| DHCP(Dynamic Host Configuration Protocol) makes it easy to access an IP network. However, there was no attempt in the design of DHCP to protect against malicious Internet hosts, and consequently the protocol is vulnerable to a variety of attacks. Since the DHCP server doesn't perform any authentication of DHCPDISCOVER client requests. Any intruder can effectively impersonate the identity of any client that divulges its identification information. Likewise, an intruder can impersonate a DHCP server, and send erroneous information to any local DHCP client. Because of the inherent vulnerabilities of the current authentication mechanisms, it proves to be necessary to find solutions answering effectively this legitimate security preoccupation.This paper proposes an extension to DHCP protocol called E-DHCP (Extended-Dynamic Host Configuration Protocol) in order to allow a strict control on the users or the equipments through a strong authentication process. This extension ensures on one hand, the authentication of the entities and DHCP messages and, on the other hand, the access control in DHCP system.It introduces a novel authentication and access control mechanism for DHCP systems. This solution defines a new DHCP option that can provide both entity authentication and message authentication. The mechanism is built up on the use of public key cryptography, X.509 identity certificates and Attribute Certificates. In addition, the PMI (Privilege Management Infrastructure) functionalities are attributed to a new server that groups DHCP server and AA (Attributes Authority) server. The resulting server creates an Attribute Certificate to the client that will be used then in the access control.Since E-DHCP can provider striker authentication mechanism and then support stronger access control, it is more securer than other DHCP systems. In addition, it doesn't need to change the current DHCP system, so it's easy to realize. |
PDF Full Text Request