摘要
随着IPv6的不断发展,DHCPv6协议为IPv6环境下地址分配提供了极大的便利,但由于DHCPv6协议是基于DHCP协议进行扩展设计与实现,依然面临着许多安全威胁。本文提出并实现了一个具有实体认证功能的安全DHCPv6系统,在不改变现有协议的情况下对DHCPv6消息进行认证,保证传输安全。同时,DH-CPv6服务器为每个合法客户端分配与其公钥绑定的地址,与DHCP Snooping结合保证源地址的真实性,有效防止了非法用户的网络接入。该系统在校园网环境内进行部署和实验,验证了其设计的安全性与可靠性,可抵御多种常见网络攻击。
As the development of IPv6, configuring and managing IP address become more and more convenient by DHCPv6. However, since DHCPv6 is based on DHCP,there are many security short- comings and it is vulnerable to many network attacks. This paper proposes a novel secure DHCPv6 system which integrates entity authentication. The system authenticates messages without changing the original protocol which protects the security of transmission. In addition, because DHCPv6 server allocates public key binded addresses to legal clients and combined with DHCP Snooping, Illegal clients cannot access the network and the authenticity of source address can be assured. On the campus network, the efficient and security of the DHCPv6 was verified as being capable of preventting many network attacks.
出处
《广西大学学报(自然科学版)》
CAS
CSCD
北大核心
2011年第A01期201-205,217,共6页
Journal of Guangxi University(Natural Science Edition)
基金
国家科技支撑计划资助课题(2008BAH37B10
2008BAH37B05001)
