research-article

Genuine ARP (GARP): a broadcast based stateful authentication protocol

Authors:

Subash Dangol,

S. Selvakumar,

M. BrindhaAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 36, Issue 4

Pages 1 - 10

https://doi.org/10.1145/1988997.1989013

Published: 04 August 2011 Publication History

Get Access

Abstract

Address Resolution Protocol (ARP) is used to map the network address (IP address) to a physical address (MAC address). Being a stateless protocol and lacking proper authentication mechanism in the ARP messages, ARP is vulnerable for cache poisoning attack. Attacker can perform Man-In-The-Middle (MITM) attack or Denial of Service (DoS) attack and can access sensitive information, modify the contents, or deny the host from getting services. Different techniques for the detection and prevention of ARP cache poisoning attack have been proposed. Detection techniques (such as ARPWatch and Intrusion Detection techniques) generate false positives. Some prevention technique makes change in the switch itself and some uses cryptographic techniques. Secure-ARP and Ticket based ARP (TARP) are cryptographic techniques but suffer from single point failure and ticket flooding attacks respectively. ARP is a stateless protocol and ARP messages lacks the address authentication mechanism. As an ARP reply is unicast, all host systems in the LAN are not aware of the attacker present in the LAN. In this paper, we have proposed a protocol known as "Genuine Address Resolution Protocol (GARP)". Two novel concepts, viz., broadcastbased reply, and the Certifier for proof of IP address ownership have been proposed in GARP. As a reply is broadcast, the host, whose IP the attacker is using for attack, is aware of the attacker and subsequently makes other hosts in the LAN also aware of the attacker. Thus, the protocol prevents possible attack from the same attacker in the future. Statefulness is achieved by two tables, viz., the pending table and the blacklist table. The pending table holds the reply till its genuineness is proved and the blacklist table holds the MAC of attacker. Furthermore, the Certificate Authority is responsible for monitoring the ARP activities, which intervenes with appropriate messages at appropriate instances. The Dynamic Host Configuration Protocol (DHCP) server could be loaded with the additional service of monitoring ARP activities. The protocol has been implemented on Linux operating system. GARP was tested for various possible cases of ARP cache poisoning attack. From the results, it could be inferred that the GARP provides security against ARP cache poisoning attacks.

References

[1]

Abad, C. L. and Bonilla, R. I. An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks. In 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07), (Toronto, Canada, June 25-29, 2007), 60--67. DOI=http://dx.doi.org/10.1109/ICDCSW.2007.19.

Abstract

References

Cited By

Index Terms

Recommendations

An enhanced secure ARP protocol and LAN switch for preveting ARP based attacks

On Securing Bi- and Tri-partite Session Key Agreement Protocol Using IBE Framework

Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges

Comments

Information

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations