Method, device and system for processing dynamic host configuration protocol (DHCP) message

一种动态主机配置、消息发送方的技术,应用在通信领域,能够解决DHCP消息安全机制不能得到保证、单播地址易被假冒、网络客户端恶意配置等问题,达到密钥管理方便、配置方便、提高安全性的效果

Active Publication Date: 2009-12-02
HUAWEI TECH CO LTD
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In the process of researching the DHCPv6 protocol, the inventor found that since the unicast address used by the network client and the unicast address used by the DHCP server are very easy to be counterfeited, the security mechanism of the DHCP message cannot be guaranteed.
For example, when the unicast address used by the network client is forged, the attacker will maliciously configure the network client

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for processing dynamic host configuration protocol (DHCP) message
  • Method, device and system for processing dynamic host configuration protocol (DHCP) message
  • Method, device and system for processing dynamic host configuration protocol (DHCP) message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] we can refer to image 3 , image 3 It is a flow chart of a method for processing a DHCP message in Embodiment of the present invention, specifically:

[0044] Block diagram 301, receiving a DHCP message, the source address of the DHCP message is CGA, and the DHCP message carries the signature data of the sender of the DHCP message;

[0045] In the specific implementation of the present invention, the source address of the sender of the DHCP message is CGA, and when generating the CGA, the sender of the DHCP message needs to deploy its own public key and private key in advance. There is a one-to-one correspondence between the public key and the private key. The CGA is a special type of IPv6 address, including subnet prefix and interface identifier. The CGA interface identifier is generated by the sender of the DHCP message through the first confusion algorithm according to the sender's public key and the CGA parameters. The sender of the DHCP message signs the DHCP ...

Embodiment 3

[0079] Such as Figure 13 as shown, Figure 13 It is a schematic diagram of a device for processing DHCP messages according to Embodiment 3 of the present invention;

[0080] An embodiment of the present invention provides a device for processing DHCP messages, including

[0081] The receiving unit 1301 is used to receive a DHCP message, the source address of the DHCP message is the CGA of the sender of the DHCP message, and the DHCP message carries the signature data of the sender of the DHCP message; the address verification unit 1302 is used to verify the CGA; the The address verification unit specifically uses the public key of the sender of the DHCP message and the CGA parameters to verify the CGA. The signature verification unit 1303 is configured to verify the signature data; the signature verification module specifically uses the public key of the sender of the DHCP message to verify the signature data. The payload processing unit 1304 is configured to process the p...

Embodiment 4

[0087] An embodiment of the present invention provides a system for processing DHCP messages, including: a DHCP server, which is used to interact with a network client on a DHCP message; when the DHCP server receives a message sent by a network client, the interaction is specifically: receiving DHCP message, the source address of the DHCP message is CGA, the DHCP message carries the signature data of the sender of the DHCP message; the CGA and the signature data are verified; when the CGA and the signature data are verified, the DHCP message is processed load;

[0088] and / or

[0089] When the DHCP server sends a message to the network client, the interaction is specifically:

[0090] Sign the DHCP message according to the private key of the DHCP message sender, generate a second DHCP message that includes the signature data, and the source address of the second DHCP message is the CGA;

[0091] Send the second DHCP message.

[0092] In addition, the system also includes ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a method for processing a dynamic host configuration protocol (DHCP) message, which comprises the following steps: receiving a DHCP message, wherein a source address of the DHCP message is a color graphics adapter (CGA), and the DHCP message carries the signature data of a DHCP message sender; verifying the CGA; verifying the signature data; and if both the CGA and the signature data are qualified, processing a load of the DHCP message. In addition, the embodiment of the invention also provides a device and a system for processing DHCP message. The embodiment of the invention improves the interactive safety of DHCPv6 by the address verification and the signature verification which are bound with the CGA, and the transparency of a public key brings convenience to key management, moreover, because a life cycle of the public key is longer, the configuration of a DHCP server end and / or a network client end is very convenient.

Description

technical field [0001] The present invention relates to communication technology, in particular to a method, device and system for processing Dynamic Host Configuration Protocol (DHCP) messages. Background technique [0002] The Dynamic Host Configuration Protocol is one of the TCP / IP protocol clusters, and it is a protocol designed by IETF to realize the automatic configuration of network clients. The DHCP protocol includes DHCPv4 and DHCPv6 versions according to different IP versions. The DHCPv6 protocol that this application document is aimed at. The DHCPv6 protocol includes 13 message types, namely: SOLICIT, ADVERTISE, REQUEST, CONFIRM, RENEW, REBIND, REPLY, RELEASE, DECLINE, RECONFIGURE, INFORMATION-REQUEST, RELAY-FORW, RELAY-REPL. For the convenience of description, it is collectively referred to as a DHCP message. The DHCPv6 protocol describes the interactive process in which the DHCP server and the network client complete the automatic configuration of the network...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L9/30H04L29/06H04L29/12
CPCH04L61/6059H04L29/12915H04L63/126H04L61/2015H04L2101/659H04L61/5014
Inventor 沈烁蒋胜
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap