论文信息 - DHCP Authentication Using Certificates

DHCP Authentication Using Certificates

In this paper, we describe several methods of DHCP authentication. We propose an extension to DHCP protocol in order to allow a strict control on equipments by using a strong authentication. This extension, called E-DHCP (Extended-Dynamic Host Configuration Protocol) is based on two principles. The first one is the defimition of a new DHCP option that provides simultaneously the authentication of entities (client/server) and DHCP messages. The technique used by this option is based mainly on the use of asymmetric keys encryption RSA, X.509 identity certificates and attribute certificates. The second principle is the attribution of PMI (Privilege Management Infrastructure) attribute authority server functionalities to DHCP server. This server creates an attribute certificate to the client, which ensures the relation between the identity certifiicate of the client and the allocated IP address. This attribute certificate will be then used in the access control.

Jacques Demerjian | Ahmed Serhrouchni | A. Serhrouchni | J. Demerjian

[1] Bernard Aboba,et al. DHCP Authentication Via Kerberos V , 2001 .

[2] Jon Postel,et al. Internet Protocol , 1981, RFC.

[3] W. Douglas Maughan,et al. Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[4] Ralph E. Droms. Interoperation Between DHCP and BOOTP , 1993, RFC.

[5] Alan O. Freier,et al. The SSL Protocol Version 3.0 , 1996 .

[6] Jakob Jonsson,et al. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.

[7] Roy T. Fielding,et al. Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.

[8] Ralph E. Droms,et al. Dynamic Host Configuration Protocol , 1993, RFC.

[9] Charles E. Perkins,et al. Using DHCP with computers that move , 1995, Wirel. Networks.

[10] Randall J. Atkinson,et al. Security Architecture for the Internet Protocol , 1995, RFC.

[11] Jon Postel,et al. User Datagram Protocol , 1980, RFC.

[12] Ralph E. Droms. Procedure for Defining New DHCP Options , 1999, RFC.

[13] Ralph E. Droms,et al. Authentication for DHCP Messages , 2001, RFC.

[14] Takamichi Saito,et al. The secure DHCP system with user authentication , 2002, 27th Annual IEEE Conference on Local Computer Networks, 2002. Proceedings. LCN 2002..

[15] Ralph E. Droms,et al. DHCP Options and BOOTP Vendor Extensions , 1993, RFC.