Dual-Stack Network Management Through One-Time Authentication Mechanism

Yi-Chih Kao,Shi-Chun Tsai,Jui-Chun Liu,Yi-Quan Ke,Yi-Bing Lin

doi:10.1109/access.2020.2974659

Yi-Chih Kao, Shi-Chun Tsai + Show 3 more

Open Access

PDF Available

https://doi.org/10.1109/access.2020.2974659

Copy DOI

Export

Save

Cite

Journal: IEEE Access	Publication Date: Jan 1, 2020
Citations: 4	License type: CC BY 4.0

Affiliation: National Yang Ming Chiao Tung University

Abstract
Highlights/Summary
Full-Text PDF
Similar Papers

Abstract

Listen

The exhaustion of IPv4 addresses has led to the rapid implementation of IPv6. However, the design of IPv6 is incompatible with that of its predecessor IPv4 and slows down the development of the IPv4-to-IPv6 migration. Several transitioning mechanisms have been proposed to attain the compatibility of IPv4 and IPv6 to bridge the gap between these two heterogeneous protocols. The two protocols would need to coexist continually before IPv6 completely takes over IPv4. However, the existing captive portal authentication systems generally do not support IPv4/IPv6 dual-stack authentication and lack one-time dual-stack authentication solutions. Upgrading the authentication system has become an urgent problem to be addressed. This study presents dual-stack network management strategies using a novel one-time authentication mechanism for large and complex dual-stack network environments. The proposed authentication system resolves the inconvenience of separate IPv4 and IPv6 authentication and effectively improves the compatibility of the two protocols. Furthermore, authenticating both IPv4 and IPv6 increases the traceability of traffic logs when security attacks occur. The proposed solution is deployed in a campus dormitory environment, and the feasibility and stability are successfully verified.

Highlights

This study presents dual-stack network management strategies using a novel one-time authentication mechanism for large and complex dual-stack network environments
The proposed authentication system resolves the inconvenience of separate IPv4 and IPv6 authentication and effectively improves the compatibility of the two protocols
This study proposes a cross-layer-3 Media Access Control (MAC) authentication solution suitable for dual-stack environments that allows the Auth Server to query the L3 Switch periodically through the SNMP protocol to obtain the user devices’ IPv4, IPv6, and MAC addresses stored in the ARP and Neighbor Discovery Protocol (NDP) tables

Summary

INTRODUCTION

Since the majority of authentication systems lack effective control mechanisms over the IPv4/IPv6 dual-stack access, they can only authenticate one type of protocol at a time, either IPv4 or IPv6. This paper proposes a series of dual-stack network management strategies to ensure controllability over a large number of users. We propose a novel dual-stack authentication mechanism for environments where IPv4 and IPv6 coexist. This mechanism enables efficient and convenient one-time authentication.

AND RELATED WORK

IMPLEMENTATION AND PERFORMANCE EVALUATION

Findings

CONCLUSION