On the Impact of Security Protocols on the Performance of SNMP

Abstract

Since the early 1990s, there have been several attempts to secure the Simple Network Management Protocol (SNMP). The third version of the protocol, published as full standard in 2002, introduced the User-based Security Model (USM), which comes with its own user and key-management infrastructure. Since then, network operators have reported that deploying another user and key management infrastructure to secure SNMP is expensive and a reason to not deploy SNMPv3. This paper describes how existing security protocols operating above the transport layer and below application protocols can be used to secure SNMP. These protocols can take advantage of already deployed key management infrastructures that are used for other network management interfaces and hence their use can reduce the operational costs associated with securing SNMP. Our main contribution is a detailed performance analysis of a prototype implementation, comparing the performance of SNMPv3 over SSH, TLS, and DTLS with other versions of SNMP. We also discuss the differences between the various options to secure SNMP and provide guidelines for choosing solutions to implement or deploy.