An Efficient Solution to the ARP Cache Poisoning Problem

Goyal, Vipul; Tripathy, Rohit

doi:10.1007/11506157_4

Vipul Goyal¹⁸ &
Rohit Tripathy¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3574))

Included in the following conference series:

Australasian Conference on Information Security and Privacy

1485 Accesses
26 Citations
3 Altmetric

Abstract

ARP cache poisoning is a long standing problem which is known to be difficult to solve without compromising efficiency. The cause of this problem is the absence of authentication of the mapping between IP addresses and MAC addresses. Due to lack of the required authentication, any host on the LAN can forge an ARP reply containing malicious IP to MAC address mapping causing ARP cache poisoning. In fact, there are a number of tools freely available on the internet using which, even a newbie can launch such an attack. In this paper, we present a new cryptographic technique to make ARP secure and provide protection against ARP cache poisoning. Our technique is based on the combination of digital signatures and one time passwords based on hash chains. This hybrid system prevents the ARP cache poisoning attack while maintaining a good system performance at the same time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Barnaba, M.: Anticap (2003), http://cvs.antifork.org/cvsweb.cgi/anticap
Fleck, B.: Wireless access points and arp poisoning [online document], Available at http://www.cigitallabs.com/resources/papers/download/arppoison.pdf
Hunleth, F.: Secure link layer, http://www.cs.wustl.edu/fifhunleth/projects/projects.html
Laubach, M.: Classical IP and ARP over ATM. RFC 1577 (1994)
Google Scholar
Ornaghi, A., Valleri, M.: A multipurpose sniffer for switched LANs, http://ettercap.sf.net
Plummer, D.C.: An ethernet address resolution protocol. RFC 826 (1982)
Google Scholar
Song, D.: A suite for man in the middle attacks, http://www.monkey.org/fidugsong/dsniff
Stevens, R.W.: TCP/IP Illustrated, vol. 1. Addison Wesley, Reading (2001) ISBN 0-201-63346-9
Google Scholar
Teterin, I.: Antidote, http://online.securityfocus.com/archive/1/299929
Wagner, R.: Address resolution protocol spoofing and man in the middle attacks (2001), http://rr.sans.org/threats/address.php
Whalen, S.: An introduction to arp spoofing [Online document] (2001), Available at http://packetstormsecurity.nl/papers/protocols/intro_to_arp_spoofing.pdf
Bruschi, D., Ornaghi, A., Rosti, E.: S-ARP: a Secure Address Resolution Protocol. In: Proceedings of 19th Annual Computer Security Applications Conference (ACSAC) (2003)
Google Scholar
Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24.11, 770–772 (November 1981)
Google Scholar
Haller, N.: The S/KEY One-Time Password System. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp 151–157 (February 1994)
Google Scholar
Stemmer, A.: CAMs Enhance Network Performance, System Design [Online document] (January 1998), Available HTTP: http://www.eedesign.com/editorial/1998/systemdesign9801.html
http://cert.uni-stuttgart.de/archive/vulndev/2002/01/msg00295.html
Whalen, S.H.: Towards Layer 2 Authentication: Preventing Attacks based on Address resolution Protocols Spoofing (2003) http://wp.netscape.com/eng/ssl3/draft302.txt (2002)
Convery, S.: Hacking Layer 2: Fun with Ethernet Switches, Blackhat [Online document] (2002), Available HTTP: http://www.blackhat.com/presentations/bh-usa-02/bhus-02-converyswitches.pdf
Micali, S.: NOVOMODO: Scalable Certificate Validation and Simplified PKI Management. In: First Annual PKI Research Workshop - Proceeding (April 2002)
Google Scholar
Hacking UNIX, a tutorial for performing various attacks including ARP poisoning attack, on UNIX systems (2003), Available at http://duho.cjb.net
Tripunitara, M.V., Dutta, P.: A middleware approach to asynchronous and backward compatible detection and prevention of arp cache poisoning. In Proc. 15th Annual Computer Security Application Conference (ACSAC), pp. 303–309 (1999)
Google Scholar

Download references

Author information

Authors and Affiliations

OSP Global, Town Center, Andheri(E), Mumbai, India
Vipul Goyal & Rohit Tripathy

Authors

Vipul Goyal
View author publications
You can also search for this author in PubMed Google Scholar
Rohit Tripathy
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Information Security Institute, Queensland University of Technology, GPO Box 2434, Qld 4001, Brisbane, Australia
Colin Boyd
Information Security Institute, Queensland University of Technology, GPO Box 2434, QLD 4001, Brisbane, Australia
Juan Manuel González Nieto

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Goyal, V., Tripathy, R. (2005). An Efficient Solution to the ARP Cache Poisoning Problem. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_4

Download citation

DOI: https://doi.org/10.1007/11506157_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics