Mitigating ARP poisoning-based man-in-the-middle attacks in wired or wireless LAN
Tóm tắt
In this article, an enhanced version of address resolution protocol (ARP) is proposed to prevent ARP poisoning-based man-in-the-middle (MITM) attacks in wired or wireless LAN environments. The proposed mechanism is based on the idea that when a node knows the correct MAC address for a given IP address, if it does not delete the mapping while the machine is alive, then MITM attack is not possible for that IP address. In order to prevent MITM attack even for a new IP address, we propose a new IP/MAC mapping conflict resolution mechanism based on computational puzzle and voting. Our proposed scheme can efficiently mitigate ARP poisoning-based MITM attacks, even in Wi-Fi hot-spots where wireless machines can easily come and leave, since the proposed mechanism does not require manual configuration if the proposed ARP is deployed through operating system (OS) upgrade. The proposed scheme is backward compatible with the existing ARP protocol and incrementally deployable with benefits to the upgraded machines.
Tài liệu tham khảo
Plummer DC: An ethernet address resolution protocol. RFC 1982., 826:
Stevens RW: TCP/IP Illustrated. Volume 1. Addison Wesley, Boston; 2001.
Benvenuti C: Understanding Linux Network Internals. O'Reilly, California; 2006.
Hacking UNIX 2003: A tutorial for performing various attacks including ARP poisoning attack on UNIX systems.[http://duho.cjb.net]
Whalen S: An introduction to arp spoofing.[http://packetstormsecurity.org/papers/protocols/intro_to_arp_spoofing.pdf]
Goyal V, Tripathy R: An efficient solution to the ARP cache poisoning problem. In Proc of Australasian Conference on Information Security and Privacy (ACISP). Volume 1. Brisbane, Australia; 2005:40-51.
Fleck B, Dimov J: Wireless access points and arp poisoning.[http://bandwidthco.com/whitepapers/netforensics/arp-rarp/Wireless%20Access%20Points%20and%20ARP%20Poisoning.pdf]
Bhaiji Y: Network Security Technologies and Solutions. Cisco Press, New York; 2008.
Bruschi D, Ornaghi A, Rosti E: S-ARP: a Secure address resolution protocol. In Proc of Annual Computer Security Applications Conference (ACSAC). Volume 1. Las Vegas, Nevada, USA; 2003:66-74.
Lootah W, Enck W, McDaniel P: TARP: Ticket-based address resolution protocol. Comput Netw 2007, 51(15):4322-4337. 10.1016/j.comnet.2007.05.007
Teterin I: Antidote.[http://online.securityfocus.com/archive/1/299929]
Philip R: Securing Wireless Networks from ARP Cache Poisoning. Master's Thesis, San Jose State University; 2007.
Nam SY, Kim D, Kim J: Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun Lett 2010, 14(2):187-189.
Kamerman A, Monteban L: WaveLAN-II, A high-performance wireless LAN for the unlicensed band. Bell Lab Techn J 1997, 2(3):118-133.
Lacage M, Manshaei MH, Turletti T: IEEE 802.11 rate adaptation: a practical approach. In Proc of ACM International Symposium on Modeling, analysis and simulation of wireless and mobile systems (MSWiM'04). Volume 1. Venice, Italy; 2004:126-134.
Dwork C, Naor M: Pricing via processing or combatting junk mail. In Proc of CRYPTO. Volume 1. Santa Barbara, California, USA; 1992:139-147.
Borisov N: Computational puzzles as sybil defenses. In Proc of IEEE International Conference on Peer-to-Peer Computing. Volume 1. Cambridge, UK; 2006:171-176.
Parno B, Wendlandt D, Shi E, Perrig A, Maggs B, Hu YC: Portcullis: protecting connection setup from denial-of-capability attacks. In Proc of SIGCOMM. Volume 1. Kyoto, Japan; 2007:289-300.
Rivest RL, Shamir A, Adleman L: A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 1978, 21(2):120-126. 10.1145/359340.359342
Kaufman C, Perlman R, Speciner M: Network Security-Private Communication in a Public World. 2nd edition. Prentice Hall, Upper Saddle River; 2002.
Gratuitous ARP - The Wireshark Wiki[http://wiki.wireshark.org/Gratuitous_ARP]
Chatzimisios P, Boucouvalas AC, Vitsas V: IEEE 802.11 packet delay-a finite retry limit analysis. In Proc of IEEE Globecom. Volume 2. San Francisco, USA; 2003:950-954.