DHCPv6Auth: a mechanism to improve DHCPv6 authentication and privacy

Abstract

Internet Protocol version 6 (IPv6) deployment continues to gain ground due to the increasing demand for IP addresses generated by the number of Internet facing devices, and it is compounded by the exhaustion of allocatable IPv4 addresses. Dynamic Host Configuration Protocol version 6 (DHCPv6) is used to allocate IPv6 addresses and distribute network configuration information to IPv6 hosts in a link-local network. However, DHCPv6 messages in transit expose identifiable information of the DHCPv6 client that could be used by malicious users to track their victims. Additionally, the lack of an authentication mechanism leaves IPv6 hosts vulnerable to rogue DHCPv6 server attacks. This paper introduces DHCPv6 Authentication (DHCPv6Auth) mechanism to prevent rogue DHCPv6 server attacks and protect the privacy of IPv6 hosts. DHCPv6Auth uses the Ed25519 digital signature algorithm for authentication and could be used in conjunction with Anonymity Profile mechanisms for privacy protection. The DHCPv6Auth mechanism was compared with other mechanisms in terms of processing time, prevention of rogue DHCPv6 server attack, and protection of users’ privacy. The results show that it requires less processing time and traffic overhead than other authentication mechanisms; is able to prevent rogue DHCPv6 server attacks; and provides better privacy protection for the IPv6 host than other authentication mechanisms to which it was compared.