With the rapid developmen of the Internet, the exhaustion of IPv4 address limited the development of the Internet for years. IPv6, as the core technology of the next generation Internet, has since been rapidly deployed around the world. As the widely deployed address configuration protocol, DHCPv6 is responsible for allocating globally unique IPv6 addresses to clients, which is the basis for all the network services. However, the initial design of the DHCPv6 protocol gave little consideration to the privacy and security issues, which has led to a proliferation of privacy and security accidents breaches in its real deployment. In this paper, to fundamentally solve a range of possible security and privacy issues, we propose a secure DHCPv6 mechanism, which adds authentication and encryption mechanisms into the original DHCPv6 protocol. Compared with other proposed security mechanisms for the DHCPv6, our method can achieve all-around protection for the DHCPv6 protocol with minimal change to the current protocol, easier deployment, and low computing cost.
This work was supported by the National Natural Science Foundation of China (Nos. 61772307 and 61402257) and Tsinghua University Self-determined Project (No. 2014z21051).