Improving the security of SNMP in wireless networks

Simple network management protocol (SNMP) is widely used for monitoring and managing computers and network devices on wired and wireless network. SNMPv1 and v2 do not provide security when managing agents. Three very important security features (authentication, encryption, access control) are added to SNMPv3 under the User-based Security Model (USM). Symmetric cryptography is used for encryption and one-way cryptography is used for authentication. The two keys used for encryption and authentication are derived from the shared password between the manager and agent. In this paper, we are addressing (1) the problem of one way authentication that leads to the man-in-the-middle attack and (2) the vulnerability pertaining to the password update method of SNMPv3. We propose to use certification authority for two-way authentication and Diffie-Hellman algorithm for key exchange to mitigate the impacts of these problems.