Abstract
In this paper, we describe several methods of DHCP authentication. We propose an extension to DHCP protocol in order to allow a strict control on equipments by using a strong authentication. This extension, called E-DHCP (Extended-Dynamic Host Configuration Protocol) is based on two principles. The first one is the defimition of a new DHCP option that provides simultaneously the authentication of entities (client/server) and DHCP messages. The technique used by this option is based mainly on the use of asymmetric keys encryption RSA, X.509 identity certificates and attribute certificates. The second principle is the attribution of PMI (Privilege Management Infrastructure) attribute authority server functionalities to DHCP server. This server creates an attribute certificate to the client, which ensures the relation between the identity certifiicate of the client and the allocated IP address. This attribute certificate will be then used in the access control.
Chapter PDF
References
R. Droms “Dynamic Host Configuration Protocol”, IETF, RFC 2131, Mar. 1997.
R. Droms and S. Alexander, “DHCP Options and BOOTP Vendor Extensions”, IETF, RFC 2132, Mar. 1997.
B. Croft and J. Gilmore, “Bootstrap Protocol (BOOTP)”, IETF, RFC 951, Sep. 1985.
T. Bemers-Lee, R. Fielding and L. Masinter, “Uniform Resource Identifiers (URI): Generic Syntax”. IETF, RFC 2396, Aug. 1998.
R. Droms, “Interoperation Between DHCP and BOOTP”, IETF, RFC 1534, Oct. 1993.
C. Perkins and K. Luo, “Using DHCP with computers that move”, Wireless Networks, Mar. 1995.
M. del Rey, “Internet Protocol”, IETF, RFC 791, Sep. 1981.
R. Droms and W. Arbaugh, “Authentication for DHCP Messages”, IETF, RFC 3118, Jun 2001.
J. Jonsson and B. Kaliski, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryntogranhy Specifications Version 2.1”, IETF, RFC 3447, Feb. 2003.
Information technology-Open Systems Interconnection-The Directory: Authentication framework, ITU-T Recommendation X.509, 1997.
Information technology-Open Systems Interconnection-The Directory: “Public-key and attribute certificate frameworks”, ITU-T Recommendation X.509, 2000.
J. Postel, “User Datagram Protocol”, IETF, RFC 768, Aout 1980.
A Homstein and al., “DHCP Authentication via Kerberos V”, Internet Draft, Nov. 2000.
A. Freier, P. Karlton and P. Kocher, “The SSL Protocol, Version 3.0”, Netscape Communications Corn.. November 1996. Standards Information Base, The Open Group.
D. Maughan, M. Schertler, M. Schneider and J. Turner, “Internet Security Association and Key Management Protocol (ISAKMP)”, IETF, RFC 2408, Nov. 1998.
S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol”, IETF, RFC 2401, Nov. 1998.
R. Droms, Procedure for Defming New DHCP Options, IETF, RFC 2489, Jan. 1999.
G. Glazer and al., “Certificate-Based Authentication for DHCP”, Mar. 2003.
T. Komori and T. Saito, “The secure DHCP System with User Authentucation”, LCN’02, 27th Annual IEEE Conference on Local Computer Networks, Nov. 2002.
Internet Software Consortium. Dynamic Host Configuration Protocol Distribution.
A. Tominaga, O. Nakamura, F. Teraoka and J. Marai, “Problems and solutions of DHCP”, INET’95, The 5th Annual Conference of the Internet Society, Apr. 1995.
Threshold Networks, “RAZZO IP server appliance — Integrated solution for management of IP, DNS and DHCP”, White paper, Apr. 2001.
J. Demejian, A. Serhrouchni and F. Tastet, “Why certificates don’t meet e-business needs?”, SSGRR’03W, International Conference on Advances in infrastructure for eElectronic, e-Business, e-Education, e-Science, e-Medicine on the Internet, Jan. 2003.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
Demerjian, J., Serhrouchni, A. (2004). DHCP Authentication Using Certificates. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP — The International Federation for Information Processing, vol 147. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8143-X_30
Download citation
DOI: https://doi.org/10.1007/1-4020-8143-X_30
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-8016-1
Online ISBN: 978-1-4020-8143-9
eBook Packages: Springer Book Archive