RFC 2274 defines the user-based security model (USM) for SNMPv3. This specification encompasses:
Authentication: Provides data integrity and data origin authentication. The message authentication code HMAC, with either the hash function MD5 or SHA1 provides authentication.
Timeliness: Protects against message delay or replay.
Privacy: Protects against disclosure of message payload. The cipher block chaining (CBC) mode of DES is used for encryption.
Message format: Defines format of msgSecurityParameters field, which sup-ports the functions of authentication, timeliness, and privacy.
Discovery: Defines procedures by which one SNMP engine obtains information about another SNMP engine.
Key management: Defines procedures for key generation, update, and use.
USM Security Parameters:
UsmSecurityParameters that specifies the internal format of the msgSecurityParameters field in SNMPv3 message.
Authoritative SNMP Engine:
In any message transmission, one of the two entities, transmitter or receiver; is designated as the authoritative SNMP engine, according to the following rules.
When an SNMP message contains a payload which expects a response, then the receiver of such messages is authoritative.
When an SNMP message contains a payload which does not expect a response (for example an SNMPv2-Trap, Response, or Report PDU), then the sender of such a message is authoritative.
Thus, for messages sent on behalf of a Command Generator and for Inform messages from a Notification Originator, the receiver is authoritative.
The field msgSecurityParameters in SNMPv3 messages has a data type of octet string. Its value is the BER serialization of the following ASN.1 sequence:
Fig: User Security model security parameters definition
This designation serves two purposes. The first one is,
The timeliness of a message is determined with respect to a clock maintained by the authoritative engine.
When an authoritative engine sends a message (Trap, Response, Report), it contains the current value of its clock, so that the non authoritative recipient can synchronize on that clock.
When a non authoritative engine sends a message (Get, GetNext, GetBulk, Set, Inform), it includes its current estimate of the time value at the destination, allowing the destination to assess the message's timeliness.
The second one is,
A key localization process, described later, enables a single principal to own keys stored in multiple engines; these keys are localized to the authoritative engine in such a way that the principal is responsible for a single key but avoids the security risk of storing multiple copies of the same key in a distributed network.
It makes sense to designate the receiver of Command Generator and Inform PDUs as the authoritative engine, and therefore the possessor of the authoritative clock in an exchange.
If a response or trap is delayed or replayed, little harm should occur. However, Command Generator and, to some extent, Inform PDUs result in management operations, such as reading or setting MIB objects.
Thus, it is important to guarantee that such PDUs are not delayed or replayed, which could cause undesired effects
1) Elements of UsmSecurityParameters :
When an outgoing message is passed to the USM by the Message Processor, the USM fills in the msgSecurityParameters field. When an incoming message is passed to the USM by the Message Processor, the USM processes the values contained in msgSecurityParameters.
The security parameters field consists of the following elements:
MsgAuthoritativeEngineID: The snmpEnginelD of the authoritative SNMP engine involved in the exchange of this message. Thus, this value refers to the source for a Trap, Response, or Report, and to the destination for a Get, GetNext, GetBulk, Set, or Inform.
MsgAuthoritativeEngineBoots: The snmpEngineBoots value of the authoritative SNMP engine involved in the exchange of this message. The object snmpEngineBoots is an integer in the range 0 through (2)^31-1 that represents the number of times that this SNMP engine has initialized or reinitialized itself since its initial configuration.
MsgAuthoritativeEngineTime: The snmpEngineTime value of the authoritative SNMP engine involved in the exchange of this message. The object snmpEngineTime is
an integer in the range 0 through (2)^31- 1 that represents the number of seconds since this authoritative SNMP engine last incremented the snmpEngineBoots object. Each authoritative SNMP engine is responsible for incrementing its own snmpEngineTime value once per second. A non authoritative engine is responsible for incrementing its notion of snmpEngineTime for each remote authoritative engine with which it communicates.
MsgUserName: The user (principal) on whose behalf the message is being exchanged.
MsgAuthenticationParameters: Null if authentication is not being used for this exchange. Otherwise, this is an authentication parameter. For the current definition of USM, the authentication parameter is an HMAC message authentication code.
MsgPrivacyParameters: Null if privacy is not being used for this exchange. Otherwise, this is a privacy parameter. For the current definition of USM, the privacy parameter is a value used to form the value (IV) in the DES CBC algorithm.