For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Network Access Control for DHCP Environment
Kazumasa KOBAYASHI Suguru YAMAGUCHI
IEICE TRANSACTIONS on Communications
Publication Date: 1998/09/25
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Communication Networks and Services
mobile computing environment, DHCP, access control, gateway, authentication,
Full Text: PDF(546.2KB)>>
In the IETF, discussions on the authentication method of the Dynamic Host Configuration Protocol (DHCP) message are active and several methods have been proposed. These related specifications were published and circulated as the IETF Internet-Drafts. However, they still have several drawbacks. One of the major drawbacks is that any user can reuse addresses illegally. A user can use an expired address that was allocated to a host. This kind of "illegal use" of the addresses managed by the DHCP server may cause serious security problems. In order to solve them, we propose a new access control method to be used as the DHCP message authentication mechanism. Furthermore, we have designed and developed the DAG (DHCP Access Control Gateway) according to our method. The DAG serves as a gateway that allows only network accesses from clients with the address legally allocated by the DHCP server. This provides secure DHCP service if DHCP servers do not have an authentication mechanism, which is most likely to occur. If a DHCP server has such an authentication scheme as being proposed in IETF Internet-Draft, the DAG can offer a way to enable only a specific client to access the network.