skip to main content
10.1145/1582379.1582584acmconferencesArticle/Chapter ViewAbstractPublication PagesiwcmcConference Proceedingsconference-collections
research-article

An enhanced secure ARP protocol and LAN switch for preveting ARP based attacks

Published:21 June 2009Publication History

ABSTRACT

After the ARP protocol was drafted, a subtle weakness in the protocol was discovered. In fact, ARP provides no means to establish the authenticity of the source of incoming ARP packets. That's why any host of a LAN network can forge an ARP message containing malicious information to poison the ARP caches of target hosts. This lack of authentication mechanisms has made ARP vulnerable to a raft of IP-based impersonation, Man-in-the-Middle (MiM) and DoS attacks. In this paper we discuss a security solution to solve the ARP vulnerabilities and authenticity issues. For that purpose, a novel secure extended ARP protocol is proposed. In addition, the LAN switch has been enhanced to assume the role of "Trusted Authority" and assure the hosts authentication while exchanging ARP messages.

References

  1. LBNL's Network Research Group, "Arpwatch: Ethernet Monitor Program", http://wwwnrg.ee.lbl.gov.pht.com/antisniff/.Google ScholarGoogle Scholar
  2. Snort: http://www.snort.org/.Google ScholarGoogle Scholar
  3. Bruschi, D. Ornaghi, A. Rosti, E., "S-ARP: a secure address resolution protocol", Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Page(s): 66--74, 8--12 December 2003, Las Vegas, NV, USATavel, P. 2007 Modeling and Simulation Design. AK Peters Ltd. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Mohamed G. Gouda and Chin-Tser Huang, "A Secure Address Resolution Protocol", The International Journal of Computer and Telecommunications Networking, Computer Networks, Elsevier, Volume 41, Issue 1, pages: 57--71, January, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. K. Seo, C. Lynn, and S. Kent. Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In Proceedings of DARPA Information Survivability Conference and Exposition II. IEEE, June 2001.Google ScholarGoogle ScholarCross RefCross Ref
  6. D. Song. dsniff: a collection of tools for network auditing and penetration testing. http://www.monkey.org/dugsong/dsniff, accessed May 2005.Google ScholarGoogle Scholar
  7. T. Demuth and A. Leitner. ARP spoofing and poisoning: Traffic tricks. Linux Magazine, 56:26--31, July 2005.Google ScholarGoogle Scholar
  8. C. Schluting. Configure your Catalyst for a more secure layer 2, Jan. 2005. <http://www.enterprisenetworkingplanet.com/netsecur/article.php/3462211>. (Last accessed April 17, 2006).Google ScholarGoogle Scholar
  9. M. Tripunitara and P. Dutta. A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC '99), Dec. 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. D. C. Plummer. An Ethernet address resolution protocol or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware. RFC 826, November 1982. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. S. M. Bellovin. Security problems in the tcp/ip protocol suite. Computer Communications Review, 2(19):32--48, April 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. S. M. Bellovin. A look back at"security problems in the tcp/ip protocol suite". In 20th Annual Computer Security Application Conference (ACSAC), pages 229--249, December 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Farahmand, A. Azarfar, A. Jafari, V. Zargari: A Multivariate Adaptive Method for Detecting ARP Anomaly in Local Area Networks. ICSNC 2006: 53. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. An enhanced secure ARP protocol and LAN switch for preveting ARP based attacks

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Conferences
      IWCMC '09: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly
      June 2009
      1561 pages
      ISBN:9781605585697
      DOI:10.1145/1582379

      Copyright © 2009 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 21 June 2009

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader