ABSTRACT
After the ARP protocol was drafted, a subtle weakness in the protocol was discovered. In fact, ARP provides no means to establish the authenticity of the source of incoming ARP packets. That's why any host of a LAN network can forge an ARP message containing malicious information to poison the ARP caches of target hosts. This lack of authentication mechanisms has made ARP vulnerable to a raft of IP-based impersonation, Man-in-the-Middle (MiM) and DoS attacks. In this paper we discuss a security solution to solve the ARP vulnerabilities and authenticity issues. For that purpose, a novel secure extended ARP protocol is proposed. In addition, the LAN switch has been enhanced to assume the role of "Trusted Authority" and assure the hosts authentication while exchanging ARP messages.
- LBNL's Network Research Group, "Arpwatch: Ethernet Monitor Program", http://wwwnrg.ee.lbl.gov.pht.com/antisniff/.Google Scholar
- Snort: http://www.snort.org/.Google Scholar
- Bruschi, D. Ornaghi, A. Rosti, E., "S-ARP: a secure address resolution protocol", Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Page(s): 66--74, 8--12 December 2003, Las Vegas, NV, USATavel, P. 2007 Modeling and Simulation Design. AK Peters Ltd. Google ScholarDigital Library
- Mohamed G. Gouda and Chin-Tser Huang, "A Secure Address Resolution Protocol", The International Journal of Computer and Telecommunications Networking, Computer Networks, Elsevier, Volume 41, Issue 1, pages: 57--71, January, 2003. Google ScholarDigital Library
- K. Seo, C. Lynn, and S. Kent. Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In Proceedings of DARPA Information Survivability Conference and Exposition II. IEEE, June 2001.Google ScholarCross Ref
- D. Song. dsniff: a collection of tools for network auditing and penetration testing. http://www.monkey.org/dugsong/dsniff, accessed May 2005.Google Scholar
- T. Demuth and A. Leitner. ARP spoofing and poisoning: Traffic tricks. Linux Magazine, 56:26--31, July 2005.Google Scholar
- C. Schluting. Configure your Catalyst for a more secure layer 2, Jan. 2005. <http://www.enterprisenetworkingplanet.com/netsecur/article.php/3462211>. (Last accessed April 17, 2006).Google Scholar
- M. Tripunitara and P. Dutta. A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC '99), Dec. 1999. Google ScholarDigital Library
- D. C. Plummer. An Ethernet address resolution protocol or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware. RFC 826, November 1982. Google ScholarDigital Library
- S. M. Bellovin. Security problems in the tcp/ip protocol suite. Computer Communications Review, 2(19):32--48, April 1989. Google ScholarDigital Library
- S. M. Bellovin. A look back at"security problems in the tcp/ip protocol suite". In 20th Annual Computer Security Application Conference (ACSAC), pages 229--249, December 2004. Google ScholarDigital Library
- M. Farahmand, A. Azarfar, A. Jafari, V. Zargari: A Multivariate Adaptive Method for Detecting ARP Anomaly in Local Area Networks. ICSNC 2006: 53. Google ScholarDigital Library
Index Terms
An enhanced secure ARP protocol and LAN switch for preveting ARP based attacks
Recommendations
A mitigation system for ARP cache poisoning attacks
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud ComputingThough the telecommunication protocol ARP provides the most prominent service for data transmission in the network by providing the physical layer address for any host's network layer address, its stateless nature remains one of the most well-known ...
Genuine ARP (GARP): a broadcast based stateful authentication protocol
Address Resolution Protocol (ARP) is used to map the network address (IP address) to a physical address (MAC address). Being a stateless protocol and lacking proper authentication mechanism in the ARP messages, ARP is vulnerable for cache poisoning ...
Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks
In this letter, an enhanced version of Address Resolution Protocol (ARP) is proposed to prevent ARP poisoning-based Man-in-the-Middle (MITM) attacks. The proposed mechanism is based on the following concept. When a node knows the correct Media Access ...
Comments