of a single message
which consists of a single byte with the value
1 in it
• The sole purpose of this protocol is to change
the pending state to become current state
• And hence updates the cipher suite in use
 SSL Alert Protocol
• It is used to convey SSL-related alerts to peer
entity
• It specifies the severity level like:
• warning or fatal
• It can also convey a specific alert like:
• unexpected message, bad record mac, decompression failure,
handshake failure, illegal parameter
• close notify, no certificate, bad certificate, unsupported
certificate, certificate revoked, certificate expired, certificate
unknown
• Alert messages are compressed & encrypted like
all other SSL data
 SSL Handshake Protocol
• The most complex part of SSL is the handshake
protocol
• This protocol allows the server & client to:
– Authenticate each other
– Negotiate encryption & MAC algorithms
– Negotiate cryptographic keys to be used
• This protocol comprises of a series of messages
exchanged by client and server in several phases.
the phases (fig. next slde) include:
– Establish Security Capabilities
– Server Authentication and Key Exchange
– Client Authentication and Key Exchange
– Finish
SSL Handshake Protocol
SSL Protocols
TLS (Transport Layer Security)
• TLS is an IETF standard RFC 2246 similar
to SSLv3
• But with minor differences like:
– Version number
– It uses HMAC for MAC
– Uses pseudo-random function to expand
secrets into blocks of data for the purpose of
key generation and validation
– TLS has additional alert codes
– It has some changes in supported ciphers
– It has changes in certificate negotiations
– TLS has changes in use of padding
 Secure Electronic Transactions
(SET)
• SET is an open encryption & security specification
designed to protect Internet credit card transactions
• Developed in 1996 by Mastercard, Visa etc
• SET is not a payment system rather it is a set of
protocols and formats that allows the users to
employ existing credit card payment infrastructure
on an open network
– Secures communication amongst all parties
– Provides trust by using X.509v3 certificates
– Provides privacy by restricting the information to
only those who are performing transaction
 SET Requirements

• Provide confidentiality for payment and

ordering information
• Ensure the integrity of all transmitted data
• Provide authentication that the card holder is
a legitimate user of the credit card
• Provide authentication that the merchant can
accept a credit card transaction
• Ensure the use of best security practices and
system design techniques
 SET Participants
• The SET participants (shown in figure next slide) include:
• Cardholder: An authorized holder of payment card that
has been issued by an issuer
• Merchant: a person or organization that has goods or
services to sell them to cardholder
• Issuer: A financial institution like banks etc. that provides
a card to the cardholder
• Acquirer: A financial institution that establishes an
account with the merchant and processes the card
authorizations and payments
• Payment Gateway: A function operated by acquirer or a
third party that processes merchant payments
• Certification authority: Issues public key certificates to
cardholders, merchants and payment gateways
SET Components
 SET Transaction
1. The customer opens a credit card account
2. After suitable verification of identity, the customer
receives an X.509 certificate
3. The merchants have their own certificates: they should
posses two certificates, one for signing and one for key
exchange
4. The customer places an order by browsing the merchants
website or by some other means
5. The merchant is verified: the merchant sends a certificate
to the user to verify the authenticity of the merchant
6. The order and payment information are sent by user to
the merchant
7. The merchant requests payment authorization by sending
the information to the payment gateway
8. The merchant confirms the order to the customer
9. The merchant provides goods or service (shipping)
10. The merchant requests payment to the payment gateway
 Dual Signature
• Before looking at the details of SET, first let us understand
and important concept of SET called dual signature.
• The purpose of the dual signature is to link two messages
that are intended for two different recipients as follows.
• The customer creates dual messages by sending the
order information (OI) for merchant and the payment
information (PI) for bank
• Neither merchant needs credit card number of customer
nor bank needs the order information
• But these two should be linked in a way to resolve
disputes, if any
• The SET concept uses a dual signature for this purpose,
which is a signed concatenated hashes of OI & PI as
shown: DS = E(PRC, [H (H(PI) || H(OI)] )
 SET Payment Processing
• The three main steps/transactions of SET
payment processing include

