Network Working Group J. Galvin
Request for Comments: 1352 Trusted Information Systems, Inc.
K. McCloghrie
Hughes LAN Systems, Inc.
J. Davin
MIT Laboratory for Computer Science
July 1992
SNMP Security Protocols
Status of this Memo
This document specifies an IAB standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "IAB
Official Protocol Standards" for the standardization state and status
of this protocol. Distribution of this memo is unlimited.
Table of Contents
1. Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1 Threats . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Goals and Constraints . . . . . . . . . . . . . . . . . . . 5
2.3 Security Services . . . . . . . . . . . . . . . . . . . . . 6
2.4 Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.4.1 Message Digest Algorithm . . . . . . . . . . . . . . . . . 7
2.4.2 Symmetric Encryption Algorithm . . . . . . . . . . . . . . 8
3. SNMP Party . . . . . . . . . . . . . . . . . . . . . . . . 9
4. Digest Authentication Protocol . . . . . . . . . . . . . . . 11
4.1 Generating a Message . . . . . . . . . . . . . . . . . . . 14
4.2 Receiving a Message . . . . . . . . . . . . . . . . . . . . 15
5. Symmetric Privacy Protocol . . . . . . . . . . . . . . . . . 16
5.1 Generating a Message . . . . . . . . . . . . . . . . . . . 17
5.2 Receiving a Message . . . . . . . . . . . . . . . . . . . . 18
6. Clock and Secret Distribution . . . . . . . . . . . . . . . 19
6.1 Initial Configuration . . . . . . . . . . . . . . . . . . 20
6.2 Clock Distribution . . . . . . . . . . . . . . . . . . . . 22
6.3 Clock Synchronization . . . . . . . . . . . . . . . . . . . 24
6.4 Secret Distribution . . . . . . . . . . . . . . . . . . . . 26
6.5 Crash Recovery . . . . . . . . . . . . . . . . . . . . . . 28
7. Security Considerations . . . . . . . . . . . . . . . . . . 30
7.1 Recommended Practices . . . . . . . . . . . . . . . . . . . 30
7.2 Conformance . . . . . . . . . . . . . . . . . . . . . . . 33
7.3 Protocol Correctness . . . . . . . . . . . . . . . . . . . . 34
7.3.1 Clock Monotonicity Mechanism . . . . . . . . . . . . . . . 35
7.3.2 Data Integrity Mechanism . . . . . . . . . . . . . . . . . 36
Galvin, McCloghrie, & Davin [Page 1]
RFC 1352 SNMP Security Protocols July 1992
7.3.3 Data Origin Authentication Mechanism . . . . . . . . . . . 36
7.3.4 Restricted Administration Mechanism . . . . . . . . . . . 36
7.3.5 Ordered Delivery Mechanism . . . . . . . . . . . . . . . 37
7.3.6 Message Timeliness Mechanism . . . . . . . . . . . . . . . 38
7.3.7 Selective Clock Acceleration Mechanism . . . . . . . . . . 38
7.3.8 Confidentiality Mechanism . . . . . . . . . . . . . . . . 39
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 39
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 40
10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 41
1. Abstract
The Simple Network Management Protocol (SNMP) specification [1]
allows for the protection of network management operations by a
variety of security protocols. The SNMP administrative model
described in [2] provides a framework for securing SNMP network
management. In the context of that framework, this memo defines
protocols to support the following three security services:
o data integrity,
o data origin authentication, and
o data confidentiality.
Please send comments to the SNMP Security Developers mailing list
(snmp-sec-dev@tis.com).
2. Introduction
In the model described in [2], each SNMP party is, by definition,
associated with a single authentication protocol. The authentication
protocol provides a mechanism by which SNMP management communications
transmitted by the party may be reliably identified as having
originated from that party. The authentication protocol defined in
this memo also reliably determines that the message received is the
message that was sent.
Similarly, each SNMP party is, by definition, associated with a
single privacy protocol. The privacy protocol provides a mechanism by
which SNMP management communications transmitted to said party are
protected from disclosure. The privacy protocol in this memo
specifies that only authenticated messages may be protected from
disclosure.
These protocols are secure alternatives to the so-called "trivial"
protocol defined in [1].
Galvin, McCloghrie, & Davin [Page 2]
RFC 1352 SNMP Security Protocols July 1992
USE OF THE TRIVIAL PROTOCOL ALONE DOES NOT CONSTITUTE SECURE
NETWORK MANAGEMENT. THEREFORE, A NETWORK MANAGEMENT SYSTEM THAT
IMPLEMENTS ONLY THE TRIVIAL PROTOCOL IS NOT CONFORMANT TO THIS
SPECIFICATION.
The Digest Authentication Protocol is described in Section 4. It
provides a data integrity service by transmitting a message digest --
computed by the originator and verified by the recipient -- with each
SNMP message. The data origin authentication service is provided by
prefixing the message with a secret value known only to the
originator and recipient, prior to computing the digest. Thus, data
integrity is supported explicitly while data origin authentication is
supported implicitly in the verification of the digest.
The Symmetric Privacy Protocol is described in Section 5. It protects
messages from disclosure by encrypting their contents according to a
secret cryptographic key known only to the originator and recipient.
The additional functionality afforded by this protocol is assumed to
justify its additional computational cost.
The Digest Authentication Protocol depends on the existence of
loosely synchronized clocks between the originator and recipient of a
message. The protocol specification makes no assumptions about the
strategy by which such clocks are synchronized. Section 6.3 presents
one strategy that is particularly suited to the demands of SNMP
network management.
Both protocols described here require the sharing of secret
information between the originator of a message and its recipient.
The protocol specifications assume the existence of the necessary
secrets. The selection of such secrets and their secure distribution
to appropriate parties may be accomplished by a variety of
strategies. Section 6.4 presents one such strategy that is
particularly suited to the demands of SNMP network management.
2.1 Threats
Several of the classical threats to network protocols are applicable
to the network management problem and therefore would be applicable
to any SNMP security protocol. Other threats are not applicable to
the network management problem. This section discusses principal
threats, secondary threats, and threats which are of lesser
importance.
The principal threats against which any SNMP security protocol should
provide protection are:
Galvin, McCloghrie, & Davin [Page 3]
RFC 1352 SNMP Security Protocols July 1992
Modification of Information.
The SNMP protocol provides the means for management stations to
interrogate and to manipulate the value of objects in a managed
agent. The modification threat is the danger that some party may
alter in-transit messages generated by an authorized party in such
a way as to effect unauthorized management operations, including
falsifying the value of an object.
Masquerade.
The SNMP administrative model includes an access control model.
Access control necessarily depends on knowledge of the origin of a
message. The masquerade threat is the danger that management
operations not authorized for some party may be attempted by that
party by assuming the identity of another party that has the
appropriate authorizations.
Two secondary threats are also identified. The security protocols
defined in this memo do provide protection against:
Message Stream Modification.
The SNMP protocol is based upon connectionless transport services.
The message stream modification threat is the danger that messages
may be arbitrarily re-ordered, delayed or replayed to effect
unauthorized management operations. This threat may arise either
by the work of a malicious attacker or by the natural operation of
a subnetwork service.
Disclosure.
The disclosure threat is the danger of eavesdropping on the
exchanges between managed agents and a management station.
Protecting against this threat is mandatory when the SNMP is used
to administer private parameters on which its security is based.
Protecting against the disclosure threat may also be required as a
matter of local policy.
There are at least two threats that a SNMP security protocol need not
protect against. The security protocols defined in this memo do not
provide protection against:
Denial of Service.
A SNMP security protocol need not attempt to address the broad
range of attacks by which service to authorized parties is denied.
Indeed, such denial-of-service attacks are in many cases
indistinguishable from the type of network failures with which any
viable network management protocol must cope as a matter of
course.
Galvin, McCloghrie, & Davin [Page 4]
RFC 1352 SNMP Security Protocols July 1992
Traffic Analysis.
In addition, a SNMP security protocol need not attempt to address
traffic analysis attacks. Indeed, many traffic patterns are
predictable -- agents may be managed on a regular basis by a
relatively small number of management stations -- and therefore
there is no significant advantage afforded by protecting against
traffic analysis.
