An implementation of internet protocol options for self-authentication

摘要

This paper presents an enhancement of IP (Internet Protocol) standard to support user authentication within the protocol itself. The options field in an IP header is used for carrying specific data to add the ability of self-authentication. The specific data consist of a user identifier, a timestamp, and an HMAC calculated with important data in the IP header. The major purpose is to verify a device owner or a computer user in a local network in real time, before allowing access to restricted networks or the Internet. By this enhancement, the users can be authenticated at IP layer, without needing an additional user authentication process. The self-authentication ability provides a prevention of sending source-spoofed IP packet and also provides a high reliability of identifying the user. In addition, this ability does not require a creation of specific connection and an exchange of security parameters.