The Research And Implementation Of Secure DHCPv6 System

With the fast expanding of today's Internet, the traditional IPv4 resources are facing the risk of exhausting. In order to adapt to the future development of the network, as the next generation of Internet protocol, IPv6 is proposed by IETF, and gains widespread applicatiopn. DHCPv6 is an important protocol in IPv6 protocol stack. The main functions of DHCPv6 are automatically configuring the address of the clients and relevant network configuration parameters by DHCP message interation mechanism.One of the most concerned research subjects of DHCPv6 is the security issue, because it directly affects the deployment of DHCPv6 in the Internet. In DHCPv6 protocol, because both client and server lack of mutual validation, malicious node can forge DHCP messages, makes DHCPv6 protocol vulnerable to various attacks. As an important IPv6 technology, CGA mechanism plays an important role in network security protection, CGA mechanism could prevent malicious node from stealing and counterfeiting the IP address of the existing network entity, by using the public key and IPv6 address binding mechanism and message signatures to provide message validation and integrity protection. On the other hand, considering as to a low power or battery dependent terminal, configuring with a higher safe parameter, means in vastly occupying its limited resources during CGA address generating process, which causes great burden. Secure DHCPv6 system is designed to solve the above problems, in order to make better use of the CGA mechanism to serve DHCPv6 protocol, while use the rich DHCPv6 server computing power and other resources to generate the CGA address for the client.The thesis first introduces the principle of DHCPv6 protocol and the CGA mechanism, then analyzes the security problem of DHCPv6, and provides the possible interactive scheme between DHCPv6 and CGA. According to the results of analysis, the thesis puts forward the Secure DHCPv6 system structure model and an outline design, describing the message interaction and the process of the DHCP nodes. The thesis then describes the detail design of Secure DHCPv6 system, including module's internal data structures, interface functions, etc. Finally, the thesis also provides the detail test scheme of the implementation of Secure DHCPv6 system. A part of the test results is also provided in the thesis.Finally, the major work of the thesis is concluded, and the current deficiencies and possible further work are described. Work and researches during the master graduate study are summarized at last.