2.2 Goals and Constraints
Based on the foregoing account of threats in the SNMP network
management environment, the goals of a SNMP security protocol are
enumerated below.
1. The protocol should provide for verification that each
received SNMP message has not been modified during
its transmission through the network in such a way that
an unauthorized management operation might result.
2. The protocol should provide for verification of the
identity of the originator of each received SNMP
message.
3. The protocol should provide that the apparent time of
generation for each received SNMP message is recent.
4. The protocol should provide that the apparent time of
generation for each received SNMP message is
subsequent to that for all previously delivered messages
of similar origin.
5. The protocol should provide, when necessary, that the
contents of each received SNMP message are protected
from disclosure.
In addition to the principal goal of supporting secure network
management, the design of any SNMP security protocol is also
influenced by the following constraints:
1. When the requirements of effective management in times
of network stress are inconsistent with those of security,
the former are preferred.
2. Neither the security protocol nor its underlying security
mechanisms should depend upon the ready availability
of other network services (e.g., Network Time Protocol
(NTP) or secret/key management protocols).
Galvin, McCloghrie, & Davin [Page 5]
RFC 1352 SNMP Security Protocols July 1992
3. A security mechanism should entail no changes to the
basic SNMP network management philosophy.
2.3 Security Services
The security services necessary to support the goals of a SNMP
security protocol are as follows.
Data Integrity is the provision of the property that data
and data sequences have not been altered or destroyed
in an unauthorized manner.
Data Origin Authentication is the provision of the
property that the claimed origin of received data is
corroborated.
Data Confidentiality is the provision of the property that
information is not made available or disclosed to
unauthorized individuals, entities, or processes.
The protocols specified in this memo require both data
integrity and data origin authentication to be used at all
times. For these protocols, it is not possible to realize data
integrity without data origin authentication, nor is it possible
to realize data origin authentication without data integrity.
Further, there is no provision for data confidentiality without
both data integrity and data origin authentication.
2.4 Mechanisms
The security protocols defined in this memo employ several
types of mechanisms in order to realize the goals and security
services described above:
o In support of data integrity, a message digest algorithm
is required. A digest is calculated over an appropriate
portion of a SNMP message and included as part of the
message sent to the recipient.
o In support of data origin authentication and data
integrity, the portion of a SNMP message that is
digested is first prefixed with a secret value shared by
the originator of that message and its intended recipient.
o To protect against the threat of message reordering, a
timestamp value is included in each message generated.
A recipient evaluates the timestamp to determine if the
Galvin, McCloghrie, & Davin [Page 6]
RFC 1352 SNMP Security Protocols July 1992
message is recent and it uses the timestamp to determine
if the message is ordered relative to other messages it
has received. In conjunction with other readily available
information (e.g., the request-id), the timestamp also
indicates whether or not the message is a replay of a
previous message. This protection against the threat of
message reordering implies no protection against
unauthorized deletion or suppression of messages.
o In support of data confidentiality, a symmetric
encryption algorithm is required. An appropriate
portion of the message is encrypted prior to being
transmitted to its recipient.
The security protocols in this memo are defined independently of the
particular choice of a message digest and encryption algorithm --
owing principally to the lack of a suitable metric by which to
evaluate the security of particular algorithm choices. However, in
the interests of completeness and in order to guarantee
interoperability, Sections 2.4.1 and 2.4.2 specify particular
choices, which are considered acceptably secure as of this writing.
In the future, this memo may be updated by the publication of a memo
specifying substitute or alternate choices of algorithms, i.e., a
replacement for or addition to the sections below.
2.4.1 Message Digest Algorithm
In support of data integrity, the use of the MD5 [3] message digest
algorithm is chosen. A 128-bit digest is calculated over the
designated portion of a SNMP message and included as part of the
message sent to the recipient.
An appendix of [3] contains a C Programming Language implementation
of the algorithm. This code was written with portability being the
principal objective. Implementors may wish to optimize the
implementation with respect to the characteristics of their hardware
and software platforms.
The use of this algorithm in conjunction with the Digest
Authentication Protocol (see Section 4) is identified by the ASN.1
object identifier value md5AuthProtocol, defined in [4].
For any SNMP party for which the authentication protocol is
md5AuthProtocol, the size of its private authentication key is 16
octets.
Within an authenticated management communication generated by such a
party, the size of the authDigest component of that communication
Galvin, McCloghrie, & Davin [Page 7]
RFC 1352 SNMP Security Protocols July 1992
(see Section 4) is 16 octets.
2.4.2 Symmetric Encryption Algorithm
In support of data confidentiality, the use of the Data Encryption
Standard (DES) in the Cipher Block Chaining mode of operation is
chosen. The designated portion of a SNMP message is encrypted and
included as part of the message sent to the recipient.
Two organizations have published specifications defining the DES: the
National Institute of Standards and Technology (NIST) [5] and the
American National Standards Institute [6]. There is a companion
Modes of Operation specification for each definition (see [7] and
[8], respectively).
The NIST has published three additional documents that implementors
may find useful.
o There is a document with guidelines for implementing
and using the DES, including functional specifications
for the DES and its modes of operation [9].
o There is a specification of a validation test suite for the
DES [10]. The suite is designed to test all aspects of the
DES and is useful for pinpointing specific problems.
o There is a specification of a maintenance test for the
DES [11]. The test utilizes a minimal amount of data
and processing to test all components of the DES. It
provides a simple yes-or-no indication of correct
operation and is useful to run as part of an initialization
step, e.g., when a computer reboots.
The use of this algorithm in conjunction with the Symmetric Privacy
Protocol (see Section 5) is identified by the ASN.1 object identifier
value desPrivProtocol, defined in [4].
For any SNMP party for which the privacy protocol is desPrivProtocol,
the size of the private privacy key is 16 octets, of which the first
8 octets are a DES key and the second 8 octets are a DES
Initialization Vector. The 64-bit DES key in the first 8 octets of
the private key is a 56 bit quantity used directly by the algorithm
plus 8 parity bits -- arranged so that one parity bit is the least
significant bit of each octet. The setting of the parity bits is
ignored.
The length of the octet sequence to be encrypted by the DES must be
Galvin, McCloghrie, & Davin [Page 8]
RFC 1352 SNMP Security Protocols July 1992
an integral multiple of 8. When encrypting, the data should be padded
at the end as necessary; the actual pad value is insignificant.
If the length of the octet sequence to be decrypted is not an
integral multiple of 8 octets, the processing of the octet sequence
should be halted and an appropriate exception noted. Upon decrypting,
the padding should be ignored.
3. SNMP Party
Recall from [2] that a SNMP party is a conceptual, virtual execution
context whose operation is restricted (for security or other
purposes) to an administratively defined subset of all possible
operations of a particular SNMP protocol entity. A SNMP protocol
entity is an actual process which performs network management
operations by generating and/or responding to SNMP protocol messages
in the manner specified in [1]. Architecturally, every SNMP protocol
entity maintains a local database that represents all SNMP parties
known to it.
A SNMP party may be represented by an ASN.1 value with the following
syntax.
SnmpParty ::= SEQUENCE {
partyIdentity
OBJECT IDENTIFIER,
partyTDomain
OBJECT IDENTIFIER,
partyTAddr
OCTET STRING,
partyProxyFor
OBJECT IDENTIFIER,
partyMaxMessageSize
INTEGER,
partyAuthProtocol
OBJECT IDENTIFIER,
partyAuthClock
INTEGER,
partyAuthLastMsg
INTEGER,
partyAuthNonce
INTEGER,
partyAuthPrivate
OCTET STRING,
partyAuthPublic
OCTET STRING,
partyAuthLifetime
Galvin, McCloghrie, & Davin [Page 9]
RFC 1352 SNMP Security Protocols July 1992
INTEGER,
partyPrivProtocol
OBJECT IDENTIFIER,
partyPrivPrivate
OCTET STRING,
partyPrivPublic
OCTET STRING
}
For each SnmpParty value that represents a SNMP party, the generic
significance of each of its components is defined in [2]. For each
SNMP party that supports the generation of messages using the Digest
Authentication Protocol, additional, special significance is
attributed to certain components of that party's representation:
o Its partyAuthProtocol component is called the
authentication protocol and identifies a combination of
the Digest Authentication Protocol with a particular
digest algorithm (such as that defined in Section 2.4.1).
