Network appliances are getting more popular and common both in the household and in industry. As more items become network aware, the variety of items also increases drastically. This leads to more heterogeneous systems with different vendors providing different implementations. As network appliances' functionality is expanded, people develop a greater dependence on them and hence their status and the ease of controlling them become of paramount importance. It is also beneficial for the network appliances to be able to integrate with a large existing network for easier access. TCP/IP is a protocol with a large user base and is also the protocol of choice for the internet. It is also a well-tested and used protocol that is robust with many well developed hardware and even wireless access capabilities. This makes TCP/IP a suitable protocol to link network appliances or at least to link them to the outside. Simple Network Management Protocol (SNMP) [1, 2] is the network management protocol of choice for TCP/IP. By using the GetRequest PDU (Protocol Data Unit) of SNMP and proper MIB (Management Information Base) implementation of each networked appliance, the condition and various information of each item can be retrieved. Control of networked appliances can also be done via a SetRequest PDU on a MIB that will be polled to trigger an action on the item. There is even an Alarm PDU that a network appliance can send to indicate the completion of certain predefined tasks or emergency situation. Even if there are networked appliances where TCP/IP or SNMP cannot be suitably implemented, a proxy can easily be implemented to communicate with these items. The proxy can be implemented on the central networked appliance device or even a personal computer. However, the security mechanism for Simple Network Management Protocol version 1 and 2 (SNMPv1 and SNMPv2) are trivial [3] and therefore its potential to be a network management protocol have been limited to merely an observation/monitoring protocol. It is vital that the management protocol has sufficient security, as it might be disastrous for many networked appliances if exposed to unauthorized access such as alarms and temperature control. These security concerns were addressed by SNMPv3 (USM and VACM) [4, 5] but it is complex and difficult to implement on networked appliances and also on today's deployed systems. APSSNMP (Application Secure SNMP) [6] as proposed, is a simpler implementation that is easier and less costly to implement. It is also resistant to masquerade, modification, replay threats and also provide confidentiality. APSSNMP can be easily extended on the agent and provide backward compatibility with other devices implementing SNMP. APSSNMP will even provide logging capability indicating the last entity/user that instructed the network appliance to perform an action. Furthermore, the sensitive information in the database/MIB accessible via SNMP which would have been exposed is encrypted to maintain the confidentiality of the information (ie. whether the alarm is ON or not) to unauthorized observers. It is therefore a suitable choice to use a secure version of SNMP to provide a standardized management protocol for the various networked appliances that may come to the market.
展开▼
