Salim M. Ali,Ammar A. Shareef

DOI: https://doi.org/10.31987/ijict.1.1.175

2021-12-15

Abstract:DHCP is an important aspect in small and large networks, since it facilitates the IP configuration of computers. However, DHCP is vulnerable to different attacks; therefore, the essential objective of this paper is to propose solutions against DHCP attacks. The paper gives an explanation about how DHCP works and understand the handshake mechanism and give a brief summary about DHCP attack, how they occur and how they affect the security of the enterprise since a leakage of sensitive Information could happen, which threatens the enterprise's security or a denial of service that immobilizes the network. Three effective countermeasures are looked up and tested against DHCP attacks, and each one successfully prevented the attack.

Qiang LIU,Binqiang WANG,Caixia LIU,Liang ZHAO

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.19.055

2006-01-01

Abstract:Dynamic host configuration protocol(DHCP protocol) has successfully solved the management and insufficiency problem of network address. But the lack of security control in DHCP protocol makes insecurity in address distribution. This paper presents an improved DHCP protocol based on user visiting control mechanism and DH encryption algorithm, discusses its concrete implementation in the four stages of address requiring, secret key negotiating, address distributing and address releasing, and analyses its security performance. The work in this paper offers reference to applications with high security requirement.

Guanding Yu

2010-01-01

Abstract:This paper has simply introduced the application of DHCP Sever to Campus LAN,presented the principle of DHCP technique and the serious effects of user's own access to the LAN DHCP server,and then makes an analysis of the reason.Finally described the failure of self-determination access to DHCP server,and to propose three types solutions of such failures.

SUN Li-Fei,Li Sheng-hong

DOI: https://doi.org/10.3969/j.issn.1009-2552.2005.08.009

2005-01-01

Abstract:The dynamic host configuration protocol (DHCP) provides the configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocation of network addresses to hosts. Nowadays, most of local area network adopt high-speed public Internet access and modem, DHCP is used to allocate the host network addresses dynamically. However, a number of security and scaling problems arise with the use of public host network addresses. This paper mainly introduces the principle of DHCP and Option82 security mechanism, and describes the implementation in one IPDSLAM in details.

Hewu Li,Zhouyang Zhao,Fenghua Li,Qian Wu

DOI: https://doi.org/10.1109/IWCMC.2015.7289177

2015-01-01

Abstract:DHCP is one of most intensively used and researched Internet Protocol since its standardization, whose dynamic use of IP address matched perfectly the requirement of PC dominant times for the past years. However, the explosive growth of mobile terminal and application makes mobile becoming dominated in recent years. The use case and manner between PC and mobile devices is quite difference, does dynamic of DHCP still work for today's mobile Internet? Work on this problem with large-scale real mobile wireless network is scarce. Based on 4-month real data collected from Tsinghua University campus wireless network, which including 2,500+ Wifi access points and 15,000+ concurrent users, this paper found that there is a close relationship between DHCP performance and users' online patterns, the immutable lease time would lead to quite low efficiency of IP distribution. Moreover, according to our analysis on factors such as terminal type, location type and network access time, users' online patterns can be divided into different categories. Therefore, we could distribute different lease time to the different online patterns for optimization. The simulation results show that our mechanism could save 39% IPv4 addresses (43C) and improve the IP usage efficiency from 19.8% to 69.7% without increasing much DHCP payload.

B. Issac

DOI: https://doi.org/10.48550/arXiv.1410.4398

2014-10-16

Abstract:For network computers to communicate to one another, they need to know one another's IP address and MAC address. Address Resolution Protocol (ARP) is developed to find the Ethernet address that map to a specific IP address. The source computer broadcasts the request for Ethernet address and eventually the target computer replies. The IP to Ethernet address mapping would later be stored in an ARP Cache for some time duration, after which the process is repeated. Since ARP is susceptible to ARP poisoning attacks, we propose to make it unicast, centralized and secure, along with a secure design of DHCP protocol to mitigate MAC spoofing. The secure protocol designs are explained in detail. Lastly we also discuss some performance issues to show how the proposed protocols work.

Cryptography and Security

Haibo Wang,Jilong Wang,Weizhen Dang,JingAn Xue,Fenghua Li

DOI: https://doi.org/10.1109/tnet.2020.2971551

2018-01-01

Abstract:Dynamic Host Configuration Protocol (DHCP) is widely used to dynamically assign IP addresses to users. However, due to little knowledge on the behavior and performance of DHCP, it is challenging to configure lease time and divide IP addresses for address pools properly in large-scale wireless networks. In this paper, we conduct the largest known measurement on the behavior and performance of DHCP in the wireless network of T University (TWLAN). We find the performance of DHCP is far from satisfactory: (1) The non-authenticated devices lead to a waste of 25% of addresses at the rush hour. (2) Address pool utilization varies greatly under the current address division strategy. (3) A device does not generate traffic for 67% of the lease time on average. Meanwhile, we observe devices of different locations and operating systems show diverse online patterns. A unified lease time setting could result in an inefficient usage of addresses. To address the problems, taking account of authentication information and online patterns, we propose a new leasing strategy. The results show it outperforms three state-of-the-art baselines and reduces the number of assigned addresses by 24% and the average total lease time by 17% without significantly increasing the DHCP server load. Besides, we further propose an adaptive address division strategy to balance the address utilization of pools, which can be deployed in parallel with the new leasing strategy and reduce the risk of address exhaustion.

Alex Dangi Maneka,Marak Luta Lapu Kahewu

DOI: https://doi.org/10.31294/reputasi.v2i1.384

2021-06-08

Abstract:Abstrak  - Di dalam jurnal ini bertujuan memecahkan masalah metode saragan jaringan DHCP server yang merupakan fitur keamanan jaringan yang jarang digunakan orang, karena kurang mengetahui pentingnnya keamanan jaringan  menyebapkan jaringan kurang meperhatikan masalah keamanan jaringan.  Jurnal ini akan membahas bagaimana menangkal DHCP server dan bagaiman mengiplimentasi security tersebut  fitur jaringan. Selain itu untuk  Template Paper ini digunakan sebagai panduan untuk penulisan paper (makalah ilmiah) untuk publikasi di Jurnal-jurnal yang dikelola oleh Bina Sarana Informatika. Penulis paper harus mengikuti instruksi yang diberimembuktikan apakah penguna fitur DHCP server mampu menangkal DHCP. Peneliatan yang digunakan penulis dengan melakukan penelitian yang mengunakan jaringan simulasi karena mengunkankan DHCP server berbasis cisco, maka penulis akan melakukan penelitian dimana jaringan simulasi dibuat dalam aplikasi simulasi cisco packet trecer khusus untuk simulasi cisco khusus untuk perangkat keras. Dari hasil perbandingan dan kesempulan penelitian, penulis menyatakan jaringan biasa saja yang tidak mengunakan fitur keamana DHCP server serangan rogue menyebapkan peretas dapat mengotrol seluruh jaringan hanya dengan menyebarkan IP dari peretas DHCP server ke jaringan. Di sisi lain. Jaringan yang mengunakan fitur keamanan jarigan DHCP server sepenuhnya menangkal IP yang yang disebarkan dari peretas klien hanya mendapatkan IP dari pejabat perusahaan DHCP server, sehingga jaringan aman dan terlindungi dari kendali hacker.   Abstract - This journal aims to solve the problem of the DHCP server network attack method, which is a network security feature that is rarely used by people, because it is less important for network security, causing the network to pay less attention to network security problems. This journal will discuss how to circumvent DHCP servers and how to implement these security features of the network. In addition, this Paper Template is used as a guide for papers (scientific papers) for publication in journals managed by Bina Sarana Informatika. The author of the paper must follow an evidence whether the user features a DHCP server that is capable of blocking DHCP. The research used by the author is by conducting research using a simulation network because it uses a Cisco-based DHCP server, so the authors will conduct a research where the simulation network is created in a Cisco packet trecer simulation application specifically for Cisco simulations specifically for hardware. From the results of comparisons and research conclusions, an ordinary writer who does not use the rogue attack DHCP server security features can control the entire network by simply applying the IP of the DHCP server to the network. On the other hand. Networks that use DHCP server network security features are controlled by IPs that are transmitted from hackers, clients only get IPs from DHCP server officials, so that the network is safe and protected from hacker control.

Lishan Li,Gang Ren,Ying Liu,Jianping Wu

DOI: https://doi.org/10.26599/tst.2018.9010020

2018-01-01

Tsinghua Science & Technology

Abstract:With the rapid developmen of the Internet,the exhaustion of IPv4 address limited the development of the Internet for years.IPv6,as the core technology of the next generation Internet,has since been rapidly deployed around the world.As the widely deployed address configuration protocol,DHCPv6 is responsible for allocating globally unique IPv6 addresses to clients,which is the basis for all the network services.However,the initial design of the DHCPv6 protocol gave little consideration to the privacy and security issues,which has led to a proliferation of privacy and security accidents breaches in its real deployment.In this paper,to fundamentally solve a range of possible security and privacy issues,we propose a secure DHCPv6 mechanism,which adds authentication and encryption mechanisms into the original DHCPv6 protocol.Compared with other proposed security mechanisms for the DHCPv6,our method can achieve all-around protection for the DHCPv6 protocol with minimal change to the current protocol,easier deployment,and low computing cost.

