RFC 3118 (rfc3118) - Page 2 of 17
Authentication for DHCP Messages
Alternative Format: Original Text Document
RFC 3118 Authentication for DHCP Messages June 2001
medium is not physically secured, such as wireless networks or
college residence halls.
This document defines a technique that can provide both entity
authentication and message authentication. The current protocol
combines the original Schiller-Huitema-Droms authentication mechanism
defined in a previous work in progress with the "delayed
authentication" proposal developed by Bill Arbaugh.
1.1 DHCP threat model
The threat to DHCP is inherently an insider threat (assuming a
properly configured network where BOOTP ports are blocked on the
enterprise's perimeter gateways.) Regardless of the gateway
configuration, however, the potential attacks by insiders and
outsiders are the same.
The attack specific to a DHCP client is the possibility of the
establishment of a "rogue" server with the intent of providing
incorrect configuration information to the client. The motivation
for doing so may be to establish a "man in the middle" attack or it
may be for a "denial of service" attack.
There is another threat to DHCP clients from mistakenly or
accidentally configured DHCP servers that answer DHCP client requests
with unintentionally incorrect configuration parameters.
The threat specific to a DHCP server is an invalid client
masquerading as a valid client. The motivation for this may be for
"theft of service", or to circumvent auditing for any number of
nefarious purposes.
The threat common to both the client and the server is the resource
"denial of service" (DoS) attack. These attacks typically involve
the exhaustion of valid addresses, or the exhaustion of CPU or
network bandwidth, and are present anytime there is a shared
resource. In current practice, redundancy mitigates DoS attacks the
best.
1.2 Design goals
These are the goals that were used in the development of the
authentication protocol, listed in order of importance:
1. Address the threats presented in Section 1.1.
2. Avoid changing the current protocol.
Droms & Arbaugh Standards Track