Abstract
This paper describes the design and implementation of a secure management protocol for the management of distributed applications. The protocol is a modified use of the ISO CMIP protocol, with additional mechanisms and behavior to provide the following security services: Mutual authentication of communicating parties. Both parties can prove to each other that they are who they claim to be by the exchange of signed credentials. Stream integrity for management information packets (protocol data units - PDUs). The management information exchanged between the parties is protected from replay, misordering, modification, insertion, and deletion of the PDUs. Confidentiality of the management PDUs. Only the communicating parties can read the information passed between them. The mechanism used also provides a level of back traffic protection and perfect forward secrecy. In previous work we have implemented a public-key based system. Here, we present an experiment based on the use of a secret-key mechanism, for a faster, lightweight approach. The authentication mechanism makes use of the MD5 algorithm and the DES encryption standard. The PDU integrity mechanisms make use of a pseudo random number sequence for PDU numbering and the MD5 algorithm for generating unforgeable signatures for the PDUs.
Original language | English |
---|---|
Pages (from-to) | 251-277 |
Number of pages | 27 |
Journal | JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT |
Volume | 4 |
Issue number | 3 |
DOIs | |
Publication status | Published - 1 Jan 1996 |
Keywords
- Distributed systems security
- Network management
- Network security