SBSM BOF SessionBased Security Model for SNMPv3

1
SBSM BOFSession-Based Security Model for SNMPv3

• Wes Hardaker David T. Perkins
• November 12, 2003
• (draft-hardaker-snmp-sbsm-00.txt)

2
Agenda

• Blue Sheets Minutes Wes 2.5 min
• Agenda Bashing Wes 2.5 min
• Solution Space David P. 25 min
• Space Discussion 25 min
• Current SBSM proposal Wes 25 min
• Proposal Discussion 25 min
• Charter Proposal ? 15 min

3
SBSM Protocol Proposal

• Current draft
• draft-hardaker-snmp-sbsm-00.txt
• -01 Update expected by January
• Creates a session between two points
• Meets all requirements described in David's
  presentation

4
SBSM Protocol Details

• Works over any transport (UDP/TCP/...)
• Requires no modifications to other SNMPv3
  components
• apps, MP, Dispatcher, VACM, ...
• Requires no new SNMP PDU types
• All security and parameter negotiation is
  application invisible

5
SBSM Protocol Security

• Supports multiple types of identification
• Reuses existing infrastructure
• Identities are protected from sniffers
• Initiator identity's protected from active
  identity discovery attacks
• Protects against replay entirely
• Retries will resend the exact same response
• Protects against reordering to a configurable
  level

6
SBSM Protocol Security

• Based on the SIGMA key-exchange protocol.
• Uses a Diffie-Helman exchange
• A proven secure protocol
• Also used in the widely deployed IKE protocol
• All negotiation is signed appropriately.
• Uses existing SNMPv3 security algorithms for
  message authentication and encryption
• SHA1/MD5 DES/AES

7
SBSM Protocol

• Protocol divided into 3 phases
• Initialization
• Running
• Closing (Not in -00)
• All SBSM messages encapsulated into the SNMPv3
  security parameters field.
• Initialization PDUs sent are GET/REPORT PDUs, but
  the application never sees them.
• Similar to EngineID discovery today

8
Session State Information

• Status (initializing, running, closed)
• Remote identity type and name
• Remote EngineID
• Anti-replay support parameters
• Authentication Encryption parameters
• Algorithms, incoming/outgoing keys, algorthim
  specific parameters
• Session parameters
• Numeric identifiers, start time, max length
• Additional implementation specific parameters

9
Session Message Flow
SNMP App
SBSM Initiator
SNMP App
SBSM Responder
Traffic protected by SBSM
...
Not in the -00 draft
Note Other SNMPv3 components (MP, etc) not
shown but exist where expected
10
Initialization

• Establishes a session between an initiator and
  a responder
• Negotiates needed parameters
• Based on 5 SBSM security model message types
• Init1
• Init2
• Init3
• Running (ack init3) (not in -00)
• Error (not in -00)

11
Initialization Overview

• Negotiate authentication encryption
• Algorithms
• Keys
• Negotiate accepted identity types
• Exchange and verify encrypted identities
• Exchange engineIDs
• Negotiate session operational parameters

12
Initialization

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Session

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Session

• All messages are security-model messages and
  application invisible.
• (PDUs sent are empty GET and REPORT PDUs)
• The final running message is used as an ACK and
  isn't in -00
• Some messages may need repeating for
  challenge/response, etc...

13
Initialization

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Session

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Session
• Auth Type
• Encr Type
• DH - keys

Initiator Sess Id Diffie-Helman ½ Auth
Proposals Encr Proposals Accepted ID Types

• Responder chooses Authentication and Encryption
  types from the proposed lists.
• Responder completes Diffie-Helman and derives
  keys
• Responder returns its identity

14
Initialization

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Identity
• EngineID
• Session
• Auth Type
• Encr Type
• DH - keys
• Window

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Session
• Auth Type
• Encr Type
• DH - keys

Responder Sess Id Diffie-Helman ½ Auth
Algorthim Encr Algorthim Accepted ID
Types EngineID Identity Identity
Proof Anti-replay Window

• Initiator completes diffie-helman and derives
  keys
• Responder's identity and EngineID are decrypted
• Responder's identity is checked

15
Initialization

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Identity
• EngineID
• Session
• Auth Type
• Encr Type
• DH - keys
• Window

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Identity
• EngineID
• Session
• Auth Type
• Encr Type
• DH - keys
• Window

Window Size EngineID Identity Identity Proof

• Responder decrypts and verifies initiator's
  identity, engineID
• Responder returns 1st Running message as an
  acknowledgement

16
Identification

• Identification of both sides
• Extensible identification system
• Identification mechanisms must
• Resolve an identity to a name (for VACM)
• Provide identity field content format
• Provide a signature mechanism for identity proof.
• A numeric security model assignment
• It is trivial to define new mechanisms
• (3-4 pages max)

17
Identification

• Currently defined
• Certificate-based
• Local accounts
• Next
• EAP or SASL
• Binds to other mechanisms like RADIUS, etc
• SSH public/private keys
• kerberos
• ??? based on Feedback ???

18
Running

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Identity
• EngineID
• Session
• Auth Type
• Encr Type
• DH - keys
• Window

• Self
• Identities
• ID Types
• Auth Types
• Encr Types
• EngineID
• Them
• Identity
• EngineID
• Session
• Auth Type
• Encr Type
• DH - keys
• Window

To-identifier Sequence Auth parameters Encr
parameters ...
19
Running

• Protects messages sent under the session
• Bi-directional either side can send whatever
• authNoPriv and authPriv allowed
• (noAuthNoPriv MUST NOT be used)
• Running parameters consist of (only)
• Identifier
• Sequence Number
• Authentication parameters
• Encryption parameters

20
Closing a session

• Not in -00, should be in -01
• Either side can close a session.
• Local policy dictates session lifetime
• Application closes session
• Security critical memory contents cleared.

21
Discussion
Radius
Certificates
Local Accounts
Kerberos

• Feedback on useful
• identity types needed
• Other questions?

SSH
22
Identification Schemes
Local DB

• Used for
• Current USM model
• Local Accounts
• SSH Identities

23
Identification Schemes

• Used for
• Radius
• Tacsplus

24
Identification Schemes

• Used for
• Kerberos

25
Identification Schemes

• Used for
• PKI deployments (CA use is optional on both
  sides)

26
VACM interaction
From Network
Security model SBSM Security model Identity
security model