Learn about Bluetooth Technology, Slides of Mobile Computing

Download Learn about Bluetooth Technology and more Slides Mobile Computing in PDF only on Docsity!

DYNAMIC HOST

CONFIGURATION PROTOCOL

(DHCP)

Introduction

◼ Dynamic Host Configuration Protocol ( DHCP ) is a protocol used by networked devices ( clients ) to obtain various parameters necessary for the them to operate in an Internet Protocol (IP) network. ◼ By using this protocol, system administration workload greatly decreases, and devices can be added to the network with minimal or no manual configurations. ◼ It automates the assignment of IP addresses, subnet masks, default gateway, and other IP parameters to clients that do not require permanent IP address ◼ The characteristics of DHCP includes ❑ Centralized IP address administration ❑ Backward compatibility with BOOTP ❑ Supports multiple servers ❑ Provides dynamic address assignment ❑ Allows static address assignment ❑ Does not interact with domain name service

Introduction

◼ Relay Agent software : DHCP client broadcast requests onto local network segments to obtain IP address. However, routers block broadcast, thus responses from DHCP servers must come from the same network. The relay agent software intercepts IP address requests on local network segments, repackages the requests and then rebroadcast them as unicast messages to DHCP servers residing in different network segments. The DHCP server sends its replies to the relay agent, which in turn forwards them to the client requesting the IP address.

Basic DHCP configuration

Server (^) Client Client Relay DHCPDISCOVER DHCPDISCOVER

Address Acquisition Process

◼ Client broadcasts a DHCPDISCOVER message into the subnet ◼ Servers reply to the client ’ s request with DHCPOFFER and offer a list of configuration parameters ◼ Client accepts one configuration and rejects others using DHCPREQUEST ◼ Server with rejected DHCPREQUEST free the reserved configuration for other possible clients ◼ Server with accepted configuration confirms the configuration with DHCPACK ◼ This completes initialization phase

Address Acquisition Process DHCPDISCOVER (^) DHCPDISCOVER Server^ Client^ Server Determine the configuration Determine the configuration DHCPOFFER Initialization Collection of replies DHCPREQUEST options DHCPREQUEST reject Selection of configuration Confirmation the configuration DHCPACK Initialization complete DHCPRELEASE (^) Delete context Release DHCPOFFER

Address Acquisition Process : States and Transitions ◼ Initialization state to selection state: While a client is initially booting up, it enters the first state, which is the initialization state. While in the initialization state, the client broadcasts a DHCP Discover message onto the network that places the client in the selection state. ◼ Selection state to request state: One or more of the DHCP servers on the network responds to the broadcast with a DHCP Offer message. The requesting client may receive more than one response. ◼ The client chooses one of the responses and negotiates with the respective server for an address lease by sending a DHCP Request message, which puts the client in the request state. ◼ Request state to bound state: The server responds to the request message with a positive acknowledgment ( DHCP ACK ), which begins the lease time and puts the client in the bound state. The client will remain in the bound state until the lease expires or the client releases the IP address.

Address Renewal Process : States and Transitions

◼ When a client’s lease near its expiration time,

the client must initiate an address renewal

procedure if it wishes to maintain an IP

address and continue communicating over

the network

◼ While in bound state, it sets three timers

relating to lease renewal and records the

time the address was received.

◼ The DHCP server determines explicit values

for the timers when it assigns an IP address

to a client

Address Renewal Process : States and Transitions ◼ Bound state to Renew state : after the client’s first timer (renewal timer) reaches 50 % of its initial value, it broadcasts a DHCP Request message for a lease renewal and moves to Renew state ◼ Renew state to Bound state : if the server approves the lease renewal, it sends a DHCP ACK message, the client moves from the renew state back to the bound state and continues using its original IP address ◼ Renew state to initialization state : if the server disapproves the lease renewal, the client moves from the renew state to the initialization state and begins the process of acquiring a new IP address

Address Renewal Process : States and Transitions ◼ Renew state to Rebind state : if a client does not receive a response from the server within the 87. 5 % of the lease time, it moves to the rebind state and assuming that the server is no more available broadcasts a DHCP Request message on to the network looking for any available server ◼ Rebind state to Bound state : if the client receives a positive response from any server, it is granted an extension of its current IP address, the two timers are set, and the client returns to the bound state with the same IP address ◼ Rebind state to Initialization state : if the client receives a negative response, it moves to the initialization state and begins the process of acquiring a new IP address

SECURITY

◼ Due to its standardization before Internet

security became an issue, the basic DHCP

protocol does not include any security

provisions, potentially exposing it to two types

of attacks:

❑ Unauthorized DHCP Servers ❑ Unauthorized DHCP Clients

Unauthorized DHCP Servers

◼ A client cannot specify the server it wants;

hence an unauthorized server can respond to

client requests sending the client network

configuration values that are beneficial to a

hijacker.

◼ As an example, a hacker can configure the

DHCP server to configure clients to a DNS

server which has been poisoned.

SECURITY

◼ To combat these threats RFC 3118 ("Authentication for DHCP Messages") introduced authentication information into DHCP messages allowing clients and servers to reject information from invalid sources ◼ Other security measures are usually implemented around the DHCP server (such as IPSec) to ensure that only authenticated clients and servers are granted access to the network.