基于国密SM3和SM4算法的SNMPv3安全机制设计与实现  被引量：1

作　　者：田昊 王超 TIAN Hao;WANG Chao(National Computer System Engineering Research Institute of China,Beijing 102200,China)

机构地区：[1]华北计算机系统工程研究所,北京102200

出　　处：《计算机科学》2024年第S01期919-925,共7页Computer Science

基　　金：国家重点研发计划(2021YFB3101600)。

摘　　要：随着网络技术的快速发展以及5G技术的日益普及,接入网络的设备呈指数级增加,网络结构日趋复杂,恶意网络攻击频发。如何安全、高效地管理数量庞大、复杂的网络设备正成为网络管理所面临的新挑战。简单网络管理协议SNMPv3版本相比v1和v2,增加了基于用户安全模型,提供了数据机密性、完整性、防重放等安全服务。但SNMPv3依然存在默认认证算法与加密算法强度不高、密码算法未全面支持国家商密算法标准等问题。文中在分析SNMPv3协议现有安全机制的基础上,针对基于用户安全模型的SNMPv3现存问题提出了优化方案,将SM3和SM4国密算法嵌入SNMPv3安全机制,基于SM3和SM4国密算法为SNMP协议设计了HMAC-SM3-192认证协议和PRIV-CBC-SM4加密协议。在未明显增加响应时间的前提下,提升了SNMP消息传输过程中抵御伪装、信息篡改、信息泄露等安全威胁的能力,实现了SNMP协议安全性方面的优化。With the rapid development of network technology and the increasing popularity of 5G technology,the number of devices accessing the network is increasing exponentially,the network structure is becoming increasingly complex,and malicious network attacks are frequent.How to securely and efficiently manage the large number of complex network devices is becoming a new challenge for network management.Compared with v1 and v2,SNMP v3 adds a user-based security model that provides security services such as data confidentiality,integrity,and anti-replay.However,SNMPv3 still has problems,such as the default authentication algorithm and encryption algorithm strength,which are not high,and the cryptographic algorithm does not fully support the national standard for commercial confidentiality algorithms.Based on the analysis of the existing security mechanism of SNMPv3 protocol,this paper proposes an optimization scheme for the existing problems of SNMPv3 based on user security model,embedded SM3 and SM4 national security algorithms into SNMPv3 security mechanism,and designs HMAC-SM3-192 authentication protocol and PRIV-CBC-SM4 encryption protocol for SNMP protocol based on SM3 and SM4 national security algorithms.Without significantly increasing the response time,it improves the ability to resist security threats such as forgery,information tampering and information leakage during SNMP message transmission,and achieves the optimization of SNMP protocol in terms of security.

关 键 词：SNMPV3 用户安全模型 SM3杂凑算法 SM4对称加密算法 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]