The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model
RFC 3826
Document | Type |
RFC - Proposed Standard
(June 2004; No errata)
Was draft-blumenthal-aes-usm (individual in sec area)
|
|
---|---|---|---|
Authors | Fabio Maino , Uri Blumenthal , Keith McCloghrie | ||
Last updated | 2018-07-18 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3826 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Steven Bellovin | ||
Send notices to | <maino@polito.it> |
Network Working Group U. Blumenthal Request for Comments: 3826 Lucent Technologies Category: Standards Track F. Maino Andiamo Systems, Inc. K. McCloghrie Cisco Systems, Inc. June 2004 The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). Abstract This document describes a symmetric encryption protocol that supplements the protocols described in the User-based Security Model (USM), which is a Security Subsystem for version 3 of the Simple Network Management Protocol for use in the SNMP Architecture. The symmetric encryption protocol described in this document is based on the Advanced Encryption Standard (AES) cipher algorithm used in Cipher FeedBack Mode (CFB), with a key size of 128 bits. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Goals and Constraints. . . . . . . . . . . . . . . . . 2 1.2. Key Localization . . . . . . . . . . . . . . . . . . . 3 1.3. Password Entropy and Storage . . . . . . . . . . . . . 3 2. Definitions. . . . . . . . . . . . . . . . . . . . . . . . . 4 3. CFB128-AES-128 Symmetric Encryption Protocol . . . . . . . . 5 3.1. Mechanisms . . . . . . . . . . . . . . . . . . . . . . 5 3.1.1. The AES-based Symmetric Encryption Protocol . . 6 3.1.2. Localized Key, AES Encryption Key and Initialization Vector . . . . . . . . . . . . . 7 3.1.3. Data Encryption . . . . . . . . . . . . . . . . 8 3.1.4. Data Decryption . . . . . . . . . . . . . . . . 8 Blumenthal, et al. Standards Track [Page 1] RFC 3826 AES for SNMP's USM June 2004 3.2. Elements of the AES Privacy Protocol . . . . . . . . . 9 3.2.1. Users . . . . . . . . . . . . . . . . . . . . . 9 3.2.2. msgAuthoritativeEngineID. . . . . . . . . . . . 9 3.2.3. SNMP Messages Using this Privacy Protocol . . . 10 3.2.4. Services provided by the AES Privacy Modules. . 10 3.3. Elements of Procedure. . . . . . . . . . . . . . . . . 11 3.3.1. Processing an Outgoing Message. . . . . . . . . 12 3.3.2. Processing an Incoming Message. . . . . . . . . 12 4. Security Considerations. . . . . . . . . . . . . . . . . . . 13 5. IANA Considerations. . . . . . . . . . . . . . . . . . . . . 13 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 7.1. Normative References . . . . . . . . . . . . . . . . . 14 7.2. Informative References . . . . . . . . . . . . . . . . 14 8. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 15 9. Full Copyright Statement . . . . . . . . . . . . . . . . . . 16 1. Introduction Within the Architecture for describing Internet Management Frameworks [RFC3411], the User-based Security Model (USM) [RFC3414] for SNMPv3 is defined as a Security Subsystem within an SNMP engine. RFC 3414 describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the initial authentication protocols, and the use of CBC-DES as the initial privacy protocol. The User-based Security Model, however, allows for other such protocols to be used instead of, or concurrently with, these protocols. This memo describes the use of CFB128-AES-128 as an alternative privacy protocol for the User-based Security Model. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.1. Goals and Constraints The main goal of this memo is to provide a new privacy protocol for the USM based on the Advanced Encryption Standard (AES) [FIPS-AES]. The major constraint is to maintain a complete interchangeability of the new protocol defined in this memo with existing authentication and privacy protocols already defined in USM. For a given user, the AES-based privacy protocol MUST be used withShow full document text