近十年來互聯網已成為 人類日常生活中不可或缺的一部分.事實上，許多機密和敏感信息都是從我們的設備（PC，移動設備）傳播到互聯網上。因此，網絡安全已成為一個嚴重的問題。在連接到互聯網的時候，DHCP是一種流行的協議，用於為主機分配IP地址和其他配置參數，而無需網絡管理員的人工干預。在設備IP地址獲取過程中，可能發生大量攻擊,HCP飢餓攻擊就是其中之一。本研究的目的是找到解決DHCP飢餓攻擊問題的方法。該研究開發的一種技術是從數據包分析中調查攻擊者的行為。已經基於請求的數量，請求之間的間隔和MAC地址欺騙來實現三個安全級別。該研究允許減輕大多數現有DHCP飢餓攻擊工具（Yersinia，Gobbler，DHCPpig，Metasploit等）的攻擊。安全算法性能：開銷，響應時間，成本，與傳統DHCP的兼容性已經過評估。

In the recent decade, the Internet has become indispensable to human daily life. In fact, many confidential and sensitive information’s are propagated from our devices (PC, mobile) to the Internet. Therefore, network security has become a serious concern. While connecting to the Internet, DHCP is a popular protocol used to assign IP addresses and other configurations parameters to hosts without the manual intervention of a network administrator. During the device IP address acquisition procedure, numerous attacks could take place and DHCP Starvation attack is one of them. The goal of this study is to find a solution to the starvation problem. One technique developed in the study is to investigate the attacker behavior from the packet analysis. Three security levels have been implemented based on the number of requests, the interval between the requests and the MAC address spoofing. The research allowed to mitigate the attacks of most existed starvation tools (e.g. Yersinia, Gobbler, DHCPpig, Metasploit, etc.). The security algorithm performance: overhead, response time, cost, compatibility with traditional DHCP have been evaluated.

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
1.1 Problem Statements . . . . . . . . . . . . . . . . . . . . . . . .1
1.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
2.1 Brief History . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Dynamic Host Configuration Protocol(DHCP) . . . . . . . . . . . .4
2.2.1 General Concepts . . . . . . . . . . . . . . . . . . . . . . . .4
2.2.2 DHCP Packet Format . . . . . . . . . . . . . . . . . . . . . . .5
2.2.3 DHCP Messages Exchange . . . . . . . . . . . . . . . . . . . . 6
2.3 DHCP Security Threats . . . . . . . . . . . . . . . . . . . . . . 8
3 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . .10
3.1 DHCP Snooping . . . . . . . . . . . . . . . . . . . . . . . . . .10
3.2 Cryptography and Certificates based Solutions . . . . . . . . . .10
3.3 SDN based Solutions . . . . . . . . . . . . . . . . . . . . . . .12
4 Methodology . . . . . . . . . . . . . . . . . . . . . .. . . . . . 13
4.1 Attacker Packets Analysis . . . . . . . . . . . . . . . . . . . 13
4.2 Proposed Algorithms . . . . . . . . . . . . . . . . . . . . . . .15
4.2.1 Security Level 1: Number of Requests . . . . . . . . . . . . . 17
4.2.2 Security Level 2: Requests Time Interval . . . . . . . . . . . 18
4.2.3 Security Level 3: MAC Address Spoofing . . . . . . . . . . . . 19
5 Implementation, Results and Discussion . . . . . . . . . . . . . . 20
5.1 Implementation Environment . . . . . . . . . . . . . . . . . . . 20
5.1.1 Environment Set Up . . . . . . . . . . . . . . . . . . . . . . 20
5.1.2 Starvation Attack Simulation . . . . . . . . . . . . . . . . . 21
5.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
5.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

1. Ralph Droms. Dynamic Host Configuration Protocol. RFC 2131, RFC Editor,March 1997.

2. D. D. Dinu and M. Togan. DHCP Server Authentication Using Digital
Certificates. In 2014 10th International Conference on Communications
(COMM), pages 1–6, May 2014.

3. Ju, HongIl and Han, Jong-Wook. DHCP Message Authentication with an
Effective Key Management. 05 2019.

4. Ashutosh Satapathy and Jenila Livingston. A denial of Service Attack on DHCP Server and its Countermeasures. ARPN Journal of Engineering and
Applied Sciences, 13:3983–3987, 06 2018.

5. Felix Lindner. Exploiting DORA–Attacks on the DHCP protocol.

6. P. Satam, H. Alipour, Y. Al-Nashif, and S. Hariri. DNS-IDS: Securing DNS in the Cloud Era. In 2015 International Conference on Cloud and Autonomic Computing, pages 296–301, Sep. 2015.

7. Mann T. Mogul J. Finlayson, R. and M. Theimer. A Reverse Address
Resolution Protocol. RFC 903, Jun 1984.

8. W. Croft and J. Gilmore. Bootstrap Protocol. RFC 951, Sept 1985.

9. N. Tripathi and N. Hubballi. Exploiting DHCP server-side IP address conflict detection: A DHCP starvation attack. In 2015 IEEE International
28 Conference on Advanced Networks and Telecommunications Systems (ANTS),
pages 1–3, Dec 2015.

10. S. Duangphasuk, S. Kungpisdan, and S. Hankla. Design and implementation of improved security protocols for DHCP using digital certificates. In 2011 17th IEEE International Conference on Networks, pages 287–292, Dec 2011.

11. DNS Hijacking. https://pdfs.semanticscholar.org/e1e1/adfa9752ed7d
a5ae2b1559b4df2811953e5a.pdf.

12. L. Senecal. Understanding and preventing attacks at layer 2 of the OSI reference model. In 4th Annual Communication Networks and Services
Research Conference (CNSR’06), pages 1 pp.–, May 2006.

13. Configuring DHCP snooping.
https: //www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/
security/configuration/guide/sec_nx-os-cfg/sec_dhcpsnoop.pdf.

14. R. Droms and W. Arbaugh. Authentication for DHCP messages. RFC 3118,
RFC Editor, June 2001.

15. Osama Younes. A Secure DHCP Protocol to Mitigate LAN Attacks. Journal of Computer and Communications, 04:39–50, 01 2016.

16. Whitfield Diffie and Martin Hellman. New Directions in Cryptography.
Information Theory, IEEE Transactions on, 22:644 – 654, 12 1976.

17. Chou-Chen Yang, Ren-Chiun Wang, and Wei-Ting Liu. Secure authentication Scheme for Session Initiation Protocol. Computers and Security, 24:381–386,08 2005.

18. Jhen-Li Wang and Yen-Chung Chen. An SDN-based defensive solution against DHCP attacks in the virtualization environment. pages 529–530, 08 2017.

19. Vmware: Downloads. https://my.vmware.com/web/vmware/downloads.

20. Internet System Consortium. https://www.isc.org/.

21. Kali Linux. https://www.kali.org/.

22. Wireshark. https://www.wireshark.org/.