| Summary: | Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is used to allocate and distribute IPv6 addresses and network configuration parameters to DHCPv6 clients. Two well-known issues of DHCPv6 are privacy concerns due to lack of protection of client information in transit, and lack of verification mechanism that allows attackers to inject fake network configuration parameters into the network undetected. This paper proposes DHCPv6 security (DHCPv6Sec) approach that is based on a hybrid cryptosystem to provide authentication for the DHCPv6 server messages and to protect the privacy of the DHCPv6 client. The DHCPv6Sec was evaluated and compared to the Secure-DHCPv6 in terms of processing time, traffic overhead, rogue DHCPv6 server prevention, privacy protection, and DHCPv6 message size limitation. The experiment results show that the DHCPv6Sec has 52% less processing time; 74% less traffic overhead; and remarkable superiority in all aspects measured.
|
|---|