Abstract: The DHCP (dynamic host configuration protocol) allocates and manages IP address dynamically, and promotes address utilization, so the protocol has been widely used. However, due to the protocol without security mechanism, the potential security vulnerabilities such as illegal DHCP, Mac address disguise, replay attack and DoS attack are becoming more and more prominent. This paper proposes a security authentication model based on dynamic key (DK_SAM).The model combines with the current system time to compute the one-time key and uses the key to generate the message authentication code by Hash algorithm. Finally, the model achieves the objective of the security authentication through verifying the authentication code in Option180. Experimentation indicates that DK_SAM ensures the security characteristics, as well it has higher efficiency.

Key words: dynamic host configuration protocol (DHCP), security authentication, security vulnerability, DK_SAM

摘要： 动态主机配置协议（dynamic host configuration protocol，DHCP）动态管理分配IP地址，提升地址的使用率，得到了广泛的使用，但是由于该协议安全机制薄弱，致使其潜在的安全漏洞如非法DHCP服务器、Mac地址伪装、重放攻击、DoS攻击等日益凸显。提出了基于DK机制的安全认证方法（security authentication model based on dynamic key，DK_SAM），该方法结合系统当前时间计算一次性密钥，并用该密钥Hash计算消息认证码，最终DHCP实体通过验证自定义Option180中的认证码达到安全认证的目的。实验表明，DK_SAM方法在保证安全特性的同时具有较高的性能。

关键词: 动态主机配置协议（DHCP）, 安全认证, 安全漏洞, DK_SAM