Advertisement

An Efficient Solution to the ARP Cache Poisoning Problem

  • Vipul Goyal
  • Rohit Tripathy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)

Abstract

ARP cache poisoning is a long standing problem which is known to be difficult to solve without compromising efficiency. The cause of this problem is the absence of authentication of the mapping between IP addresses and MAC addresses. Due to lack of the required authentication, any host on the LAN can forge an ARP reply containing malicious IP to MAC address mapping causing ARP cache poisoning. In fact, there are a number of tools freely available on the internet using which, even a newbie can launch such an attack. In this paper, we present a new cryptographic technique to make ARP secure and provide protection against ARP cache poisoning. Our technique is based on the combination of digital signatures and one time passwords based on hash chains. This hybrid system prevents the ARP cache poisoning attack while maintaining a good system performance at the same time.

Keywords

Mutual Authentication Certification Authority Network Interface Card Address Resolution Protocol Hash Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barnaba, M.: Anticap (2003), http://cvs.antifork.org/cvsweb.cgi/anticap
  2. 2.
    Fleck, B.: Wireless access points and arp poisoning [online document], Available at http://www.cigitallabs.com/resources/papers/download/arppoison.pdf
  3. 3.
  4. 4.
    Laubach, M.: Classical IP and ARP over ATM. RFC 1577 (1994)Google Scholar
  5. 5.
    Ornaghi, A., Valleri, M.: A multipurpose sniffer for switched LANs, http://ettercap.sf.net
  6. 6.
    Plummer, D.C.: An ethernet address resolution protocol. RFC 826 (1982)Google Scholar
  7. 7.
    Song, D.: A suite for man in the middle attacks, http://www.monkey.org/fidugsong/dsniff
  8. 8.
    Stevens, R.W.: TCP/IP Illustrated, vol. 1. Addison Wesley, Reading (2001) ISBN 0-201-63346-9 Google Scholar
  9. 9.
  10. 10.
    Wagner, R.: Address resolution protocol spoofing and man in the middle attacks (2001), http://rr.sans.org/threats/address.php
  11. 11.
    Whalen, S.: An introduction to arp spoofing [Online document] (2001), Available at http://packetstormsecurity.nl/papers/protocols/intro_to_arp_spoofing.pdf
  12. 12.
    Bruschi, D., Ornaghi, A., Rosti, E.: S-ARP: a Secure Address Resolution Protocol. In: Proceedings of 19th Annual Computer Security Applications Conference (ACSAC) (2003)Google Scholar
  13. 13.
    Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24.11, 770–772 (November 1981)Google Scholar
  14. 14.
    Haller, N.: The S/KEY One-Time Password System. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp 151–157 (February 1994)Google Scholar
  15. 15.
    Stemmer, A.: CAMs Enhance Network Performance, System Design [Online document] (January 1998), Available HTTP: http://www.eedesign.com/editorial/1998/systemdesign9801.html
  16. 16.
  17. 17.
    Whalen, S.H.: Towards Layer 2 Authentication: Preventing Attacks based on Address resolution Protocols Spoofing (2003) http://wp.netscape.com/eng/ssl3/draft302.txt (2002)
  18. 18.
    Convery, S.: Hacking Layer 2: Fun with Ethernet Switches, Blackhat [Online document] (2002), Available HTTP: http://www.blackhat.com/presentations/bh-usa-02/bhus-02-converyswitches.pdf
  19. 19.
    Micali, S.: NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In: First Annual PKI Research Workshop - Proceeding (April 2002)Google Scholar
  20. 20.
    Hacking UNIX, a tutorial for performing various attacks including ARP poisoning attack, on UNIX systems (2003), Available at http://duho.cjb.net
  21. 21.
    Tripunitara, M.V., Dutta, P.: A middleware approach to asynchronous and backward compatible detection and prevention of arp cache poisoning. In Proc. 15th Annual Computer Security Application Conference (ACSAC), pp. 303–309 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Vipul Goyal
    • 1
  • Rohit Tripathy
    • 1
  1. 1.OSP Global, Town Center, Andheri(E)MumbaiIndia

Personalised recommendations