Secure Management Information Exchnage
Saleem N. Bhatti
Deptartment of Computer Science
University College London
Gower Street, London WC1E 6BT, UK
Email: S.Bhatti_AT_cs.ucl.ac.uk
Kevin M. T. McCarthy
Graham Knight
George Pavlou
Abstract
This paper describes the design and implementation of a secure management
protocol for the management of distributed applications. The protocol is a
modified use of the ISO CMIP protocol, with additional mechanisms and behaviour
to provide the following security services:
Mutual authentication of communicating parties. Both parties can
prove to each other that they are who they claim to be by the exchange of
signed credentials.
Stream integrity for management information packets (protocol data units
-- PDUs). The management information exchanged between the parties
is protected from replay, misordering, modification, insertion and deletion
of the PDUs.
Confidentiality of the management PDUs. Only the communicating parties can
read the information passed between them. The mechanism used also provides a
level of back traffic protection and perfect forward secrecy.
In previous work we have implemented a public-key based system. Here, we
present an experiment based on the use of a secret-key mechanism, for a faster,
lightweight approach. The authentication mechanism makes use of the MD5
algorithm and the DES encryption standard. The PDU integrity mechanisms make
use of a pseudo random number sequence for PDU numbering and the MD5 algorithm
for generating unforgeable signatures for the PDUs.
Keywords: network security, network management, distributed systems security
JNSM: Vol. 4, No. 3, 1996
Secure Management Information Exchnage [Vol. 4, No. 3, 1996]
NOTE: only abstract of paper available on-line
Back to JNSM main page