Skip to main content
SpringerLink
Log in

DHCPv6Auth: a mechanism to improve DHCPv6 authentication and privacy

  • Published:
Sādhanā Aims and scope Submit manuscript

Abstract

Internet Protocol version 6 (IPv6) deployment continues to gain ground due to the increasing demand for IP addresses generated by the number of Internet facing devices, and it is compounded by the exhaustion of allocatable IPv4 addresses. Dynamic Host Configuration Protocol version 6 (DHCPv6) is used to allocate IPv6 addresses and distribute network configuration information to IPv6 hosts in a link-local network. However, DHCPv6 messages in transit expose identifiable information of the DHCPv6 client that could be used by malicious users to track their victims. Additionally, the lack of an authentication mechanism leaves IPv6 hosts vulnerable to rogue DHCPv6 server attacks. This paper introduces DHCPv6 Authentication (DHCPv6Auth) mechanism to prevent rogue DHCPv6 server attacks and protect the privacy of IPv6 hosts. DHCPv6Auth uses the Ed25519 digital signature algorithm for authentication and could be used in conjunction with Anonymity Profile mechanisms for privacy protection. The DHCPv6Auth mechanism was compared with other mechanisms in terms of processing time, prevention of rogue DHCPv6 server attack, and protection of users’ privacy. The results show that it requires less processing time and traffic overhead than other authentication mechanisms; is able to prevent rogue DHCPv6 server attacks; and provides better privacy protection for the IPv6 host than other authentication mechanisms to which it was compared.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11

Similar content being viewed by others

References

  1. Groat S, Dunlop M, Urbanksi W, Marchany R and Tront J 2012 Using an IPv6 moving target defense to protect the smart grid. In: 2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012. IEEE, pp 1–7

  2. Internet Society 2018 State of IPv6 Deployment 2018 | Internet Society. https://www.internetsociety.org/resources/2018/state-of-ipv6-deployment-2018/

  3. Beeharry J and Nowbutsing B 2016 Forecasting IPv4 exhaustion and IPv6 migration. In: IEEE International Conference on Emerging Technologies and Innovative Business Practices for the Transformation of Societies, EmergiTech 2016. pp 336–340

  4. Elejla O E, Anbar M and Belaton B 2017 ICMPv6-based DoS and DDoS attacks and defense mechanisms: review IETE Tech. Rev. (Institution Electron. Telecommun. Eng. India) 34: 390–407

    Google Scholar 

  5. Ruiz J M V, Cardenas C S and Tapia J L M 2017 Implementation and testing of IPv6 transition mechanisms. In: IEEE 9th Latin-American Conference on Communications, LATINCOM 2017 vol 2017-January. IEEE, pp 1–6

  6. Yousheng G, Lingyun Y and Lijing H 2018 Addressing scheme based on three-dimensional space over 6LoWPAN for internet of things ICEMI 2017. In: Proceedings of IEEE 13th International Conference on Electronic Measurement and Instruments vol. 2018-January. IEEE, pp 59–64

  7. Tirkkonen L 2016 Utilising configuration management node data for network infrastructure management (Aalto University)

  8. Dong Wei, Jeremy Kerr, Joseph Shifflett, Samer El-Haj-Mahmoud T H and V M 2013 Dynamic Host Configuration Protocol for IPv6 (DHCPv6). https://www.iana.org/

  9. Brzozowski J and de Velde G Van 2017 Unique IPv6 Prefix per Host (RFC Editor)

  10. Horley E and Horley E 2014 IPv6 and DHCP. In: Practical IPv6 for Windows Administrators (Apress, Berkeley, CA: Springer), pp 191–207

  11. Sarma S 2014 Securing IPv6’s Neighbour and Router Discovery, using Locally Authentication Process. IOSR J. Comput. Eng. 16: 22–31

    Article  Google Scholar 

  12. Naidu S 2013 IPv6: threats posed by multicast packets, extension headers and their counter measures. IOSR J. Comput. Eng. 15: 66–75

    Article  Google Scholar 

  13. Droms R, Bound J, Volz B, Lemon T, Perkins C and Carney M 2003 Dynamic host configuration protocol for IPv6 (DHCPv6) (RFC Editor)

  14. Su Z, Ma H, Zhang X and Zhang B 2011 Secure DHCPv6 that uses RSA authentication integrated with self-certified address. In: Proceedings - 2011 3rd Int. Work. Cybersp. Saf. Secur. CSS 2011. pp 39–44

  15. Li L, Jiang S, Cui Y, Jinmei T, Lemon T and Zhang D 2017 Secure DHCPv6 draft-ietf-dhc-sedhcpv6-21 (RFC Editor)

  16. Gont F and Liu W 2016 A Method for Generating Semantically Opaque Interface Identifiers (IIDs) with the Dynamic Host Configuration Protocol for IPv6 (DHCPv6)

  17. Groat S, Dunlop M, Marchany R and Tront J 2010 The privacy implications of stateless IPv6 addressing. In: ACM International Conference Proceeding Series. ACM, p 52

