| Special Section on Cyberspace |
|
|
|
|
| Secure DHCPv6 Mechanism for DHCPv6 Security and Privacy Protection |
| Lishan Li, Gang Ren, Ying Liu*, Jianping Wu |
| ∙ Lishan Li, Gang Ren, Ying Liu, and Jianping Wu are with the Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China. |
|
|
|
|
| Guide |
|
Abstract With the rapid developmen of the Internet, the exhaustion of IPv4 address limited the development of the Internet for years. IPv6, as the core technology of the next generation Internet, has since been rapidly deployed around the world. As the widely deployed address configuration protocol, DHCPv6 is responsible for allocating globally unique IPv6 addresses to clients, which is the basis for all the network services. However, the initial design of the DHCPv6 protocol gave little consideration to the privacy and security issues, which has led to a proliferation of privacy and security accidents breaches in its real deployment. In this paper, to fundamentally solve a range of possible security and privacy issues, we propose a secure DHCPv6 mechanism, which adds authentication and encryption mechanisms into the original DHCPv6 protocol. Compared with other proposed security mechanisms for the DHCPv6, our method can achieve all-around protection for the DHCPv6 protocol with minimal change to the current protocol, easier deployment, and low computing cost.
|
|
Received: 20 November 2016
Published: 12 April 2019
|
|
Corresponding Authors:
Ying Liu
|
| About author: ![]()
Jianping Wu received the BS, MS, and PhD degrees from Tsinghua University, China. His research interests include next-generation Internet, IPv6 deployment and technologies, and Internet protocol design and engineering. He is currently a full professor in Tsinghua University, vice chairman of the information committee, and director of the Information Office, Dean of the CS Department and Director of the Network Research Center, Dean of Institute for Network Sciences and Cyberspace, and Director of Information Technology Center, Tsinghua University. He is director of Network Center and Technic Committee of China Education and Research Network CERNET, director of the National Engineering Laboratory for Next Generation Internet, a member of Advisory Committee of National Information Infrastructure for Secretariat of State Council of China, and vice president of Internet Society of China (ISC). He is an IEEE Fellow and was also the Chairman of Asia Pacific Advanced Network from 2007 to 2011. He received the Jonathan B. Postel Award from the Internet Society in 2010. |
|
|
| [1] |
Huston G., IPv4 address report, , 2011.
|
| [2] |
Deering S. and Hinden R., RFC2460: Internet protocol, version 6 (IPv6) specification, IETF, 1998.
|
| [3] |
Jinmei T., Thomson S., and Narten T., RFC4862: IPv6 stateless address autoconfiguration, IETF, 2007.
|
| [4] |
Droms R., Bound J., Volz B., Lemon T., Perkins C., and Carney M., RFC3315: Dynamic host configuration protocol for IPV6 (DHCPv6), 2003.
|
| [5] |
m4tt, Smart trash can knows how fast you walk and which smartphone you use, , 2013.
|
| [6] |
White G., Inside the shopping Centre that tracks your every move, , 2014.
|
| [7] |
Volz B., IETF DHC WG charter, , 2017.
|
| [8] |
Krishnan S., Mrugalski T., and Jiang S., RFC7824: Privacy considerations for DHCPv6, IETF, 2016.
|
| [9] |
Huitema C., Mrugalski T., and Krishnan S., RFC7844: Anonymity profile for DHCP clients, IETF, 2016.
|
| [10] |
Mrugalski T., Siodelski M., Volz B., Yourtchenko A., Richardson M., Jiang S., and Lemon T., Dynamic host configuration protocol for IPV6 (DHCPv6) bis, IETF, 2017.
|
| [11] |
Groat S., Dunlop M., Marchany R., and Tront J., What DHCPv6 says about you, in Proc. 2011 World Congress on Internet Security, London, UK, 2011, pp. 146-151.
|
| [12] |
Farrell S., and Tschofenig H., RFC7258: Pervasive monitoring is an attack, IETF, 2014.
|
| [13] |
Yee P., RFC5280: Updates to the internet X.509 public key infrastructure certificate and Certificate Revocation List (CRL) profile, IETF, 2013.
|
| [14] |
Dukhovni V., RFC7435: Opportunistic security: Some protection most of the time?, IETF, 2014.
|
| [15] |
Sun W. Q., Li H. W., and Wu J. P., Fast mobility solutions in software-defined networks, (in Chinese), J. Tsinghua Univ. (Sci. Technol)., vol. 55, no. 8, pp. 900-905, 2015.
|
| [16] |
Internet Systems Consortium, ISC DHCP, , 2016.
|
| [17] |
kea, Secure DHCPv6, , 2015.
|
| [18] |
IETF-93 (Prague) DHC WG Meeting, , 2015.
|
| [19] |
Li L., Jiang S., Cui Y., Jinmei T., Lemon T., and Zhang D., Secure DHCPv6, draft-ietf-dhc-sedhcpv6-21, IETF, 2017.
|
| [20] |
Wu J., Bi J., Bagnulo M., Baker F., and Vogt C., RFC7039: Source address validation improvement (SAVI) framework, IETF, 2013.
|
| [21] |
Bi J., Wu J., Yao G., and Baker F., RFC7513: Source address validation improvement (SAVI) solution for DHCP, IETF, 2015.
|
| [22] |
IETF dhc wg maillist, , 2017.
|
| [23] |
He L., Ren G., and Liu Y., General requirement driven IPv6 address generation mechanisms management system, (in Chinese), Huazhong Univ. Sci. Technol. Nat. Sci. Ed., vol. 44, no. S1, pp. 89-93, 2016.
|
| [24] |
Liu Y., Ren G., Wu J. P., Zhang S. L., He L., and Jia Y. H., Building an IPv6 address generation and traceback system with NIDTGA in Address Driven Network, Sci. China Inf. Sci., vol. 58, no. 12, pp. 1-14, 2015.
|
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