This combined mechanism is used to authenticate the
origin and integrity of all messages generated by the
party.
o Its partyAuthClock component is called the
authentication clock and represents a notion of the
current time that is specific to the party.
o Its partyAuthLastMsg component is called the
last-timestamp and represents a notion of time
associated with the most recent, authentic protocol
message generated by the party.
o Its partyAuthNonce component is called the nonce
and represents a monotonically increasing integer
associated with the most recent, authentic protocol
message generated by the party. The nonce associated
with a particular message distinguishes it among all
others transmitted in the same unit time interval.
o Its partyAuthPrivate component is called the private
authentication key and represents any secret value
needed to support the Digest Authentication Protocol
and associated digest algorithm.
o Its partyAuthPublic component is called the public
authentication key and represents any public value that
may be needed to support the authentication protocol.
Galvin, McCloghrie, & Davin [Page 10]
RFC 1352 SNMP Security Protocols July 1992
This component is not significant except as suggested in
Section 6.4.
o Its partyAuthLifetime component is called the
lifetime and represents an administrative upper bound
on acceptable delivery delay for protocol messages
generated by the party.
For each SNMP party that supports the receipt of messages via the
Symmetric Privacy Protocol, additional, special significance is
attributed to certain components of that party's representation:
o Its partyPrivProtocol component is called the privacy
protocol and identifies a combination of the Symmetric
Privacy Protocol with a particular encryption algorithm
(such as that defined in Section 2.4.2). This combined
mechanism is used to protect from disclosure all protocol
messages received by the party.
o Its partyPrivPrivate component is called the private
privacy key and represents any secret value needed to
support the Symmetric Privacy Protocol and associated
encryption algorithm.
o Its partyPrivPublic component is called the public
privacy key and represents any public value that may be
needed to support the privacy protocol. This component
is not significant except as suggested in Section 6.4.
4. Digest Authentication Protocol
This section describes the Digest Authentication Protocol. It
provides both for verifying the integrity of a received message
(i.e., the message received is the message sent) and for verifying
the origin of a message (i.e., the reliable identification of the
originator). The integrity of the message is protected by computing a
digest over an appropriate portion of a message. The digest is
computed by the originator of the message, transmitted with the
message, and verified by the recipient of the message.
A secret value known only to the originator and recipient of the
message is prefixed to the message prior to the digest computation.
Thus, the origin of the message is known implicitly with the
verification of the digest.
Recall from [2] that a SNMP management communication is represented
by an ASN.1 value with the following syntax.
Galvin, McCloghrie, & Davin [Page 11]
RFC 1352 SNMP Security Protocols July 1992
SnmpMgmtCom ::= [1] IMPLICIT SEQUENCE {
dstParty
OBJECT IDENTIFIER,
srcParty
OBJECT IDENTIFIER,
pdu PDUs
}
For each SnmpMgmtCom value that represents a SNMP management
communication, the following statements are true:
o Its dstParty component is called the destination and
identifies the SNMP party to which the communication
is directed.
o Its srcParty component is called the source and
identifies the SNMP party from which the
communication is originated.
o Its pdu component has the form and significance
attributed to it in [1].
Recall from [2] that a SNMP authenticated management communication is
represented by an ASN.1 value with the following syntax.
SnmpAuthMsg ::= [1] IMPLICIT SEQUENCE {
authInfo
ANY, - defined by authentication protocol
authData
SnmpMgmtCom
}
For each SnmpAuthMsg value that represents a SNMP authenticated
management communication, the following statements are true:
o Its authInfo component is called the authentication
information and represents information required in
support of the authentication protocol used by the
SNMP party originating the message. The detailed
significance of the authentication information is specific
to the authentication protocol in use; it has no effect on
the application semantics of the communication other
than its use by the authentication protocol in
determining whether the communication is authentic or
not.
Galvin, McCloghrie, & Davin [Page 12]
RFC 1352 SNMP Security Protocols July 1992
o Its authData component is called the authentication
data and represents a SNMP management
communication.
In support of the Digest Authentication Protocol, an authInfo
component is of type AuthInformation:
AuthInformation ::= [1] IMPLICIT SEQUENCE {
authTimestamp
INTEGER (0..2147483647),
authNonce
INTEGER (0..2147483647),
authDigest
OCTET STRING
}
For each AuthInformation value that represents authentication
information, the following statements are true:
o Its authTimestamp component is called the
authentication timestamp and represents the time of the
generation of the message according to the
partyAuthClock of the SNMP party that originated
it. Note that the granularity of the authentication
timestamp is 1 second.
o Its authNonce component is called the authentication
nonce and represents a non-negative integer value
evaluated according to the authTimestamp value. In
order not to limit transmission frequency of management
communications to the granularity of the authentication
timestamp, the authentication nonce is provided to
differentiate between multiple messages sent with the
same value of authTimestamp. The authentication
nonce is a monotonically increasing sequence number,
that is reset for each new authentication timestamp
value.
o Its authDigest component is called the authentication
digest and represents the digest computed over an
appropriate portion of the message, where the message is
temporarily prefixed with a secret value for the purposes
of computing the digest.
Galvin, McCloghrie, & Davin [Page 13]
RFC 1352 SNMP Security Protocols July 1992
4.1 Generating a Message
This section describes the behavior of a SNMP protocol entity when it
acts as a SNMP party for which the authentication protocol is
administratively specified as the Digest Authentication Protocol.
Insofar as the behavior of a SNMP protocol entity when transmitting
protocol messages is defined generically in [2], only those aspects
of that behavior that are specific to the Digest Authentication
Protocol are described below. In particular, this section describes
the encapsulation of a SNMP management communication into a SNMP
authenticated management communication.
According to [2], a SnmpAuthMsg value is constructed during Step 3 of
generic processing. In particular, it states the authInfo component
is constructed according to the authentication protocol identified
for the SNMP party originating the message. When the relevant
authentication protocol is the Digest Authentication Protocol, the
procedure performed by a SNMP protocol entity whenever a management
communication is to be transmitted by a SNMP party is as follows.
1. The local database is consulted to determine the
authentication clock, last-timestamp, nonce, and private
authentication key (extracted, for example, according to
the conventions defined in Section 2.4.1) of the SNMP
party originating the message.
2. The authTimestamp component is set to the retrieved
authentication clock value.
3. If the last-timestamp is equal to the authentication
clock, the nonce is incremented. Otherwise the nonce is
set to zero. The authNonce component is set to the
nonce value. In the local database, the originating
SNMP party's nonce and last-timestamp are set to the
nonce value and the authentication clock, respectively.
4. The authentication digest is temporarily set to the
private authentication key. The SnmpAuthMsg value
is serialized according to the conventions of [12] and [1].
A digest is computed over the octet sequence
representing that serialized value using, for example, the
algorithm specified in Section 2.4.1. The authDigest
component is set to the computed digest value.
As set forth in [2], the SnmpAuthMsg value is then encapsulated
according to the appropriate privacy protocol into a SnmpPrivMsg
value. This latter value is then serialized and transmitted to the
receiving SNMP party.
Galvin, McCloghrie, & Davin [Page 14]
RFC 1352 SNMP Security Protocols July 1992
4.2 Receiving a Message
This section describes the behavior of a SNMP protocol entity upon
receipt of a protocol message from a SNMP party for which the
authentication protocol is administratively specified as the Digest
Authentication Protocol. Insofar as the behavior of a SNMP protocol
entity when receiving protocol messages is defined generically in
[2], only those aspects of that behavior that are specific to the
Digest Authentication Protocol are described below.
According to [2], a SnmpAuthMsg value is evaluated during Step 9 of
generic processing. In particular, it states the SnmpAuthMsg value is
evaluated according to the authentication protocol identified for the
SNMP party that originated the message. When the relevant
authentication protocol is the Digest Authentication Protocol, the
procedure performed by a SNMP protocol entity whenever a management
communication is received by a SNMP party is as follows.
1. If the ASN.1 type of the authInfo component is not
AuthInformation, the message is evaluated as
unauthentic. Otherwise, the authTimestamp,
authNonce, and authDigest components are
extracted from the SnmpAuthMsg value.
