(3.236.222.124) 您好!臺灣時間:2021/05/13 20:52
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

: 
twitterline
研究生:卓萱育
研究生(外文):Cho, Hsuanyu
論文名稱:SNMP安全機制之改進
論文名稱(外文):A Study of Enhancement on SNMP Security
指導教授:陳彥錚陳彥錚引用關係
指導教授(外文):Chen, Yencheng
口試委員:高勝助姜美玲
口試委員(外文):Kao, ShangjuhChiang, Meiling
口試日期:2011-07-27
學位類別:碩士
校院名稱:國立暨南國際大學
系所名稱:資訊管理學系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
論文頁數:38
中文關鍵詞:SNMP網路管理USMVACM密語
外文關鍵詞:SNMPNetwork managementUSMVACMPassphrase
相關次數:
  • 被引用被引用:1
  • 點閱點閱:374
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:97
  • 收藏至我的研究室書目清單書目收藏:0
由IETF所制定的簡易網路管理協定(Simple Network Management Protocol,簡稱SNMP)是目前應用最廣泛的TCP/IP網路管理標準,大部分的路由器、網路交換器、以及伺服器均有支援。SNMP提供一套標準的方法讓網管人員透過網路來管理和監控各種設備,目前已經發展到第三版。由於第一版的SNMP基於簡易之設計理念,把安全建立在社群(Community)機制之上,採用社群觀念規範管理者與代理者的存取控制關係,包含唯獨、可讀寫以及通報三種社群關係。社群名稱為SNMP訊息格式裡的一個欄位,作為判斷管理者與代理者是否隸屬於同一個社群之依據。但是第一版SNMP最讓人詬病的就是社群名稱採用明碼傳輸。為了更好的安全性,第三版SNMP採用了用戶安全模式(User-based Security Model,簡稱USM)以及存取控制模式(View-based Access Control Model,簡稱VACM)。但強化後的安全機制在使用上又過於複雜,因此並未能普及。本論文為了在不改變SNMP訊息格式的架構並保有第一版SNMP簡易特性的前提下做到提高第一版SNMP的安全性。就像SNMPv3的USM,我們將原本SNMPv1的社群名稱取代為使用者名稱,提供以使用者為基礎的安全機制。我們的實驗結果顯示,我們提出的方法在實驗過程中產生少量的虛耗(Overhead)但能做到跟SNMPv3 USM同樣的安全要求。
Simple Network Management Protocol (SNMP), developed by the Internet Engineering Task Force (IETF), is the most widely-used protocol for the management of TCP/IP-based networks. Almost all routers, switches and servers support SNMP. SNMPv3 the latest version of SNMP, which provides a set of standard methods to monitor and control network objects in a more secure manner. Because of the simplicity nature of SNMPv1, the security mechanism of SNMPv1 is based on the community name which is used to define the access and control relationship between the manager and the agent, including read-only, read-write and trap capability. The community name is carried in a field in an SNMP. However, SNMPv1 transmits the community name in plaintext. For a better security, SNMPv3 introduces the User Security Model (USM) and the View-based Access Control Model (VACM). The comprehensive security features make SNMPv3 too complicated to be widely adopted by vendors. To attain the simplicity nature of SNMP, in this thesis, we will propose a security enhancement over SNMPv1, without the need of any change in current SNMPv1 messages. Like SNMPv3 USM, we replace the SNMPv1 community name with user name to provide user based security. Our study shows that only a little overhead is incurred in the proposed method to achieve the same security requirements as SNMPv3 USM.
第一章 緒論 1
1.1研究背景與動機 1
1.2研究目的與貢獻 6
1.3論文架構 7
第二章 文獻探討 8
2.1 SNMP over TLS(SSL) 8
2.2 SNMP over SSH 9
2.3 ISMS of IETF 10
2.4 APSSNMP(Application Secure SNMP) 11
2.5 Replay protection based on random number 11
第三章 具使用者身分認證之SNMP安全改進機制 12
3.1改進的SNMP PDU設計 12
3.2 SNMPSecAgent架構 14
第四章 系統實作 22
4.1實驗環境 22
4.2環境設定 23
4.3訊息長度之比較 25
4.3.1 Request訊息長度比較 25
4.3.2 Response訊息長度比較 27
4.4傳輸延遲之比較 29
4.4 安全分析 32
第五章 結論與未來方向 35
5.1結論 35
5.2未來研究方向 36
參考文獻 37
[1] Case J, Fedor M, Schoffstall M, and Davin J., "Simple Network Management Protocol," IETF RFC 1157, May 1990.
