Proposing a new approach for securing DHCPv6 server against rogue DHCPv6 attack in IPv6 network

Abstract

Internet Protocol version 6 (IPv6) is becoming increasingly entrenched, especially as the shortage of IPv4 address has recently become obvious. However, IPv6 faces many security issues with its new design, such as a rogue Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server attack. The DHCPv6 responsible for assigning the IPv6 address to clients and provide the client with network configuration parameters. A rogue DHCPv6-server can divert client to rogue servers such as Domain Name System (DNS), Network Time Protocol (NTP) servers. Therefore, security issues are vital. This paper proposes an approach to secure a DHCPv6-server against rogue DHCPv6-servers with a complete analysis of security challenges that are facing DHCPv6. The proposed approach uses Edwards-curve Digital Signature Algorithm (EdDSA) to prevent a rogue DHCPv6-server attack through verifying the source and the integrity of DHCPv6-server message whether it comes from a legitimate or rogue DHCPv6-server. The implementation and evolution of the proposed approach will be included in the authors’ future work.