Visible to the public Extending Authentication Mechanism to Cooperate with Accountable Address Assignment

TitleExtending Authentication Mechanism to Cooperate with Accountable Address Assignment
Publication TypeConference Paper
Year of Publication2019
AuthorsWu, Boyang, Li, Hewu, Wu, Qian
Conference Name2019 IEEE Wireless Communications and Networking Conference (WCNC)
Date PublishedApril 2019
PublisherIEEE
ISBN Number978-1-5386-7646-2
Keywords802.1X, accountable address assignment, accountable identity, Accountable IP, Accountable IP address assignment, accounting ability, authentication, CAIP, composability, computer network security, DHCP request process, effective accountability mechanisms, Internet, IP addresses, IP networks, IP source addresses, IPv6, main identity authentication mechanism, message authentication, Metrics, network accountability, Portals, privacy, Protocols, pubcrawl, resilience, Resiliency, SAVI, security problems, Source Address Validation Improvement, user authentication, wireless networks
Abstract

Lack of effective accountability mechanisms brings a series of security problems for Internet today. In Next Generation Internet based on IPv6, the system of identity authentication and IP verification is the key to accounting ability. Source Address Validation Improvement (SAVI) can protect IP source addresses from being faked. But without identity authentication mechanism and certain relationship between IP and accountable identity, the accountability is still unreliable. To solve this problem, most research focus on embedding accountable identity into IP address which need either changing DHCP client or twice DHCP request process due to the separate process of user authentication and address assignment. Different from previous research, this paper first analyzes the problems and requirements of combining Web Portal or 802.1X, two main identity authentication mechanism (AAA), with the accountable address assignment in SAVI frame-work. Then a novel Cooperative mechanism for Accountable IP address assignment (CAIP) is proposed based on 802.1X and SAVI, which takes into account the validation of IP address, the authenticity and accountability of identity at the same time. Finally, we build up prototype system for both Fat AP and Thin AP wireless scenarios and simulate the performance of CAIP through large-scale campus networks' data logs. The experiment result shows that the IP addresses and identities in CAIP are protective and accountable. Compared with other previous research, CAIP is not only transparent to the terminals and networks, but also low impact on network equipment, which makes CAIP easy deployment with high compatibility and low cost.

URLhttps://ieeexplore.ieee.org/document/8885688
DOI10.1109/WCNC.2019.8885688
Citation Keywu_extending_2019