11.3 Using DHCP Services for Authentication

The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network, handling the authentication of users, and assigning unique IP addresses to incoming network access requests . Network administration is simplified because the DHCP server automates the task of keeping track of IP addresses, eliminating the need to manage the task manually. New computers can be added to a network without having to manually assign each a unique IP address. Because WLANs are not physically secured, DHCP can provide added value by allocating IP addresses only to authorized network users.

Unfortunately, it is not uncommon for wireless networks to grant an IP address to an unauthorized wireless client. This allows a hacker to use an organization's bandwidth to surf the Web, browse network resources, or investigate the network for security vulnerabilities. Obviously, this practice is unacceptable and provides tremendous impetus to employ authentication measures as well as the use of static IP assignments.

RFC 3118 [1] adds authentication to DHCP and allows a client to verify whether a particular DHCP server can be trusted and whether a request for DHCP information comes from a client that is authorized to use the network. This two-way authentication in DHCP provides the added security benefit of helping to prevent rogue (and possibly malicious) DHCP clients and servers from mounting DoS attacks or gaining unauthorized access to an organization's network. RFC 3118 defines a technique that can provide both entity authentication and message authentication. This enables an authenticating DHCP client to confirm the identity of the DHCP server it chooses in an unsecured network environment. This functionality is very useful for both a standard corporate Ethernet network and a cable-based Internet Service Provider (ISP).

RFC 3118 authentication requires that RFC-compatible software be implemented on all computers attached to the network and that existing DHCP servers be upgraded to support it. DHCP authentication must also devise an authentication key scheme and distribute it to all authenticated DHCP clients. After upgraded DHCP clients and servers are in place, and the keys have been distributed, the DHCP clients will automatically authenticate themselves . Many of today's directory services can restrict use of both DHCP and DNS based on authentication, and some even have rogue DHCP server detection features.

Because DHCP allows a client to easily join a network, there are risks of DoS attacks, hijacking, and theft of services. DHCP prevents rogue and malicious DHCP clients and servers from authenticating to each other, thereby eliminating their ability to conduct DoS attacks or gain unauthorized access to the network. DHCP authentication and assignment of static IPs can help mitigate the risk of these types of attacks. There are, however, other potential risks of DoS attacks, hijacking, and theft of services. Windows 2000 and XP clients automatically renew their DHCP lease when their data link layer connection is broken and subsequently reestablished [2]. If a hacker hijacks the data link connection of the authorized user, the authorized user is no longer able to access the home network. The DSSS channel in a wireless network can be jammed , causing an authorized user to roam to a channel with less interference. By running a rogue software AP on a laptop computer, along with DHCP server software, a hijacker can jam nearby APs, causing authorized users to roam to the hacker's network. After authorized clients roam and lease an IP address from the rogue DHCP server, these clients can then be easily attacked using intrusion software in a peer-to-peer fashion through the AP. Both a DoS attack and hijacking can occur at Layers 2 and 3 of the OSI model. Theft of service results from an attacker gaining access to an open network without permission. In most cases, this will result in gaining the use of free network resources such as Internet access. This type of access can also result in unauthorized access to sensitive information, corporate secrets, applications, or even the ability to reconfigure portions of the network to allow further access. The use of authenticated DHCP and static IP addresses can mitigate the risk of theft of services.