smb@ulysses.homer.nj.att.com (Steven M. Bellovin) (08/31/89)
Is anyone working on better authentication methods for things like SNMP and OSPFIGP? The former today seems to rely on the "community string", which in essence boils down to a clear-text password; the latter, as of the July '89 draft, has only a 64-bit clear-text password as a defined authentication type. These strike me as insufficient. In lieu of anything else, let me propose a strawman authentication mechanism. Use DES in CBC mode to generate a 32-bit MAC, as per X9.9, on the text to be protected. Emit a 32-bit key id, followed by the MAC, as the 64 bits of authentication data. In an environment where all of the entities involved are under the same management, and are (reasonably) physically secure, all of the gateways in question can share the same DES key, and hence the same key id. Alternatively, each gateway could have a separate key and key id; only its neighbors would have to know that key. In a large-scale network, this would all break down because I haven't proposed any key management mechanism. That's a separate issue, though; small numbers of keys can be loaded manually, and a protocol to do that (Kerberos?) can be layered on later. There is also the export problem for U.S.-made gear. I don't think that's a serious obstacle here. For one thing, *any* cryptographic authentication scheme will have that problem. For another, I am suggesting use of DES solely for authentication and not secrecy; recently-proposed relaxations of the export rules would allow that, I believe. Finally, I am suggesting the same mechanism used for validating EFT transfers, another exception to the export rules; while this isn't EFT, the technology (and hence the alleged "risk", such as it is, to U.S. national security) is identical. Comments? --Steve Bellovin smb@ulysses.att.com