计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (6A): 230500209-7.doi: 10.11896/jsjkx.230500209

• 信息安全 • 上一篇    下一篇

基于国密SM3和SM4算法的SNMPv3安全机制设计与实现

田昊, 王超   

  1. 华北计算机系统工程研究所 北京 102200
  • 发布日期:2024-06-06
  • 通讯作者: 田昊(tianhao0315@outlook.com)
  • 基金资助:
    国家重点研发计划(2021YFB3101600)

Design and Implementation of SNMPv3 Security Mechanism Based on National Security SM3 andSM4 Algorithms

TIAN Hao, WANG Chao   

  1. National Computer System Engineering Research Institute of China,Beijing 102200,China
  • Published:2024-06-06
  • About author:TIAN Hao,born in 1999,postgraduate.His main research interests include network protocol security and information security.
  • Supported by:
    National Key Research and Development Program(2021YFB3101600).

PDF (PC)

329

摘要: 随着网络技术的快速发展以及5G技术的日益普及,接入网络的设备呈指数级增加,网络结构日趋复杂,恶意网络攻击频发。如何安全、高效地管理数量庞大、复杂的网络设备正成为网络管理所面临的新挑战。简单网络管理协议SNMPv3版本相比v1和v2,增加了基于用户安全模型,提供了数据机密性、完整性、防重放等安全服务。但SNMPv3依然存在默认认证算法与加密算法强度不高、密码算法未全面支持国家商密算法标准等问题。文中在分析SNMPv3协议现有安全机制的基础上,针对基于用户安全模型的SNMPv3现存问题提出了优化方案,将SM3和SM4国密算法嵌入SNMPv3安全机制,基于SM3和SM4国密算法为SNMP协议设计了HMAC-SM3-192认证协议和PRIV-CBC-SM4加密协议。在未明显增加响应时间的前提下,提升了SNMP消息传输过程中抵御伪装、信息篡改、信息泄露等安全威胁的能力,实现了SNMP协议安全性方面的优化。

关键词: SNMPv3, 用户安全模型, SM3杂凑算法, SM4对称加密算法

Abstract: With the rapid development of network technology and the increasing popularity of 5G technology,the number of devices accessing the network is increasing exponentially,the network structure is becoming increasingly complex,and malicious network attacks are frequent.How to securely and efficiently manage the large number of complex network devices is becoming a new challenge for network management.Compared with v1 and v2,SNMP v3 adds a user-based security model that provides security services such as data confidentiality,integrity,and anti-replay.However,SNMPv3 still has problems,such as the default authentication algorithm and encryption algorithm strength,which are not high,and the cryptographic algorithm does not fully support the national standard for commercial confidentiality algorithms.Based on the analysis of the existing security mechanism of SNMPv3 protocol,this paper proposes an optimization scheme for the existing problems of SNMPv3 based on user security model,embedded SM3 and SM4 national security algorithms into SNMPv3 security mechanism,and designs HMAC-SM3-192 authentication protocol and PRIV-CBC-SM4 encryption protocol for SNMP protocol based on SM3 and SM4 national security algorithms.Without significantly increasing the response time,it improves the ability to resist security threats such as forgery,information tampering and information leakage during SNMP message transmission,and achieves the optimization of SNMP protocol in terms of security.

Key words: SNMPv3, User security model, SM3 hash algorithm, SM4 symmetric encryption algorithm

中图分类号: 

  • TP311
[1]YING W F,DUAN X D,SHEN J L.Analysis and com-parison of SNMPv1,SNMPv2 and SNMPv3 security protocols[J].Computer Engineering,2002,28(10):153-156.
[2]CHEN Y,LU Z X,FENG Y L.Analysis and Comparison ofSNMPv1,SNMPv2c and SNMPv3 Protocol Structures[J].Modern Computer,2004(2):59-64.
[3]PENG Z F,LI F,LUO C J.Research on the security scheme of network management system based on SNMP[J].Computer Engineering and Design,2010,31(17):3778-3780.
[4]LUO Y,YAO J L.Research on efficient algorithm of MIB con-struction tree based on SNMP[J].Computer Engineering and Design,2010,31(15):3386-3389.
[5]CHENG C L,ZHANG D Y.An improved SNMPv3 model supporting multicast[J].Computer Science,2012,39(4):89-93.
[6]ZHANG Y,HONG W J.Research on SNMPv3 optimizationbased on user security model[J].Netinfo Security,2012(2):74-77.
[7]GUO X Q,XIE C W.Application of SNMP communication protocol in the database of ship communication network man-agement system[J].Ship Science and Technology,2021,43(24):130-132.
[8]ZHANG L L,ZHANG Y Q.Brute Force Attack on Block Cipher Al-gorithm Based on Distributed Computation[J].ComputerEngineering,2008(13):121-123.
[9]GUO H,DING G L,LIU C J,et al.Realization of DEMA for DES I mple mentation[J].Microelectronics & Compute,2009,26(12):34-37.
[10]WANG X,YU H.How to break MD5 and other hash functions[C]//Proc of the 24th Annual Int Conf on the Theory and Applications of Cryptographic Techniques.2005:19-35.
[11]WANG X Y,YU H B.Survey of Hash Function[J].Journal of Information Security Research,2015,1(1):19-30.
[12]HARRINGTON D,PRESUHN R,WIJNEN B.An architecture for describing simple network management protocol(SNMP) management frameworks[C]//RFC 3411.IETF,2002.
[13]BLUMENTHAL U,WIJNEN B.User-based security model(USM) for version 3 of the simple network management protocol(SNMPv3)[C]//RFC 3414.IETF,2002.
[14]WIJNEN B,PRESUHN R,MCCLOGHRIE K.RFC3415:View-based Access Control Model(VACM) for the Simple Network Management Protocol(SNMP)[C]//RFC 3415.IETF,2002.
[15]HU J X,YANG Y,XIONG L,et al.SM Algorithm Analysis andSoftware Performance Research[J].Netinfo Security,2021,21(10):8-16.
[16]WANG X Y,YU H B.SM3 cryptographic hash algorithm[J].Journal of Information Security Research,2016,2(11):983-994.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发