R. Chaisricharoen,Mayoon Yaibuates

DOI: https://doi.org/10.1109/ECTIDAMTNCON48261.2020.9090760

2020-03-01

Abstract:Internet Control Message Protocol (ICMP) is very useful when diagnostic network problem. ICMP is being used and turns on automatically by an Operating System. For security reason, this protocol can be at ease turn off temporary or permanently by security administrators such as an event of preventing, delaying attackers from incorrectly identifying devices. The ICMP disabling leads to a fundamental problem in the previous model– identifying Dynamic Host Configuration Protocol (DHCP) malicious request by implementing ICMP. To overcome this specific problem, the proposed model will be implementing Address Resolution Protocol (ARP) in conjunction with ICMP for identifying malicious IP address request through DHCP.

Computer Science,Engineering

Patrick Wachter,Stephan Kleber

DOI: https://doi.org/10.1145/3568160.3570229

2022-11-22

Abstract:DoIP, which is defined in ISO 13400, is a transport protocol stack for diagnostic data. Diagnostic data is a potential attack vector at vehicles, so secure transmission must be guaranteed to protect sensitive data and the vehicle. Previous work analyzed a draft version and earlier versions of the DoIP protocol without Transport Layer Security (TLS). No formal analysis exists for the DoIP protocol. The goal of this work is to investigate the DoIP protocol for design flaws that may lead to security vulnerabilities and possible attacks to exploit them. For this purpose, we deductively analyze the DoIP protocol in a first step and subsequently confirm our conclusions formally. For the formal analysis, we use the prover Tamarin. Based on the results, we propose countermeasures to improve the DoIP's <a class="link-external link-http" href="http://security.We" rel="external noopener nofollow">this http URL</a> showthat the DoIP protocol cannot be considered secure mainly because the security mechanisms TLS and client authentication in the DoIP protocol are not mandatory. We propose measures to mitigate the vulnerabilities thatwe confirm to remain after activating TLS. These require only a minor redesign of the protocol.

Cryptography and Security,Networking and Internet Architecture

Xuewei Feng,Qi Li,Kun Sun,Ke Xu,Jianping Wu

2024-11-19

Abstract:After more than 40 years of development, the fundamental TCP/IP protocol suite, serving as the backbone of the Internet, is widely recognized for having achieved an elevated level of robustness and security. Distinctively, we take a new perspective to investigate the security implications of cross-layer interactions within the TCP/IP protocol suite caused by ICMP error messages. Through a comprehensive analysis of interactions among Wi-Fi, IP, ICMP, UDP, and TCP due to ICMP errors, we uncover several significant vulnerabilities, including information leakage, desynchronization, semantic gaps, and identity spoofing. These vulnerabilities can be exploited by off-path attackers to manipulate network traffic stealthily, affecting over 20% of popular websites and more than 89% of public Wi-Fi networks, thus posing risks to the Internet. By responsibly disclosing these vulnerabilities to affected vendors and proposing effective countermeasures, we enhance the robustness of the TCP/IP protocol suite, receiving acknowledgments from well-known organizations such as the Linux community, the OpenWrt community, the FreeBSD community, Wi-Fi Alliance, Qualcomm, HUAWEI, China Telecom, Alibaba, and H3C.

Cryptography and Security

Kai Bu,Zhixin Sun

DOI: https://doi.org/10.1109/ICYCS.2008.324

2008-01-01

Abstract:The emergence of Distributed Denial of Service (DDoS) attack increases the destructive force of Denial of Service (DoS) attack drastically. Besides bringing more terrible threats, the attack from far and near and the employment of internet protocol (IP) spoofing make the abnormal traffic detection harder and harder. This paper proposes a mechanism defined as AMHI (Address Matching and Hash Inspection) and a method based on it for DDoS attacks detection and defense. Through the simulation experiment, the Address Matching and backup Hash Inspection operations to the suspicious traffic implemented on router interface for local subnet can detect and defend DDoS attacks effectively even when using IP Spoofing. In addition, this method can also decrease a mass of statistical work for the routers, and to some extent ease the pressure of heavy traffic caused by attacks.

Ren Gang,Lin He,Ying Liu

2019-01-01

Abstract:The manageability, security, privacy protection, and traceability of networks can be supported by extending DHCPv6 protocol. This document analyzes current extension practices and typical DHCP server software on extensions, defines a DHCP general model, discusses some extension points, and present extension cases.

