Mitigation of DHCP starvation attack

Authors:
Husameldin Mukhtar;Khaled Salah;Youssef Iraqi
Affiliations:
Khalifa University of Science, Technology and Research (KUSTAR), United Arab Emirates;Khalifa University of Science, Technology and Research (KUSTAR), United Arab Emirates;Khalifa University of Science, Technology and Research (KUSTAR), United Arab Emirates
Venue:
Computers and Electrical Engineering
Year:
2012

Citing 10
Cited 0

Addressing the Weak Link Between Layer 2 and Layer 3 in the Internet Architecture

LCN '04 Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks
Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis

Mobile Networks and Applications - Special issue: Wireless mobile wireless applications and services on WLAN hotspots
Security aspects in IPv6 networks - implementation and testing

Computers and Electrical Engineering
CLL: A Cryptographic Link Layer for Local Area Networks

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
A hybrid intrusion detection system design for computer network security

Computers and Electrical Engineering
Network Infrastructure Security

Network Infrastructure Security
Vulnerability analysis of networks to detect multiphase attacks using the actor-based language Rebeca

Computers and Electrical Engineering
DHCP origin traceback

ICDCN'11 Proceedings of the 12th international conference on Distributed computing and networking
Enhance IPv6 Dynamic Host Configuration with Cryptographically Generated Addresses

IMIS '11 Proceedings of the 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
Design and implementation of improved security protocols for DHCP using digital certificates

ICON '11 Proceedings of the 2011 17th IEEE International Conference on Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

DHCP starvation attack is an attack that targets DHCP servers whereby forged DHCP requests are crafted by an attacker with the intent of exhausting all available IP addresses that can be allocated by the DHCP server. Under this attack, legitimate network users can be denied service. In this paper, we describe the seriousness of the attack and survey and evaluate existing solutions designed to mitigate such an attack. In addition, we propose a novel mitigation solution. Our solution overcomes the limitations of existing solutions in terms of performance, effectiveness, and flexibility. Our solution is based on dynamic fair allocation of IP addresses and is suitable for unshared and shared (wireless) access networks. We study and analyze the proposed mitigation technique through numerical examples and simulations. Furthermore, simulation results show that our proposed solution is far superior in mitigating DHCP starvation attack when compared to other existing techniques such as fixed allocation and DHCP request rate detection.