ISSN(Online): 2320-9801 ISSN (Print): 2320-9798 International Journal of Innovative Research in Computer and Communication Engineering (An ISO 3297: 2007 Certified Organization) Vol. 3, Issue 12, December 2015 Copyright to IJIRCCE DOI: 10.15680/IJIRCCE.2015. 0312151 12747 A Secure DHCP Protocol to Mitigate LAN Attacks Osama S. Younes Faculty of Computers and Information Technology, Tabouk University, USA ABSTRACT: Network security has become more of a concern with the rapid growth and expansion of the Internet. While there are several ways to provide security in the application, transport, or network layers of a network; the data link layer (Layer 2) security has not yet been adequately addressed. Data link layer protocols used in local area networks (LANs) are not designed with security features. Dynamic host configuration protocol (DHCP) is one of the most used network protocols for host configuration that works in data link layer. DHCP is vulnerable to a number of attacks, such as the DHCP rouge server attack, DHCP starvation attack, and malicious DHCP client attack. This work introduces a new scheme called Secure DHCP (S-DHCP) to secure DHCP protocol. The proposed solution consists of two techniques. The first is the authentication and key management technique that is used for entities authentication and management of security key. It is based on using Diffie-Hellman key exchange algorithm supported by the difficulty of Elliptic Curve Discrete Logarithm Problem (ECDLP) and a strong cryptographic one-way hash function. The second techniques is the message authentication technique, which uses the digital signature to authenticate the DHCP messages exchanged between the clients and server. KEYWORDS: DHCP Protocol, DHCP-configured device, EAKM Technique. I.INTRODUCTION Evolving of computer networks, and the variety of its services and applications, has increased the users need for local area networks (LANs) [1]. LAN technologies, such as Ethernet, are the infrastructure for the Internet that everybody uses without further thought. Ethernet stands as the dominant networking technology in Local Area Network (LAN), which has been widely used in campus networks, enterprise networks and data centre networks due to its simplicity and auto-configuration characteristics. Its ease of use and low cost rely on broadcast-based service or resource discovery protocols, such as Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol, Network Time Protocol, and Network Basic Input/Output System. Network security has become more of a concern with the rapid growth and expansion of the Internet. While there are several ways to provide security in the application, transport, or network layers of a network; the data link layer (Layer 2) security has not yet been adequately addressed [2]. In local networks, security weaknesses in the data link layer enable internal attacks. Although switches and routers have some built-in security features, they are not enough to fully ensure the security of LANs. Moreover, these features require network administrators' involvement and are prone to misconfiguration. In addition, data link layer protocols used in local area networks (LANs) are not designed with security features [2]. DHCP simplifies the access to a network. When a host connects to the network, DHCP [3] automates the assignment of TCP/IP stack configuration parameters such as IP addresses, subnet masks, and default gateway. It is an internet protocol that lets network administrators centrally manage the network. Without using DHCP, the IP address must be manually assigned for each host in a network and if the host moved to a new location in the network, the IP address must be manually configures. DHCP is one of the most used network protocols for host configuration. It was designed since a long time ago [4-6] and it had not major changes, although it is vulnerable to a number of attacks, such as the DHCP rouge server attack, DHCP