Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
mechanism to overcome the key distribution problem <strong>in</strong> multivendor environments. Many also<br />
use it because it is the simpler approach. Password-derived symmetric keys are no more secure<br />
than the passwords they are derived from.<br />
4.6.3 The SNMP Key Updates do not Provide for Perfect Forward Secrecy.<br />
SNMPv3’s key update capability does not provide for perfect forward secrecy (PFS). PFS is<br />
def<strong>in</strong>ed <strong>in</strong> section 3.3 of RFC 2409 as:<br />
“When used <strong>in</strong> the memo Perfect Forward Secrecy (PFS) refers to the notion that<br />
compromise of a s<strong>in</strong>gle key will permit access to only data protected by a s<strong>in</strong>gle<br />
key. For PFS to exist the key used to protect transmission of data MUST NOT be<br />
used to derive any additional keys, and if the key used to protect transmission of<br />
data was derived from some other key<strong>in</strong>g material, that material MUST NOT be<br />
used to derive any more keys.”<br />
Specifically, <strong>in</strong> SNMPv3, replacement keys can be used to derive previous keys. As a result, if<br />
an attacker recovers a SNMPv3 authentication or privacy key, then he can decrypt all (recorded)<br />
traffic <strong>in</strong> the past even from previous key sets—assum<strong>in</strong>g that he also captured the key change<br />
operation packets.<br />
4.6.4 The SNMP Symmetric Key Distribution Problems.<br />
Key distribution is a very serious implementation problem for symmetric key-based systems like<br />
SNMPv3. This problem has not been addressed by the IETF <strong>in</strong> general, and certa<strong>in</strong>ly has not<br />
been addressed with<strong>in</strong> the IETF’s SNMPv3 work<strong>in</strong>g group, <strong>in</strong> particular. Thus, there are no<br />
common or standard mechanisms used by SNMP implementations to perform <strong>in</strong>itial symmetric<br />
key distribution. That is why so many systems rely upon password-based distributions.<br />
Solutions do exist with<strong>in</strong> the IETF milieu for securely exchang<strong>in</strong>g symmetric keys. However,<br />
none of them are standards, nor are they commonly deployed by SNMP products. For example,<br />
Kerberos has provided a mechanism for distribut<strong>in</strong>g symmetric keys, and RFC 2786 provides a<br />
Diffie-Hellman-like key exchange mechanism that is available for SNMP systems to use.<br />
However, the latter is an experimental RFC (i.e., it is not a standard SNMP mechanism) that is<br />
only implemented <strong>in</strong> a subset of SNMP products.<br />
It is well known that many otherwise perfectly good security systems have been rendered<br />
<strong>in</strong>effectual through improper or <strong>in</strong>adequate key distribution implementations. In regard to a<br />
deployment’s use of SNMPv3, it is obvious that both the SNMP agent and the adm<strong>in</strong>istrator’s<br />
management system need to share a consistent, coherent, and <strong>in</strong>teroperable approach to securely<br />
distribute these keys if the symmetric keys are to be securely distributed between them.<br />
Unfortunately, because this essential requirement is implemented on an ad hoc and idiosyncratic<br />
manner by different SNMP implementations, there is a strong basis for question<strong>in</strong>g whether<br />
these keys are be<strong>in</strong>g securely conveyed <strong>in</strong> multivendor environments, unless the deployment<br />
itself has used its own resources to create an out-of-band mechanism to do so.<br />
45