RFC 3826 (rfc3826) - Page 2 of 16


The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model



Alternative Format: Original Text Document



RFC 3826                   AES for SNMP's USM                  June 2004


       3.2.  Elements of the AES Privacy Protocol . . . . . . . . .    9
             3.2.1. Users . . . . . . . . . . . . . . . . . . . . .    9
             3.2.2. msgAuthoritativeEngineID. . . . . . . . . . . .    9
             3.2.3. SNMP Messages Using this Privacy Protocol . . .   10
             3.2.4. Services provided by the AES Privacy Modules. .   10
       3.3.  Elements of Procedure. . . . . . . . . . . . . . . . .   11
             3.3.1. Processing an Outgoing Message. . . . . . . . .   12
             3.3.2. Processing an Incoming Message. . . . . . . . .   12
   4.  Security Considerations. . . . . . . . . . . . . . . . . . .   13
   5.  IANA Considerations. . . . . . . . . . . . . . . . . . . . .   13
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . .   14
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . .   14
       7.1.  Normative References . . . . . . . . . . . . . . . . .   14
       7.2.  Informative References . . . . . . . . . . . . . . . .   14
   8.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . .   15
   9.  Full Copyright Statement . . . . . . . . . . . . . . . . . .   16

1.  Introduction

   Within the Architecture for describing Internet Management Frameworks
   [RFC 3411], the User-based Security Model (USM) [RFC 3414] for SNMPv3
   is defined as a Security Subsystem within an SNMP engine.  RFC 3414
   describes the use of HMAC-MD5-96 and HMAC-SHA-96 as the initial
   authentication protocols, and the use of CBC-DES as the initial
   privacy protocol.  The User-based Security Model, however, allows for
   other such protocols to be used instead of, or concurrently with,
   these protocols.

   This memo describes the use of CFB128-AES-128 as an alternative
   privacy protocol for the User-based Security Model.  The key words
   "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
   "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this document
   are to be interpreted as described in [RFC 2119].

1.1.  Goals and Constraints

   The main goal of this memo is to provide a new privacy protocol for
   the USM based on the Advanced Encryption Standard (AES) [FIPS-AES].

   The major constraint is to maintain a complete interchangeability of
   the new protocol defined in this memo with existing authentication
   and privacy protocols already defined in USM.

   For a given user, the AES-based privacy protocol MUST be used with
   one of the authentication protocols defined in RFC 3414 or an
   algorithm/protocol providing equivalent functionality.





Blumenthal, et al.          Standards Track