A network management system contains: several (potentially
many) nodes, each with a processing entity, termed an agent,
which has access to management instrumentation; at least one
management station; and, a management protocol, used to convey
management information between the agents and management
stations. Operations of the protocol are carried out under an
administrative framework which defines both authentication and
authorization policies.
Network management stations execute management applications
which monitor and control network elements. Network elements
are devices such as hosts, routers, terminal servers, etc.,
which are monitored and controlled through access to their
management information.
In the Administrative Model for SNMPv2 document [1], each
SNMPv2 party is, by definition, associated with a single
authentication protocol and a single privacy protocol. It is
the purpose of this document, Security Protocols for SNMPv2,
to define one such authentication and one such privacy
protocol.
The authentication protocol provides a mechanism by which
SNMPv2 management communications transmitted by the party may
be reliably identified as having originated from that party.
The authentication protocol defined in this memo also reliably
determines that the message received is the message that was
sent.
The privacy protocol provides a mechanism by which SNMPv2
management communications transmitted to said party are
protected from disclosure. The privacy protocol in this memo
specifies that only authenticated messages may be protected
from disclosure.
These protocols are secure alternatives to the so-called
"trivial" protocol defined in [2].
USE OF THE TRIVIAL PROTOCOL ALONE DOES NOT CONSTITUTE
SECURE NETWORK MANAGEMENT. THEREFORE, A NETWORK
MANAGEMENT SYSTEM THAT IMPLEMENTS ONLY THE TRIVIAL
PROTOCOL IS NOT CONFORMANT TO THIS SPECIFICATION.
The Digest Authentication Protocol is described in Section 3.
It provides a data integrity service by transmitting a message
digest - computed by the originator and verified by the
recipient - with each SNMPv2 message. The data origin
authentication service is provided by prefixing the message
with a secret value known only to the originator and
recipient, prior to computing the digest. Thus, data
integrity is supported explicitly while data origin
authentication is supported implicitly in the verification of
the digest.
The Symmetric Privacy Protocol is described in Section 4. It
protects messages from disclosure by encrypting their contents
according to a secret cryptographic key known only to the
originator and recipient. The additional functionality
afforded by this protocol is assumed to justify its additional
computational cost.
The Digest Authentication Protocol depends on the existence of
loosely synchronized clocks between the originator and
recipient of a message. The protocol specification makes no
assumptions about the strategy by which such clocks are
synchronized. Section 5.3 presents one strategy that is
particularly suited to the demands of SNMP network management.
Both protocols described here require the sharing of secret
information between the originator of a message and its
recipient. The protocol specifications assume the existence
of the necessary secrets. The selection of such secrets and
their secure distribution to appropriate parties may be
accomplished by a variety of strategies. Section 5.4 presents
one such strategy that is particularly suited to the demands
of SNMP network management.
