Privacy and Security of DHCP Unique Identifiers

Abstract

As protection against the current privacy weaknesses of StateLess Address AutoConfiguration (SLAAC) in the Internet Protocol version 6 (IPv6), network administrators may choose to deploy the new Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Similar to the Dynamic Host Configuration Protocol (DHCP) for the Internet Protocol version 4 (IPv4), DHCPv6 uses a clientserver model to manage addresses in networks, providing stateful address assignment. While DHCPv6 can be configured to assign randomly distributed addresses to clients, the DHCP Unique Identifier (DUID) was designed to identify uniquely identify clients to servers and remains static to clients as they move between different subnets and networks. Since the DUID is globally unique and exposed in the clear, attackers can geotemporally track clients by sniffing DHCPv6 messages on the local network or by using unauthenticated protocol-valid queries that request systems’ DUIDs or leased addresses. DUIDs can also be formed with systemspecific information, further compromising the privacy and security of the host. To combat the threat of the static DUID, a dynamic DUID was implemented and analyzed for its effect on privacy and security as well as its computational overhead. The privacy implications of DHCPv6 must be addressed before large-scale IPv6 deployment.