电信科学 ›› 2019, Vol. 35 ›› Issue (12): 15-23.doi: 10.11959/j.issn.1000-0801.2019289

• 专题:IPv6技术与应用 • 上一篇    下一篇

基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案

况鹏,刘莹,何林(),任罡   

  1. 清华大学网络科学与网络空间研究院北京信息科学与技术国家研究中心,北京 100084
  • 修回日期:2019-12-18 出版日期:2019-12-20 发布日期:2020-01-15
  • 作者简介:况鹏(1995- ),男,清华大学网络科学与网络空间研究院硕士生,主要研究方向为可编程网络和下一代互联网结构|刘莹(1973- ),女,清华大学网络科学与网络空间研究院副研究员,主要研究方向为网络结构设计、下一代互联网结构、路由算法和协议|何林(1991- ),男,清华大学网络科学与网络空间研究院博士后,主要研究方向为网络结构和协议设计|任罡(1979- ),男,清华大学网络科学与网络空间研究院副研究员,主要研究方向为网络结构设计、下一代互联网结构和网络安全
  • 基金资助:
    国家自然科学基金资助项目(61772307);国家自然科学基金资助项目(61402257);国家重点研发计划基金资助项目(2018YFB1800405);国家重点研发计划基金资助项目(2018YFB1800404);国家重点研发计划基金资助项目(2017YFB0801701)

IEEE 802.1x-based user identity-embedded IPv6 address generation scheme

Peng KUANG,Ying LIU,Lin HE(),Gang REN   

  1. Institute for Network Sciences and Cyberspace,Beijing National Research Center for Information Science and Technology,Tsinghua University,Beijing 100084,China
  • Revised:2019-12-18 Online:2019-12-20 Published:2020-01-15
  • Supported by:
    The National Natural Science Foundation of China(61772307);The National Natural Science Foundation of China(61402257);The National Key Research and Development Program of China(2018YFB1800405);The National Key Research and Development Program of China(2018YFB1800404);The National Key Research and Development Program of China(2017YFB0801701)

在线阅读

16

PDF下载

297

摘要:

将可扩展的用户身份标识嵌入IPv6地址中,不仅为追溯用户身份和精细管控用户行为提供可能,而且有利于提高互联网的安全性、可审计性和可信性。目前提出的嵌入用户身份标识的IPv6地址生成方案存在DHCPv6 客户端开发复杂或临时地址租约难以管理等问题,均不易于实际部署。考虑到身份认证与地址分配之间的时序逻辑,提出一种基于IEEE 802.1x的嵌入用户身份标识的IPv6地址生成方案,通过在二层进行用户身份认证,随后进行IPv6地址分配,解耦了身份认证与地址分配过程,避免了为各操作系统开发新的扩展DHCPv6客户端以及为DHCPv6服务器维护临时地址租约等限制,更加具备可部署性。

关键词: 用户身份标识, IEEE802.1x, DHCPv6

Abstract:

Embedding extensible user identities into IPv6 addresses not only provides the possibility of tracing the user identity and finely controlling the user behavior,but also helps to improve the security,auditability and credibility of the Internet.Current schemes that embed user identity within IPv6 address are hard to deploy in practice due to the complexity of DHCPv6 client development or the complicated management of temporary address.Considering the sequential logic between identity authentication and address allocation,a IEEE 802.1x-based user identity-embedded IPv6 address generation scheme was proposed.By conducting identity authentication using layer-2 mechanisms and then assigning IPv6 addresses,this scheme decoupled the process of identity authentication and address allocation,and avoided the limitation of developing new extended DHCPv6 clients for each operating system and maintaining temporary address leases on DHCPv6 servers,which was more deployable.

Key words: user identifier, IEEE 802.1x, DHCPv6

中图分类号: 

No Suggested Reading articles found!