Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Design and Implementation of DHCP Supporting Network Attack Prevention

네트워크 공격 방지를 지원하는 DHCP의 설계 및 구현에 관한 연구

  • Yoo, Kwon-joeong (Department of Information and Communication Engineering, Hanbat National University) ;
  • Kim, Eun-gi (Department of Information and Communication Engineering, Hanbat National University)
  • Received : 2016.01.21
  • Accepted : 2016.03.09
  • Published : 2016.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

DHCP(Dynamic Host Configuration Protocol) is a protocol for efficiency and convenience of the IP address management. DHCP automatically assigns an IP address and configuration information needed to run the TCP/IP communication to individual host in the network. However, existing DHCP is vulnerable for network attack such as DHCP spoofing, release attack because there is no mutual authentication systems between server and client. To solve this problem, we have designed a new DHCP protocol supporting the following features: First, ECDH(Elliptic Curve Diffie-Hellman) is used to create session key and ECDSA(Elliptic Curve Digital Signature Algorithm) is used for mutual authentication between server and client. Also this protocol ensures integrity of message by adding a HMAC(Hash-based Message Authentication Code) on the message. And replay attacks can be prevented by using a Nonce. As a result, The receiver can prevent the network attack by discarding the received message from unauthorized host.

DHCP(Dynamic Host Configuration Protocol)는 IP 주소 관리의 효율성과 편의를 위한 프로토콜이다. DHCP는 네트워크 내 개별 호스트에게 TCP/IP 통신을 실행하기 위해 필요한 IP 주소 및 구성 정보를 자동적으로 할당해준다. 하지만 기존의 DHCP는 서버와 클라이언트 간 상호 인증 체계가 없기 때문에 DHCP spoofing, release 공격과 같은 네트워크 공격에 취약하다. 이러한 문제점을 해결하기 위해 본 논문에서는 다음과 같은 기능을 지원하는 DHCP 프로토콜을 설계하였다. 먼저, ECDH(Elliptic Curve Diffie-Hellman)를 이용하여 세션 키를 생성하고 ECDSA(Elliptic Curve Digital Signature Algorithm)를 사용하여 전자서명을 함으로써 서버와 클라이언트 간 상호 인증을 수행한다. 그리고 메시지에 HMAC(Hash-based Message Authentication Code)을 추가하여 메시지의 무결성을 보장한다. 또한 Nonce를 사용하여 재전송공격을 방지한다. 결과적으로 수신자는 인증되지 않은 호스트로부터 수신한 메시지를 폐기함으로써 네트워크 공격을 막을 수 있다.

Keywords

References

  1. Charles M. Kozierok, TCP / IP Complete Guide, Uiwang:acorn publishing Co., 2007.
  2. IETF Std. RFC 2131, Dynamic Host Configuration Protocol, IETF, R. Droms, March 1997.
  3. Behrouz A. Forouzan, TCP/IP Protocol Suite, Fourth Edition. New York, NY: McGRAW HILL INTERNATIONAL EDITION, 2010.
  4. Won-jong Kang, Jung-jae Yoon, and Chan Koh, "Effective IP Address Management on Ethernet Environment," The Korean Society for Industrial and Applied Mathematics, vol. 7, no. 2, pp113-125, Dec. 2003
  5. IETF. Privacy considerations for DHCP, draft-ietf-dhcdhcp-privacy-00 [Internet]. Available: https://datatracker.ietf.org/doc/draft-ietf-dhc-dhcp-privacy/00/.
  6. IETF Std. RFC 2132, DHCP Options and BOOTP Vendor Extensions, IETF, S. Alexander, R. Droms, March 1997.
  7. IETF Std. RFC 3118, Authentication for DHCP messages, IETF, R. Droms, W. Arbaugh, June 2001.
  8. Moon-Gi Kim, Da-Hye Jeong Jae-Won Lee, Kwon-Jeong Yoo, Eun-Gi Kim, "A Study on the DHCP Supporting Network Attack Prevention," in The 2015 Fall Conference of the KIPs, Jeju, pp. 1-3, 2015.
  9. IETF Std. RFC 3118, Authentication for DHCP Messages, IETF, R. Droms, Editor, W. Arbaugh, Editor, June 2001.
  10. Carlisle Adams and Steve Lloyd, Effective way for security PKI, Seoul, Infobook, 2003.
  11. Seok-ho Kim, "Comparison and analysis on efficiency of scalar multiplication for Elliptic Curve Cryptosystem," M. S. dissertation, Korea Maritime and Ocean University graduate school, Busan, 2003.
  12. Yeong-ja Kim, "Design and implementation of a security messenger system using elliptic curve cryptosystem," M. S. dissertation, Chung-Ang University Information graduate school, Seoul, 2004.
  13. IETF Std. RFC 6979, Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA), IETF, T. Pornin, August 2013.
  14. Song-hwan Lim, "The efficiency analysis of ECDSA using improved element algorithm," M. S. dissertation, Dongguk University Graduate School of International Affairs & Information, Seoul, 2000.
  15. IETF Std. RFC 4050, Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures, IETF, S. Blake-Wilson, G. Karlinger, T. Kobayashi, Y. Wang, April 2005.
  16. IETF Std. RFC 2104, HMAC: Keyed-Hashing for Message Authentication, IETF, H. Krawczyk, M. Bellare, R. Canetti, February 1997.
  17. Seong-Gyu Sin, "An HMAC Algorithm for Digital Signature," M. S. dissertation, Catholic Kwandong Graduate School of Education, Gangwon-do, 2003.
  18. Kyung-Sik Kim, "A scheme for improving DHCP and adapting wireless LAN to POSCO," M. S. dissertation, postech, Gyeongsangbuk-do, 2002.
  19. IETF Std. RFC6704, Forcerenew Nonce Authentication, IETF, D. Miles, W. Dec, J. Bristow, R. Maglione, August 2012.