[2] M. Rose and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets," IETF RFC 1155, May 1990.
[3] Rose, M., and K. McCloghrie, "Concise MIB Definitions," IETF RFC 1212, March 1991.
[4] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2(SMIv2)," IETF RFC 2578, April 1999.
[5] R. Presuhn, J. Case, K. McCloghrie, M. Rose, and S. Waldbusser, "Version 2 of the Protocol Operations for the Simple Network Management Protocol(SNMP)," IETF RFC 3416, December 2002.
[6] D. Harrington, R. Presuhn, and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol(SNMP) Management Frameworks," IETF RFC 3411, December 2002.
[7] J. Case, D. Harrington, R. Presuhn, and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol(SNMP)," IETF RFC 3412, December 2002.
[8] U. Blumenthal and B. Wijnen, "User-based Security Model(USM) for version 3 of the Simple Network Management Protocol(SNMPv3)," IETF RFC 3414, December 2002.
[9] B. Wijnen, R. Presuhn, and K. McCloghrie, "View-based Access Control Model(VACM) for the Simple Network Management Protocol(SNMP)," IETF RFC 3415, December 2002.
[10] Rose M and McCloghrie K., "Management Information Base for Network Management of TCP/IP-based internets, MIB II," IETF RFC 1213, March 1991.
[11] Jurgen Schonwalder, "Performance Analysis of SNMP over SSH/TLS/DTLS," in IRTF NMRG Meeting, 2007.
[12]X. Du, M. Shayman, and M. Rozenblit, "Implementation and performance analysis of SNMP on a TLS/TCP base," in Integrated Network Management Proceedings, 2001 IEEE/IFIP International Symposium on, pp. 453-466, 2001.
[13]V. Marinov and J. Schönwälder, "Performance Analysis of SNMP over SSH," in Large Scale Management of Distributed Systems. vol. 4269, R. State, S. van der Meer, D. O’Sullivan, and T. Pfeifer, Eds., ed: Springer Berlin / Heidelberg, pp. 25-36, 2006.
[14] Integrated Security Model for SNMP (isms), IETF Working Group, [online]. available: <http://datatracker.ietf.org/wg/isms/>, 1989.
[15] D. Harrington and J. Schonwalder, "Transport Subsystem for the Simple Network Management Protocol(SNMP)," IETF RFC 5590, June 2009.
[16] D. Harrington, J. Salowey, and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol(SNMP)," IETF RFC 5592, June 2009.
[17] W. Hardaker, "Transport Layer Security(TLS) Transport Model for the Simple Network Management Protocol(SNMP)," IETF RFC 5953, August 2010.
[18] K. Narayan and D. Nelson, "Using Authentication, Authorization, and Accounting Services to Dynamically Provision View-Based Access Control Model User-to-Group Mappings," IETF RFC 6065, December 2010.
[19] C. M. Wee, B. Vaillant, and M. Salim Beg, "Security for Network Management: Secure SetRequest for SNMP-APSSNMP," in IASTED Int. Conf. Internet and Multimedia Systems and Applications, pp.67-70, 2001.
[20]W. Chin Mun, M. Salim Beg, and B. Vaillant, "APSSNMP as a protocol for managing network appliances," in Networked Appliances, 2002. Gaithersburg. Proceedings. 2002 IEEE 4th International Workshop on, pp. 87-96, 2002.
[21]R. C. W. Phan, "Cryptanalysis of the application secure alternative to SNMP (APSSNMP)," Computer Standards & Interfaces, vol. 31, pp. 63-65, 2009.
[22]Y. Jiang, K. Sun, W. Zhang, and D. Zhang, "A SNMPv3 Replay Protection Scheme Used in Space Network Based on Random Number," in Hybrid Intelligent Systems, 2009. HIS '09. Ninth International Conference on, pp. 378-380, 2009.
[23] Zoho Corp. [online]. WebNMS SNMPAPI 4, available: < http://www.webnms.com/webnms/ >, 2005.
[24] J.AgentX. [online]. J.AgentX: A Java-based AgentX Implementation, available: <http://eden.dei.uc.pt/agentx/.>, 2000.
[25]W. Stallings, "SNMPv3: A security enhancement for SNMP," Communications Surveys & Tutorials, IEEE, vol. 1, pp. 2-17, 1998.
[26] L. Andrey, O. Festor, A. Lahmadi, A. Pras, and J. Schonwalder, "Survey of SNMP performance analysis studies," in International Journal of Network Management, vol. 19, no. 6, pp. 527–548, 2009.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