2. The local database is consulted to determine the
authentication clock, last-timestamp, nonce, private
authentication key (extracted, for example, according to
the conventions defined in Section 2.4.1), and lifetime of
the SNMP party that originated the message.
3. If the authTimestamp component plus the lifetime is
less than the authentication clock, the message is
evaluated as unauthentic.
4. If the authTimestamp component is less than the
last-timestamp recorded for the originating party in the
local database, the message is evaluated as unauthentic.
5. If the authTimestamp component is equal to the
last-timestamp and if the authNonce component is less
than or equal to the nonce, the message is evaluated as
unauthentic.
6. The authDigest component is extracted and
temporarily recorded.
7. A new SnmpAuthMsg value is constructed such that
its authDigest component is set to the private
Galvin, McCloghrie, & Davin [Page 15]
RFC 1352 SNMP Security Protocols July 1992
authentication key and its other components are set to
the value of the corresponding components in the
received SnmpAuthMsg value. This new
SnmpAuthMsg value is serialized according to the
conventions of [12] and [1]. A digest is computed over
the octet sequence representing that serialized value
using, for example, the algorithm specified in
Section 2.4.1.
8. If the computed digest value is not equal to the
previously recorded digest value, the message is
evaluated as unauthentic.
9. The message is evaluated as authentic.
10. The last-timestamp and nonce values locally recorded
for the originating SNMP party are set to the
authTimestamp value and the authNonce value,
respectively.
11. The authentication clock value locally recorded for the
originating SNMP party is advanced to the
authTimestamp value if this latter exceeds the
recorded value.
If the SnmpAuthMsg value is evaluated as unauthentic, an
authentication failure is noted and the received message is discarded
without further processing. Otherwise, processing of the received
message continues as specified in [2].
5. Symmetric Privacy Protocol
This section describes the Symmetric Privacy Protocol. It provides
for protection from disclosure of a received message. An appropriate
portion of the message is encrypted according to a secret key known
only to the originator and recipient of the message.
This protocol assumes the underlying mechanism is a symmetric
encryption algorithm. In addition, the message to be encrypted must
be protected according to the conventions of the Digest
Authentication Protocol.
Recall from [2] that a SNMP private management communication is
represented by an ASN.1 value with the following syntax.
Galvin, McCloghrie, & Davin [Page 16]
RFC 1352 SNMP Security Protocols July 1992
SnmpPrivMsg ::= [1] IMPLICIT SEQUENCE {
privDst
OBJECT IDENTIFIER,
privData
[1] IMPLICIT OCTET STRING
}
For each SnmpPrivMsg value that represents a SNMP private management
communication, the following statements are true:
o Its privDst component is called the privacy destination
and identifies the SNMP party to which the
communication is directed.
o Its privData component is called the privacy data and
represents the (possibly encrypted) serialization
(according to the conventions of [12] and [1]) of a SNMP
authenticated management communication.
5.1 Generating a Message
This section describes the behavior of a SNMP protocol entity when it
communicates with a SNMP party for which the privacy protocol is
administratively specified as the Symmetric Privacy Protocol. Insofar
as the behavior of a SNMP protocol entity when transmitting a
protocol message is defined generically in [2], only those aspects of
that behavior that are specific to the Symmetric Privacy Protocol are
described below. In particular, this section describes the
encapsulation of a SNMP authenticated management communication into a
SNMP private management communication.
According to [2], a SnmpPrivMsg value is constructed during Step 5 of
generic processing. In particular, it states the privData component
is constructed according to the privacy protocol identified for the
SNMP party receiving the message. When the relevant privacy protocol
is the Symmetric Privacy Protocol, the procedure performed by a SNMP
protocol entity whenever a management communication is to be
transmitted by a SNMP party is as follows.
1. If the SnmpAuthMsg value is not authenticated
according to the conventions of the Digest
Authentication Protocol, the generation of the private
management communication fails according to a local
procedure, without further processing.
2. The local database is consulted to determine the private
privacy key of the SNMP party receiving the message
Galvin, McCloghrie, & Davin [Page 17]