ON DHCP SECURITY

Despite the security issues it has, DHCP is one of the most used protocols because it facilitates the automatic allocation of the configuration information in a network. While the number of mobile devices connected to Internet is increasing exponentially, the widespread adoption of IPv6 will take a lot of time. In this context, the need for good security mechanisms that prevents the known attacks against DHCP raises. In this paper we present an overview of the previous solutions to secure the protocol and, in the same time, we identify the reasons why each of these attempts failed. Based on the previous work missteps, we define a set of requirements for a practical and efficient authentication module for DHCP. Then we introduce a simple and flexible module that allows authentication of DHCP messages using two different trust models: PKI and PGP. We implemented and evaluated the proposed authentication module using different key types and sizes in the two trust models. The comprehensive results show that the proposed authentication module does not affect the protocol operation, but provides the so necessary security that DHCP lacks.