  18. Tront J, Groat S, Dunlop M and Marchany R 2011 Security and privacy produced by DHCP unique identifiers. Proceedings - 16th North-East Asia Symposium on Nano, Information Technology and Reliability, NASNIT 2011. IEEE, pp 170–9

  19. Krishnan S, Mrugalski T and Jiang S 2016 Privacy Considerations for DHCPv6 (RFC Editor)

  20. Huitema C, Mrugalski T and Krishnan S 2016 Anonymity Profiles for DHCP Clients (RFC Editor)

  21. Kaltio J 2016 IPv6 in SoHo Environment: A Study of Basic Functionality (Metropolia Ammattikorkeakoulu)

  22. Kharche M P S and Jawandhiya P M 2016 A case study of IPv4 and IPv6. National Conference “CONVERGENCE, p 6

  23. R. Droms W A 2001 Authentication for DHCP Messages (RFC Editor)

  24. Droms R 2004 Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6 Status (RFC Editor)

  25. Shen S, Lee X, Sun Z and Jiang S 2011 Enhance IPv6 dynamic host configuration with cryptographically generated addresses. In: Proceedings - 2011 5th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2011. pp 487–490

  26. Gont F and Liu W 2016 DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers - draft-gont-opsec-dhcpv6-shield-01 (RFC Editor)

  27. Li L, Ren G, Liu Y and Wu J 2018 Secure DHCPv6 mechanism for DHCPv6 security and privacy protection. Tsinghua Sci. Technol. 23: 13–21

    Article  Google Scholar 

  28. Alangar V and Swaminathan A 2013 IPv6 security: issue of anonymity. J. Eng. Comput. Sci. 2: 2486–2493

    Google Scholar 

  29. Agarwal M, Biswas S and Nandi S 2019 Discrete event system framework for fault diagnosis with measurement inconsistency: Case study of rogue DHCP attack. IEEE/CAA J. Autom. Sin. 6: 789–806

    Article  MathSciNet  Google Scholar 

  30. Fangfang W, Huazhong W, Dongqing C and Yong P 2013 Substation communication security research based on hybrid encryption of des and RSA In: Proceedings - 2013 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2013. pp 437–441

  31. Rahouma K H 2016 Securing software programs by applying security services with microsoft VB net programming. Am. J. Inf. Sci. Comput. Eng. 2: 79–90

    Google Scholar 

  32. Rahouma K H 2017 Reviewing and applying security services with non-english letter coding to secure software applications in light of software trade-offs. Int. J. Softw. Eng. Comput. Syst. 3: 71–87

    Article  Google Scholar 

  33. Asaduzzaman A, Gummadi D and Waichal P 2015 A promising parallel algorithm to manage the RSA decryption complexity. In: Conference Proceedings - IEEE SOUTHEASTCON vol 2015-June. IEEE, pp 1–5

  34. Dinu D D and Togan M 2014 DHCP server authentication using digital certificates In: IEEE International Conference on Communications. IEEE, pp 1–6

  35. Josefsson S and Liusvaara I 2017 edwards-curve digital signature algorithm (EdDSA)(RFC 8032

  36. Podermanski T, Grégr M and Švéda M 2012 Deploying IPv6-practical problems from the campus perspective. In: Terena Networking Conference

  37. Atlasis A and Rey E 2015 IPv6 Router Advertisement Flags, RDNSS and DHCPv6 Conflicting Configurations Operational & Security Implications (Enno Rey Netzwerke (ERNW) providing Security)

  38. Narten T, Nordmark E and Simpson W 2007 Neighbor Discovery for IP Version 6 (IPv6) vol 6

  39. Mrugalski T, Siodelski M, Volz B, Yourtchenko A, Richardson M, Jiang S, Lemon T and Winters T 2018 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) (RFC Editor)

  40. Steffann S 2018 DHCPKit github

  41. Paul K and Heidelberger V 2018 PyNaCl: Python binding to the libsodium library Github

  42. Montante R 2018 Using scapy in teaching network header formats: Programming network headers for non-programmers, In: Proceedings of the 49th ACM Technical Symposium on Computer Science Education. ACM, p 1106

  43. Sanders C 2017 Practical packet analysis: Using Wireshark to solve real-world network problems (No Starch Press)

  44. Gont F 2014 Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard) (RFC Editor)

Download references

Acknowledgements

This research is supported by Fundamental Research Grant Scheme (FRGS), Ministry of Higher Education, Malaysia No: FRGS/1/2019/ICT03/USM/02/3.

Author information

Authors and Affiliations

  1. National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Gelugor, Penang, Malaysia

    AYMAN AL-ANI, MOHAMMED ANBAR, AHMED K AL-ANI & IZNAN HUSAINY HASBULLAH

Authors
  1. AYMAN AL-ANI
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. MOHAMMED ANBAR
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. AHMED K AL-ANI
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. IZNAN HUSAINY HASBULLAH
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to MOHAMMED ANBAR.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

AL-ANI, A., ANBAR, M., AL-ANI, A.K. et al. DHCPv6Auth: a mechanism to improve DHCPv6 authentication and privacy. Sādhanā 45, 33 (2020). https://doi.org/10.1007/s12046-019-1244-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s12046-019-1244-4

Keywords

Search

Navigation