Secure DHCPv6 Mechanism for DHCPv6 Security and Privacy Protection

Lishan Li; Gang Ren; Ying Liu; Jianping Wu

doi:10.26599/TST.2018.9010020

Tsinghua Science and Technology 2018, 23(1): 13-21 https://doi.org/10.26599/TST.2018.9010020

Open Access | Issue | Published: 15 February 2018

Secure DHCPv6 Mechanism for DHCPv6 Security and Privacy Protection

Show Author's Information Hide Author's Information Lishan Li, Gang Ren, Ying Liu(

), Jianping Wu

Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China.

Keywords:

security, privacy, DHCPv6, IETF, authentication, encryption

Cite this article:

Li L, Ren G, Liu Y, et al. Secure DHCPv6 Mechanism for DHCPv6 Security and Privacy Protection. Tsinghua Science and Technology, 2018, 23(1): 13-21. https://doi.org/10.26599/TST.2018.9010020

Download citation

EndNote(RIS)

BibTeX

552

Views

Downloads

Citations

Crossref

N/A

WoS

Scopus

CSCD

Abstract Full text About this article

Abstract

With the rapid developmen of the Internet, the exhaustion of IPv4 address limited the development of the Internet for years. IPv6, as the core technology of the next generation Internet, has since been rapidly deployed around the world. As the widely deployed address configuration protocol, DHCPv6 is responsible for allocating globally unique IPv6 addresses to clients, which is the basis for all the network services. However, the initial design of the DHCPv6 protocol gave little consideration to the privacy and security issues, which has led to a proliferation of privacy and security accidents breaches in its real deployment. In this paper, to fundamentally solve a range of possible security and privacy issues, we propose a secure DHCPv6 mechanism, which adds authentication and encryption mechanisms into the original DHCPv6 protocol. Compared with other proposed security mechanisms for the DHCPv6, our method can achieve all-around protection for the DHCPv6 protocol with minimal change to the current protocol, easier deployment, and low computing cost.

Full text

Abstract

Full text

Outline

About this article

Secure DHCPv6 Mechanism for DHCPv6 Security and Privacy Protection

Show Author's information Hide Author's Information Lishan Li, Gang Ren, Ying Liu(

), Jianping Wu

Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China.

Abstract

Keywords: security, privacy, DHCPv6, IETF, authentication, encryption

References(24)

[1]

G. Huston, IPv4 address report, http://www.potaroo.net/tools/ipv4, 2011.

[2]

S. Deering and R. Hinden, RFC2460: Internet protocol, version 6 (IPv6) specification, IETF, 1998.

[3]

T. Jinmei, S. Thomson, and T. Narten, RFC4862: IPv6 stateless address autoconfiguration, IETF, 2007.

[4]

R. Droms, J. Bound, B. Volz, T. Lemon, C. Perkins, and M. Carney, RFC3315: Dynamic host configuration protocol for IPV6 (DHCPv6), 2003.

[5]

m4tt, Smart trash can knows how fast you walk and which smartphone you use, http://www.theverge.com/2013/8/9/4604980/smartuk-trashcans-smartphone-speed-proximity-wifi, 2013.

[6]

G. White, Inside the shopping Centre that tracks your every move, http://www.channel4.com/news/shoppingcentre-wifi-tracking-spy-data, 2014.

[7]

B. Volz, IETF DHC WG charter, http://datatracker.ietf.org/wg/dhc/charter/, 2017.

[8]

S. Krishnan, T. Mrugalski, and S. Jiang, RFC7824: Privacy considerations for DHCPv6, IETF, 2016.

[9]

C. Huitema, T. Mrugalski, and S. Krishnan, RFC7844: Anonymity profile for DHCP clients, IETF, 2016.

[10]

T. Mrugalski, M. Siodelski, B. Volz, A. Yourtchenko, M. Richardson, S. Jiang, and T. Lemon, Dynamic host configuration protocol for IPV6 (DHCPv6) bis, IETF, 2017.

[11]

S. Groat, M. Dunlop, R. Marchany, and J. Tront, What DHCPv6 says about you, in Proc. 2011 World Congress on Internet Security, London, UK, 2011, pp. 146-151.

DOI

[12]

S. Farrell, and H. Tschofenig, RFC7258: Pervasive monitoring is an attack, IETF, 2014.

[13]

P. Yee, RFC5280: Updates to the internet X.509 public key infrastructure certificate and Certificate Revocation List (CRL) profile, IETF, 2013.

[14]

V. Dukhovni, RFC7435: Opportunistic security: Some protection most of the time?, IETF, 2014.

[15]

W. Q. Sun, H. W. Li, and J. P. Wu, Fast mobility solutions in software-defined networks, (in Chinese), J. Tsinghua Univ. (Sci. Technol)., vol. 55, no. 8, pp. 900-905, 2015.

Google Scholar

[16]

Internet Systems Consortium, ISC DHCP, https://www.isc.org/downloads/dhcp/, 2016.

[17]

kea, Secure DHCPv6, https://kea.isc.org/wiki/SecureDHCPv6, 2015.

[18]

IETF-93 (Prague) DHC WG Meeting, https://www.ietf.org/proceedings/93/slides/slides-93-dhc-0.pdf, 2015.

[19]

L. Li, S. Jiang, Y. Cui, T. Jinmei, T. Lemon, and D. Zhang, Secure DHCPv6, draft-ietf-dhc-sedhcpv6-21, IETF, 2017.

[20]

J. Wu, J. Bi, M. Bagnulo, F. Baker, and C. Vogt, RFC7039: Source address validation improvement (SAVI) framework, IETF, 2013.

[21]

J. Bi, J. Wu, G. Yao, and F. Baker, RFC7513: Source address validation improvement (SAVI) solution for DHCP, IETF, 2015.

[22]

IETF dhc wg maillist, https://www.ietf.org/mailarchive/web/dhcwg/current/msg18104.html, 2017.

[23]

L. He, G. Ren, and Y. Liu, General requirement driven IPv6 address generation mechanisms management system, (in Chinese), Huazhong Univ. Sci. Technol. Nat. Sci. Ed., vol. 44, no. S1, pp. 89-93, 2016.

Google Scholar

[24]

Y. Liu, G. Ren, J. P. Wu, S. L. Zhang, L. He, and Y. H. Jia, Building an IPv6 address generation and traceback system with NIDTGA in Address Driven Network, Sci. China Inf. Sci., vol. 58, no. 12, pp. 1-14, 2015.

DOI Google Scholar

About this article

Publication history

Acknowledgements

Rights and permissions

Publication history

Received: 20 November 2016

Accepted: 21 June 2017

Published: 15 February 2018

Issue date: February 2018

Copyright

Acknowledgements

This work was supported by the National Natural Science Foundation of China (Nos. 61772307 and 61402257) and Tsinghua University Self-determined Project (No. 2014z21051).