Design And Implementation Of Authentication System For IPv4/IPv6 Dual Stack Hosts

Research shows that 80% of the annual campus network attacks and destructions come from the internal systems. In general, the Network Admittance Control (NAC)can be used to prevent attacks from the internal network. The first step in NAC is to authenticate the devices before they access the network to ensure that only trusted devices can access it. The current authentication systems cannot fully support IPv6.There are still some problems in the authentication method of IPv4/IPv6 dual stack hosts,such as the requirement for special equipment or the waste of IP address,etc.In order to solve the problem of current NAC solutions,this paper presents a new method of NAC and senseless authentication based on DHCP, DHCPv6 and Web Portal.It uses DHCP to extract users' IP addresses and Portal to establish the relation among them. The unique identity of the user can be determined after all information is integrated. The method does not require special hardware support, and applies to the majority of terminals.Based on this method,a unified authentication system is also implemented. The system uses the isolated network segments in DHCP and DHCPv6 to distinguish the pre-authentication users and authenticated users, combines Web Portal to extract the relation of users' IP addresses, and finally implements the authentication of IPv4/IPv6 dual stack hosts. On the basis of successful authentication, the method of senseless authentication is proposed. It allows users to access the network directly by checking the stored information of users' devices, which makes the authentication is imperceptible.The system has been deployed in an experimental network on campus as a test.The result demonstrates that the proposed method above can effectively solve the problem of authentication of IPv4/IPv6 dual stack hosts. It also shows that the scheme can realize the unified authentication of IPv4/IPv6 address of devices, whether in wired or wireless network, whether the devices are mobile phones or computers. Furthermore,it realizes the senseless authentication.