Network Access Control for DHCP Environment


IEICE TRANSACTIONS on Communications   Vol.E81-B   No.9   pp.1718-1723
Publication Date: 1998/09/25
Online ISSN: 
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Communication Networks and Services
mobile computing environment,  DHCP,  access control,  gateway,  authentication,  

Full Text: PDF>>
Buy this Article

In the IETF, discussions on the authentication method of the Dynamic Host Configuration Protocol (DHCP) message are active and several methods have been proposed. These related specifications were published and circulated as the IETF Internet-Drafts. However, they still have several drawbacks. One of the major drawbacks is that any user can reuse addresses illegally. A user can use an expired address that was allocated to a host. This kind of "illegal use" of the addresses managed by the DHCP server may cause serious security problems. In order to solve them, we propose a new access control method to be used as the DHCP message authentication mechanism. Furthermore, we have designed and developed the DAG (DHCP Access Control Gateway) according to our method. The DAG serves as a gateway that allows only network accesses from clients with the address legally allocated by the DHCP server. This provides secure DHCP service if DHCP servers do not have an authentication mechanism, which is most likely to occur. If a DHCP server has such an authentication scheme as being proposed in IETF Internet-Draft, the DAG can offer a way to enable only a specific client to access the network.