Jayasankar Narayanan,Shanmuga Priya R,Kishor S,Ramprasad R,D. Balaji

DOI: https://doi.org/10.1109/ICACCS57279.2023.10112844

2023-03-17

Abstract:This purpose of the project is the implementation of Dynamic Host Configuration Protocol (DHCP) and Variable Length Subnet Masking(VLSM) for optimizing Internet Protocol address allocation in a network. DHCP is a widely used protocol that enables automatic IP address allocation to devices on a network while VLSM is a technique used to divide a larger network into smaller subnets, this greatly optimizes the use of IP addresses. Combining DHCP and VLSM can improve the efficiency and scalability of a network by automating the IP address allocation and creating subnets with different sizes based on the number of hosts required. The project’s methodology is by implementing DHCP and VLSM, by providing the necessary configurations and settings required for both DHCP server and clients which includes subnetting a given Network based on the requirements of the user. The implementation will be tested and evaluated to ensure proper functioning and to identify and resolve any potential issues. The project will also cover the use of python libraries and tools to automate the process of DHCP and VLSM. Overall, this project will remove the inadequacies of a Fixed Length Subnet Mask of a Network, which is the study of interest of the project, and demonstrate the benefits of using DHCP and VLSM together for optimal IP address allocation in a network.

Computer Science

Qiaohong Zhang,Changqing An,Xuenong Li,Yiqi Fu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.10.017

2001-01-01

Abstract:With the rapid expansion of the network scale and increasing requirement to network mobility ,users will encounter several difficulties ff traditional static address assignment is still adopted in IP management,and network manager will bear heavier load. IP management by Dynamic Host Configuration Protocol can commendably solve these problems. This paper presents the principle of DHCP technique and its application in Tsinghua Campus Network. Our attempt shows the significance of DHCP application on management of large-scale networks and on the network systems that require high mobility.

Fan Binwen,Cui Zhiqiang

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.053

2007-01-01

Abstract:The Dynamic Host Configuration Protocol(DHCP)provides a framework for passing configuration information to hosts on a TCP/IP network.Its realization on embedded streaming player is very important for IPTV.The implementation of DHCP for client hosts is presented.

Yong Cui,Jianping Wu,Sheng Jiang,Lishan Li

2016-01-01

Abstract:Secure DHCPv6 provides authentication and encryption mechanisms for DHCPv6. This draft analyses DHCPv6 threat model and provides guideline for secure DHCPv6 deployment.

Chang Deliang,Zhang Qianli,Li Xing

DOI: https://doi.org/10.1109/itnec.2016.7560375

2016-01-01

Abstract:Internet is playing a more and more important role in today's society. Wireless network and mobile devices are becoming part of our lives. So it's significant to learn about the information of the users or network usage for both network researchers and managers of fixed/wireless network. Previous methods of user characterizing and network usage are mostly based on TCP traffic study. But when facing to a large amount of users, raw packet capturing and storing would be difficult. Also, there were previous methods researched the fixed network or wireless network, but a comparative study is hardly seen. So in this paper, we measured the large-scale fixed and wireless network of our campus via DHCP analysis. We analyzed the user behavior such as distribution of user online time, user count and join/leave time-stamps. We also studied about users' operating systems by introducing DHCP OS fingerprinting. We found some interesting results, which revealed the trend of mobile network and some challenges might be brought in.

Abdul Razaque,Khald.M.Elleithy

DOI: https://doi.org/10.48550/arXiv.1309.4499

2013-09-18

Abstract:Mobile collaborative learning (MCL) is extensively recognized field all over the world. It demonstrates the cerebral approach combining the several technology to handle the problem of learning. MCL motivates the social and educational activities for creating healthier environment. To advance and promote the baseline of MCL, different frameworks have been introduced for MCL. From other side, there is no highly acceptable security mechanism has been implemented to protect MCL environment. This paper introduces the issue of rogue DHCP server, which highly affects the performance of users who communicate with each other through MCL. The rogue DHCP is unofficial server that gives incorrect IP address to user in order to use the legal sources of different servers by sniffing the traffic. The contribution focuses to maintain the privacy of users and enhances the confidentiality. The paper introduces multi-frame signature-cum anomaly-based intrusion detection systems (MSAIDS) supported with innovative algorithms, modification in the existing rules of IDS and use of mathematical model. The major objectives of research are to identify the malicious attacks created by rogue DHCP server. This innovative mechanism emphasizes the security for users in order to communicate freely. It also protects network from illegitimate involvement of intruders. Finally, the paper validates the mechanism using three types of simulations: testbed, discrete simulation in C++ and ns2. On the basis of findings, the efficiency of proposed mechanism has been compared with other well-known techniques.

Cryptography and Security,Computers and Society