Secure DHCPv6 that uses RSA authentication integrated with Self-Certified Address

IPv6 is growing in popularity internationally nowadays. In this paper, we propose a secure DHCPv6 system that uses RSA authentication and Self-Certified Address to improve the access safety. By appending Certificate Option to DHCPv6 messages, the system guarantees the integrity of the messages. In addition, the system allocates addresses which can be verified by the address itself. With the benefits of Certificate Option and Self-Certified Address, the system prevents DHCPv6 from various network attack such as Man-in-Middle attack and Denial-of-Service attack. It also provides strict access control of the network by checking whether the address is obtained from the DHCPv6 server or not. We implement the system on dibbler which is an opensource DHCPv6 software and validate it in our campus network.

[1]  Takamichi Saito,et al.  The secure DHCP system with user authentication , 2002, 27th Annual IEEE Conference on Local Computer Networks, 2002. Proceedings. LCN 2002..

[2]  Sheng Jiang,et al.  Secure DHCPv6 Using CGAs , 2012 .

[3]  Ralph E. Droms,et al.  Authentication for DHCP Messages , 2001, RFC.

[4]  Ralph E. Droms,et al.  Dynamic Host Configuration Protocol , 1993, RFC.

[5]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[6]  Jacques Demerjian,et al.  DHCP Authentication Using Certificates , 2004, SEC.

[7]  Sushil Jajodia,et al.  Security and Protection in Information Processing Systems , 2004, IFIP — The International Federation for Information Processing.

[8]  Ralph E. Droms,et al.  Dynamic Host Configuration Protocol for IPv6 (DHCPv6) , 2003, RFC.

[9]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .