The USM is in charge of authenticating, encrypting, and decrypting SNMP packets
The USM is specified in RFC 2574
A weak point of all the previous well-known SNMP versions has been the lack of a solid, agreed upon security scheme.
In designing the USM, these classic security threats had to be addressed:
- Modification of Information (Data Integrity) -- Ensure that the data is not maliciously altered during transit by an unauthorized entity.
- Masquerading (Data Origin Authentication) -- Ensure that it is known exactly who and where the data came from to prevent an unauthorized entity from assuming the identity of an authorized user.
- Disclosure (Data Confidentiality) -- Ensure that an unauthorized entity cannot eavesdrop on the data exchanges.
- Message Stream Modification (Message Timeliness) -- Ensure that the data was received in a timely manner to prevent malicious re-ordering of data by an unauthorized entity.
RFC 2274 defines the user-based security model (USM) for SNMPv3.
This specification encompasses:
- Authentication: Provides data integrity and data origin authentication. The message authentication code HMAC, with either the hash function MD5 or SHA1 provides authentication.
- Timeliness: Protects against message delay or replay.
- Privacy: Protects against disclosure of message payload. The cipher block chaining (CBC) mode of DES is used for encryption.
- Message format: Defines format of msgSecurityParameters field, which sup-ports the functions of authentication, timeliness, and privacy.
- Discovery: Defines procedures by which one SNMP engine obtains information about another SNMP engine.
- Key management: Defines procedures for key generation, update, and use.
The USM is able to protect SNMPv3 packets from the above threats by utilizing a concept of multiple users where each user provides secret keys for authentication and privacy.
The authentication protocols specified for use are HMAC-MD5 and HMAC-SHA. The privacy protocol specified is CBC-DES.
The RFC states that the security protocols used for the USM are considered acceptably secure at the time of its writing.
However, the model allows for new authentication and privacy protocols to be specified at a future time if the need arises.
USM Security Parameters:
snmpEngineID -- A unique identifier for an SNMP engine within an administrative domain. The snmpEnginelD of the authoritative SNMP engine involved in the exchange of this message. Thus, this value refers to the source for a Trap, Response, or Report, and to the destination for a Get, GetNext, GetBulk, Set, or Inform.
snmpEngineBoots -- A count of the number of times an SNMP engine has rebooted or re-initialized since the snmpEngineID was last set. This counter is initially set to zero.
snmpEngineTime -- The number of seconds since the snmpEngineBoots counter was last incremented. This counter is initially set to zero. If the snmpEngineTime reaches its maximum (2147483647), then the snmpEngineBoots is incremented by one, and the snmpEngineTime starts counting again from zero.
snmpSecurityLevel -- There are three possible security levels: noAuthNoPriv, authNoPriv, and authPriv. The noAuthNoPriv level specifies no authentication or privacy is performed. The authNoPriv level specifies that authentication is performed but not privacy. The authPriv level specifies that both authentication and privacy are being performed. One reason a noAuthPriv security level does not exist is because a message authentication digest is needed to ensure the integrity of the security parameters, namely the privacy parameters (i.e., DES salt).
Authoritative SNMP Engine -- To protect against message replay, delay, and redirection, one of the communicating SNMP engines is designated as the Authoritative SNMP Engine. The Authoritative SNMP Engine is an engine that receives SNMP messages that need a response. This is always the agent that a manager communicates with.
MsgAuthenticationParameters: Null if authentication is not being used for this exchange. Otherwise, this is an authentication parameter. For the current definition of USM, the authentication parameter is an HMAC message authentication code
MsgUserName: The user (principal) on whose behalf the message is being exchanged.
MsgPrivacyParameters: Null if privacy is not being used for this exchange. Otherwise, this is a privacy parameter. For the current definition of USM, the privacy parameter is a value used to form the value (IV) in the DES CBC algorithm.