1. Purchase Request
2. Payment Authorization
3. Payment Capture
 Purchase Request – Customer
• Before the purchase request exchange begins, the
cardholder has completed browsing, selecting and
ordering. All this happens without the use of SET
• The purchase request exchange consists of four
messages: Initiate request, Initiate response, Purchase
request and Purchase response
• The customer requests the certificates of the merchant
and payment gateway by using Initiate request
message. The message also consists of an ID assigned
to the request/response pair and a nonce
• The Initiate response message includes the merchants
signature certificate and the payment gateway’s key
exchange certificate
 Purchase Request – Customer
• The Cardholder verifies the merchant’s and gateway’s
certificates by means of their respective CA signatures and
then creates the OI and PI
• The transaction ID assigned by the merchant is placed in
both the OI and PI
• Next the cardholder prepares a purchase request message
(see fig. next slide) and a one-time symmetric key, KS.
• This message includes:
1. The purchase related information like, PI, dual signature
calculated over PI and OI, which is signed with customers
private key, the OI message digest and the digital envelope
2. The Order related information like, OI, dual signature, the
PIMD and digital envelope
3. The cardholder’s certificate
Purchase Request – Customer
 Purchase Request and Response – Merchant
1. Merchant verifies cardholder certificates using CA
signatures
2. Verifies dual signature using customer's public
signature key to ensure order has not been tampered
with in transit & that it was signed using cardholder's
private signature key
3. Processes the order and forwards the payment
information to the payment gateway for authorization
(described later)
4. Sends a purchase response to cardholder
5. Finally generates a purchase response message
which includes a response block that acknowledges
the order and references the corresponding
transaction number
Purchase Request – Merchant
 Payment Gateway Authorization
• The merchant sends an Authorization request message to the
payment gateway, which consists of purchase related
information, authorization related information and certificates
of cardholder and merchant. The payment gateway performs
the following tasks
1. Verifies all certificates
2. Decrypts digital envelope of authorization block to obtain
symmetric key & then decrypts authorization block
3. Verifies merchant's signature on authorization block
4. Decrypts digital envelope of payment block to obtain
symmetric key & then decrypts payment block
5. Verifies dual signature on payment block
6. Verifies that transaction ID received from merchant matches
that in PI received (indirectly) from customer
7. Requests & receives an authorization from issuer
8. Sends authorization response back to merchant
 Payment Capture
• The merchant sends payment gateway a
payment capture request
• The payment gateway checks the request
• The gateway, then causes funds to be
transferred to merchants account
• Finally the gateway notifies merchant
using capture response
 Summary
• We have considered:
– The need for web security
– SSL/TLS transport layer security protocols
– SET secure credit card payment protocols
Network Management
Security

Henric Johnson 1
 Outline
• Basic Concepts of SNMP
• SNMPv1 Community Facility
• SNMPv3
• Recommended Reading and WEB Sites

Henric Johnson 2
 Basic Concepts of SNMP
• An integrated collection of tools for
network monitoring and control.
– Single operator interface
– Minimal amount of separate equipment.
Software and network communications
capability built into the existing equipment
• SNMP key elements:
– Management station
– Managament agent
– Management information base
– Network Management protocol
• Get, Set and Notify
Henric Johnson 3
Protocol context of SNMP

Henric Johnson 4
Proxy Configuration

Henric Johnson 5
Henric Johnson 6
 SNMP v1 and v2
• Trap – an unsolicited message
(reporting an alarm condition)
• SNMPv1 is ”connectionless” since it
utilizes UDP (rather than TCP) as the
transport layer protocol.
• SNMPv2 allows the use of TCP for
”reliable, connection-oriented”
service.

Henric Johnson 7
 Comparison of SNMPv1 and SNMPv2
SNMPv1 PDU SNMPv2 PDU Direction Description
GetRequest GetRequest Manager to agent Request value for
each listed object
GetRequest GetRequest Manager to agent Request next value
for each listed
object
------ GetBulkRequest Manager to agent Request multiple
values
SetRequest SetRequest Manager to agent Set value for each
listed object
------ InformRequest Manager to Transmit
manager unsolicited
information
GetResponse Response Agent to manager Respond to
or Manage to manager request
manager(SNMPv2)
Trap SNMPv2-Trap Agent to manager Transmit
Henric Johnson unsolicited 8
information
SNMPv1 Community Facility
• SNMP Community – Relationship
between an SNMP agent and SNMP
managers.
• Three aspect of agent control:
– Authentication service
– Access policy
– Proxy service

Henric Johnson 9
SNMPv1 Administrative
Concepts

Henric Johnson 10
 SNMPv3
• SNMPv3 defines a security capability
to be used in conjunction with SNMPv1
or v2

Henric Johnson 11
SNMPv3 Flow

Henric Johnson 12
Traditional SNMP Manager

Henric Johnson 13
Traditional SNMP Agent

Henric Johnson 14
SNMP3 Message Format
with USM

Henric Johnson 15
User Security Model (USM)
• Designed to secure against:
– Modification of information
– Masquerade
– Message stream modification
– Disclosure
• Not intended to secure against:
– Denial of Service (DoS attack)
– Traffic analysis

Henric Johnson 16
Key Localization Process

Henric Johnson 17
View-Based Access Control
Model (VACM)
• VACM has two characteristics:
– Determines wheter access to a managed
object should be allowed.
– Make use of an MIB that:
• Defines the access control policy for this
agent.
• Makes it possible for remote configuration
to be used.

Henric Johnson 18
Access control decision

Henric Johnson 19
Recommended Reading and
WEB Sites
• Subramanian, Mani. Network
Management. Addison-Wesley, 2000
• Stallings, W. SNMP, SNMPv1,
SNMPv3 and RMON 1 and 2. Addison-
Wesley, 1999
• IETF SNMPv3 working group (Web
sites)
• SNMPv3 Web sites
Henric Johnson 20