One embodiment of the present invention broadly relates to key management from an uninitialized client and to a subsequent authenticated exchange for any system that integrates Kerberos Security with a dynamic address assignment scheme, such as a dynamic host configuration protocol (“DHCP”). Another embodiment broadly relates generally to network protocol implementation and, more particularly, to facilitating an uninitialized client in obtaining credentials and in conducting authenticated exchanges for network address assignment using DHCP, Kerberos Security and/or other applicable protocols. Thus, it can specifically provide a method for an uninitialized client to obtain credentials from a Kerberos server which are then used to provide authenticated exchange for network address assignment. The obtained credentials can be applied to an authentication option when DHCP is being employed for address assignment.
Modern networks are highly flexible. For example, individual network elements can be implemented physically and as processes, and can further function individually or in a more distributed manner. Each element can also be dynamically activated, de-activated and re-configured for performing a variety of operations. Considerable flexibility is also enabled via dynamic physical and virtual connection of individual elements and element groups. Thus, in a given instance, one element might require the use or sharing of resources with one or more other elements, each of which might exist locally or remotely within some other physical LAN or virtual domain. During a given exchange, a network element might also operate as a traditional client (e.g., by seeking services), a traditional server (e.g., by providing services) or both.
Given their high complexity, the implementation and management of modern networks is increasingly conducted in accordance with existing and emerging standards rather than through the use of proprietary solutions. For example, standards such as the dynamic host configuration protocol (“DHCP”) have been widely adopted for dynamically assigning addresses (e.g., from a server) by which “new” network elements can identify themselves and be identified by other network elements.
Such complexity has also prompted the increased adoption of standards for handling network security and other issues. For example, the Kerberos V standard provides a secure key management mechanism based on a security-key source or “trusted third party,” a Key Distribution Center (“KDC”), and has apparently become a current standard of choice. Using Kerberos, a client performs mutual authentication with a KDC and thereby obtains credentials that it needs to perform authentication with an application server when presented along with a fresh authenticator. The credentials or Kerberos “ticket” contains the client's identity, a session key, a timestamp, and other information, which are all sealed using the server's secret key. The client uses a current ticket in performing mutual authentication with the application server to establish a shared session key for use in subsequent message authentication.
Unfortunately, despite the advantages of standardization, attempts to provide comprehensive solutions to specific issues before real-world implementational ramifications are known can be problematic. It is now known, for example, that the current manner of using the DHCP and Kerberos standards fail to resolve the combined problem of an “uninitialized client.” More specifically, a “new” network element (e.g. newly enabled, reconfigured, re-enabled during recovery from failure, etc.) in a system that uses a dynamic assignment protocol such as DHCP will most often lack an IP address. In current DHCP-based implementations, such an uninitialized “DHCP-client” (e.g., an Internet host using DHCP to obtain configuration parameters, such as a network address) most often obtains an IP address along with other configuration parameters from a “DHCP-server” (which supplies such parameters) using DHCP. It is also desirable to authenticate DHCP exchanges to prevent denial of service attacks where DHCP clients are intentionally misconfigured, to assure a high degree of security, and for other reasons. Currently, however, DHCP is not equipped to handle authentication, especially a first message sent to a server by an uninitialized client.
The Internet Engineering Task Force or “IETF” has published two proposals for combining DHCP with Kerberos V Security. The first or “secret keys” proposal espouses authentication of a new client using secret keys which are shared between a DHCP server and its associated DHCP-clients. Unfortunately however, this proposal fails to specify how secret keys are distributed, updated or otherwise managed.
The second or “embedded keys” IETF proposal espouses embedding Kerberos key management messages and authenticators within DHCP messages. This solution is also unfortunately found to be problematic for several reasons. For example, this proposal cannot provide for authentication of the first DHCP message sent by a DHCP-client, despite the desirability of doing so. Among further examples, composite messages incorporating both DHCP and Kerberos message components are sorely over-complicated. It is also found that the proposed composite messaging cannot be easily applied to other address initialization protocols other than DHCP.
Accordingly, there is a need for network element authentication apparatuses and methods capable of providing authentication support without imposing the complexity of the current IETF proposals.