Jacques Demerjian, Ahmed Serhrouchni, Mohammed Achemlal


In the current Dynamic Host Configuration Protocol, security is not considered. DHCP itself does support neither an access control for a proper user nor the mechanism with which clients and servers authenticate each other. In this paper, we introduce a novel authentication and access control mechanism for DHCP systems. This solution defines a new DHCP option that provides the authentication of both, entities (client/server) and DHCP messages. We built up our mechanism on the use of public key cryptography, X.509 identity certificates and attribute certificates. In addition, the PMI (Privilege Management Infrastructure) functionalities are attributed to a new server that groups DHCP server and AA (Attributes Authority) server. The resulting server creates an attribute certificate to the client that will be used then in the access control.


  1. Berners-Lee, T. Fielding, R. & Masinter, L. (1998). Uniform Resource Identifiers (URI): Generic Syntax, IETF, RFC 2396.
  2. Croft, B. & Gilmore, J. (1985). BOOTSTRAP PROTOCOL (BOOTP), IETF, RFC 951.
  3. DelRey, M (1981). INTERNET PROTOCOL, IETF, RFC 791.
  4. Demejian, J., Tastet, F., & Serhrouchni, A. (2003). Why certificates don't meet e-business needs?. In SSGRR'03W, International Conference on Advances in infrastructure for e-Electronic, e-Business, eEducation, e-Science, e-Medicine on the Internet. SSGRR Conference, 2003, pp 58.
  5. Demerjian, J. & Serhrouchni, A. (2004). DHCP authentication using certificates. In SEC'04, 19th IFIP International Information Security Conference. SEC Conference, 2004.
  6. Droms, R. & Arbaugh, W. (2001). Authentication for DHCP Messages, IETF, RFC 3118.
  7. Droms, R. (1997a). Dynamic Host Configuration Protocol, IETF, RFC 2131.
  8. Droms, R. & Alexander, S. (1997b). DHCP Options and BOOTP Vendor Extensions, IETF, RFC 2132.
  9. Droms, R. (1999). Procedure for Defining New DHCP Options, IETF, RFC 2489.
  10. Farrell, S. & Housley (2002), R., An Internet Attribute Certificate Profile for Authorization, IETF, RFC 3281.
  11. Freier, A. and al., 1996. The SSL Protocol, Version 3.0, Netscape Communications Corp. Standards Information Base, The Open Group.
  12. Glazer, G., Hussey, C & Shea, R. (2003). CertificateBased Authentication for DHCP [Electronic version]. Retrieved March 20, 2003, from UCLA university, Computer Science Department Web site: http://www.cs.ucla.edu/chussey/proj/dhcp_cert/cbda. pdf
  13. Hornstein and al., 2000. DHCP Authentication via Kerberos V, IETF, Internet Draft.
  14. ISC: Internet Software Consortium. Dynamic Host Configuration Protocol Distribution. Retrieved February 06, 2004, from http://www.isc.org/index.pl?/sw/dhcp/
  15. ITU-T Recommendation X.509, 1997. Information technology-Open Systems Interconnection-The Directory: Authentication framework.
  16. ITU-T Recommendation X.509, 2000. Information technology-Open Systems Interconnection-The Directory: Public-key and attribute certificate frameworks.
  17. Jonsson, J. & Kaliski, B. (2003). Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, IETF, RFC 3447.
  18. Kent, S. & Atkinson, R. (1998). Security Architecture for the Internet Protocol, IETF, RFC 2401.
  19. Komori, T., & Saito, T. (2002). The secure DHCP System with User Authentication. In LCN'02, 27th Annual IEEE Conference on Local Computer Networks. LCN Conference, 2002, pp 0123.
  20. Lemon, T. & S. Cheshire (2002), Encoding Long Options in the Dynamic Host Configuration Protocol (DHCPv4), IETF, RFC 3396.
  21. Maughan, D. Schertler, M., Schneider, M. & Turner, J. (1998). Internet Security Association and Key Management Protocol (ISAKMP), IETF, RFC 2408.
  22. Perkins, C., & Luo, K. (1995). Using DHCP with computers that move. In Wireless Networks, 1995, Volume 1, No. III, pp 341-354.
  23. Postel, J. (1980). User Datagram Protocol, IETF, RFC 768.
  24. Tominaga, A., Nakamura. O., Teraoka. F., & Murai. J. (1995). Problems and solutions of DHCP. In INET'95, The 5th Annual Conference of the Internet Society. INET Conference, 1995.

Paper Citation

in Harvard Style

Demerjian J., Serhrouchni A. and Achemlal M. (2004). CERTIFICATE-BASED ACCESS CONTROL AND AUTHENTICATION FOR DHCP . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 99-106. DOI: 10.5220/0001396100990106

in Bibtex Style

author={Jacques Demerjian and Ahmed Serhrouchni and Mohammed Achemlal},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},

in EndNote Style

JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
SN - 972-8865-15-5
AU - Demerjian J.
AU - Serhrouchni A.
AU - Achemlal M.
PY - 2004
SP - 99
EP - 106
DO - 10.5220/0001396100990106