Secure management information exchange

Saleem N. Bhatti*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

This paper describes the design and implementation of a secure management protocol for the management of distributed applications. The protocol is a modified use of the ISO CMIP protocol, with additional mechanisms and behavior to provide the following security services: Mutual authentication of communicating parties. Both parties can prove to each other that they are who they claim to be by the exchange of signed credentials. Stream integrity for management information packets (protocol data units - PDUs). The management information exchanged between the parties is protected from replay, misordering, modification, insertion, and deletion of the PDUs. Confidentiality of the management PDUs. Only the communicating parties can read the information passed between them. The mechanism used also provides a level of back traffic protection and perfect forward secrecy. In previous work we have implemented a public-key based system. Here, we present an experiment based on the use of a secret-key mechanism, for a faster, lightweight approach. The authentication mechanism makes use of the MD5 algorithm and the DES encryption standard. The PDU integrity mechanisms make use of a pseudo random number sequence for PDU numbering and the MD5 algorithm for generating unforgeable signatures for the PDUs.

Original languageEnglish
Pages (from-to)251-277
Number of pages27
JournalJOURNAL OF NETWORK AND SYSTEMS MANAGEMENT
Volume4
Issue number3
DOIs
Publication statusPublished - 1 Jan 1996

Keywords

  • Distributed systems security
  • Network management
  • Network security

Fingerprint

Dive into the research topics of 'Secure management information exchange'. Together they form a unique fingerprint.

Cite this