SNMPv3 USM
The emNet SNMP Agent SNMPv3 USM implementation is an optional extension which can be seamlessly integrated on top of the emNet SNMP Agent for SNMPv1/SNMPv2c.
It allows adding strengthened security in terms of message authentication and message encryption to the otherwise plaintext concept of SNMP messages.
Overview
With SNMPv3 the otherwise plaintext concept of SNMP messages got a security upgrade by introducing the concept of "Security Models". Depending on the "Security Model" a furthermore layered concept is used that targets a better extensibility for future upgrades of the initial concepts in terms of other "Security Models" as well as future extensions within a "Security Model" itself.
The User-based Security Model (USM)
The User-based Security Model (USM) used with SNMPv3 is the standard security model used with SNMPv3. As the name implies it uses a user database that is managed by a so called "SNMP Engine". Different permissions and security levels in terms of AUTH(entication) and PRIV(acy) aka encryption can be assigned to each user individually.
Key features
- Low memory footprint
- Easy integration on top of the existing emNet Agent for SNMPv1/SNMPv2c
- Supports the SNMPv3 User-based Security Model (USM)
- Supports MD5 and SHA1 AUTH(entication)
- Supports DES PRIV(acy)
- Supports noAuthNoPriv, authNoPriv and authPriv
- SNMPv3 Engine discovery via REPORT messages supported
Requirements
The SNMPv3 USM implementation requires the base emNet SNMP Agent. The MD5/SHA1 components for AUTH(entication) and DES for PRIV(acy) come included with the SNMPv3 package.
Resource usage
The ROM usage depends on the compiler options, the compiler version and the used CPU. The memory requirements of the SNMP Agent for SNMPv3 with
User-based Security Model (USM) on top of an existing SNMPv2c configuration presented in the tables below have been measured on a Cortex-M4 system.
Details about the further configuration can be found in the sections of the specific example.
ROM Usage on a Cortex-M4 system
The following resource usage has been measured on a Cortex-M4 system using the SEGGER compiler with size optimization.
| Add-on | ROM |
|---|---|
| emNet SNMP Agent SNMPv3 add-on with noAuthNoPriv | Approximately 3.7 KByte |
| emNet SNMP Agent SNMPv3 add-on with authPriv using AUTH(MD5) and PRIV(DES) | Approximately 9.0 KByte |
RAM usage
Adding SNMPv3 support to an existing SNMPv2c application requires nearly zero additional RAM.
Relevant parts
The emNet SNMPv3 USM extension implements the relevant parts of the following Request For Comments (RFC).
| RFC# | Description |
|---|---|
| [RFC 3411] | Direct Link: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks |
| [RFC 3414] | Direct Link: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) |
| [RFC 5343] | Direct Link: Simple Network Management Protocol (SNMP) Context EngineID Discovery |