NETWORK ACCESS-CONTROL FOR DHCP ENVIRONMENT

In the IETF, discussions on the authentication method of the Dynamic H ost Configuration Protocol (DHCP) message are active and several metho ds have been proposed. These related specifications were published and circulated as the IETF Internet-Drafts. However, they still have seve ral drawbacks. One of the major drawbacks is that any user can reuse a ddresses illegally. A user can use an expired address that was allocat ed to a host. This kind of ''illegal use'' of the addresses managed by the DHCP server may cause serious security problems. In order to solv e them, we propose a new access control method to be used as the DHCP message authentication mechanism. Furthermore, we have designed and de veloped the DAG (DI-ICP Access Control Gateway) according to our metho d. The DAG serves as a gateway that allows only network accesses from clients with the address legally allocated by the DHCP server. This pr ovides secure DHCP service if DHCP servers do not have an authenticati on mechanism, which is most likely to occur. If a DHCP server has such an authentication scheme as being proposed in IETF Internet-Draft, th e DAG can offer a way to enable only a specific client to access the n etwork.