Authors: Md. Ataullah, Naveen Chauhan

Abstract:

The Address Resolution Protocol (ARP) is used by computers to map logical addresses (IP) to physical addresses (MAC). However ARP is an all trusting protocol and is stateless which makes it vulnerable to many ARP cache poisoning attacks such as Man-in-the-Middle (MITM) and Denial of service (DoS) attacks. These flaws result in security breaches thus weakening the appeal of the computer for exchange of sensitive data. In this paper we describe ARP, outline several possible ARP cache poisoning attacks and give the detailed of some attack scenarios in network having both wired and wireless hosts. We have analyzed each of proposed solutions, identify their strengths and limitations. Finally get that no solution offers a feasible solution. Hence, this paper presents an efficient and secure version of ARP that is able to cope up with all these types of attacks and is also a feasible solution. It is a stateful protocol, by storing the information of the Request frame in the ARP cache, to reduce the chances of various types of attacks in ARP. It is more efficient and secure by broadcasting ARP Reply frame in the network and storing related entries in the ARP cache each time when communication take place.

Keywords: ARP cache poisoning, MITM, DoS

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1080064

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2870

References:

[1] D. Bruschi, A. Omaghi and E. Rosti, "S-ARP: a secure address resolution protocol," in Proceedings of the 19th Annual Computer Security Applications Conference, December 2003.
[2] W. Lootah, W. Enck and P. McDaniel, "TARP: Ticket-based address resolution protocol," in Proceedings of the 21st Annual Computer Security Applications Conference, December 2005.
[3] M. A. Carnut and J. C. Gondim, "ARP spoofing detection on switched Ethernet networks: A feasibility study," in Proceedings of the 5th Simpósio Segurança em Informática, November 2003.
[4] M. M. Dessouky, W. Elkilany, and N. Alfishawy, "A Hardware Approach for detecting the ARP Attack," in 7th International Conference on Informatics and Systems (INFOS), May 2010.
[5] S. Puangpronpitag and N. Masusai, "An Efficient and Feasible Solution to ARP Spoof Problem," in 6th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, May 2009.
[6] Roney Philip, "Securing Wireless Networks from ARP Cache Poisoning," (2007).Master's Projects. Paper 131.
[7] Cristina L. Abad and Rafael I. Bonilla, "An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks," in 27th International Conference on Distributed Computing Systems Workshops, 2007.
[8] M. Tripunitara and P. Dutta, "A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning," in Proceedings of the 15th Annual Computer Security Applications Conference, December 1999.
[9] Mohamed G. Gouda and Chin-Tser Huang, "A secure address resolution protocol" in the International Journal of Computer and Telecommunications Networking, Computer Networks, Elsevier, Volume 41, Issue 1, pages: 57-71, January, 2003.
[10] B. Issac and L. A. Mohammed, "Secure Unicast Address Resolution Protocol (S-UARP) by Extending DHCP," in 13th IEEE International Conference on Networks, 2005. Jointly held with the IEEE 7th Malaysia International Conference on Communication 2005.
[11] B. Fleck and J. Dimov, "Wireless Access Points and ARP Poisoning: Wireless vulnerabilities that expose the wired network,".
[12] D. C. Plummer, "An ethernet address resolution protocol," in RFC 826, 1982.
[13] B. Issac, "Secure ARP and Secure DHCP Protocols to Mitigate Security Attacks," in International Journal of Network Security, Vol.8, No.2, PP.107-118, March, 2009.