The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model
RFC 3826
Document Type RFC - Proposed Standard (June 2004; No errata)
Was draft-blumenthal-aes-usm (individual in sec area)
Last updated 2018-07-18
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3826 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Steven Bellovin
Send notices to <maino@polito.it>
Email authors IPR References Referenced by Nits 
Network Working Group                                      U. Blumenthal
Request for Comments: 3826                           Lucent Technologies
Category: Standards Track                                       F. Maino
                                                   Andiamo Systems, Inc.
                                                           K. McCloghrie
                                                     Cisco Systems, Inc.
                                                               June 2004

        The Advanced Encryption Standard (AES) Cipher Algorithm
                 in the SNMP User-based Security Model

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document describes a symmetric encryption protocol that
   supplements the protocols described in the User-based Security Model
   (USM), which is a Security Subsystem for version 3 of the Simple
   Network Management Protocol for use in the SNMP Architecture.  The
   symmetric encryption protocol described in this document is based on
   the Advanced Encryption Standard (AES) cipher algorithm used in
   Cipher FeedBack Mode (CFB), with a key size of 128 bits.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . .    2
       1.1.  Goals and Constraints. . . . . . . . . . . . . . . . .    2
       1.2.  Key Localization . . . . . . . . . . . . . . . . . . .    3
       1.3.  Password Entropy and Storage . . . . . . . . . . . . .    3
   2.  Definitions. . . . . . . . . . . . . . . . . . . . . . . . .    4
   3.  CFB128-AES-128 Symmetric Encryption Protocol . . . . . . . .    5
       3.1.  Mechanisms . . . . . . . . . . . . . . . . . . . . . .    5
             3.1.1. The AES-based Symmetric Encryption Protocol . .    6
             3.1.2. Localized Key, AES Encryption Key and
                    Initialization Vector . . . . . . . . . . . . .    7
             3.1.3. Data Encryption . . . . . . . . . . . . . . . .    8
             3.1.4. Data Decryption . . . . . . . . . . . . . . . .    8

Blumenthal, et al.          Standards Track                     [Page 1]
RFC 3826                   AES for SNMP's USM                  June 2004

       3.2.  Elements of the AES Privacy Protocol . . . . . . . . .    9
             3.2.1. Users . . . . . . . . . . . . . . . . . . . . .    9
             3.2.2. msgAuthoritativeEngineID. . . . . . . . . . . .    9
             3.2.3. SNMP Messages Using this Privacy Protocol . . .   10
             3.2.4. Services provided by the AES Privacy Modules. .   10
       3.3.  Elements of Procedure. . . . . . . . . . . . . . . . .   11
             3.3.1. Processing an Outgoing Message. . . . . . . . .   12
             3.3.2. Processing an Incoming Message. . . . . . . . .   12
   4.  Security Considerations. . . . . . . . . . . . . . . . . . .   13
   5.  IANA Considerations. . . . . . . . . . . . . . . . . . . . .   13
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . .   14
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . .   14
       7.1.  Normative References . . . . . . . . . . . . . . . . .   14
       7.2.  Informative References . . . . . . . . . . . . . . . .   14
   8.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . .   15
   9.  Full Copyright Statement . . . . . . . . . . . . . . . . . .   16

1.  Introduction

   Within the Architecture for describing Internet Management Frameworks
   [RFC3411], the User-based Security Model (USM) [RFC3414] for SNMPv3
   is defined as a Security Subsystem within an SNMP engine.  RFC 3414
   describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the initial
   authentication protocols, and the use of CBC-DES as the initial
   privacy protocol.  The User-based Security Model, however, allows for
   other such protocols to be used instead of, or concurrently with,
   these protocols.

   This memo describes the use of CFB128-AES-128 as an alternative
   privacy protocol for the User-based Security Model.  The key words
   "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
   "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this document
   are to be interpreted as described in [RFC2119].

1.1.  Goals and Constraints

   The main goal of this memo is to provide a new privacy protocol for
   the USM based on the Advanced Encryption Standard (AES) [FIPS-AES].

   The major constraint is to maintain a complete interchangeability of
   the new protocol defined in this memo with existing authentication
   and privacy protocols already defined in USM.

   For a given user, the AES-based privacy protocol MUST be used with
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools