An Efficient and Secure Solution for the Problems of ARP Cache Poisoning Attacks

The Address Resolution Protocol (ARP) is used by computers to map logical addresses (IP) to physical addresses (MAC). However ARP is an all trusting protocol and is stateless which makes it vulnerable to many ARP cache poisoning attacks such as Man-in-the-Middle (MITM) and Denial of service (DoS) attacks. These flaws result in security breaches thus weakening the appeal of the computer for exchange of sensitive data. In this paper we describe ARP, outline several possible ARP cache poisoning attacks and give the detailed of some attack scenarios in network having both wired and wireless hosts. We have analyzed each of proposed solutions, identify their strengths and limitations. Finally get that no solution offers a feasible solution. Hence, this paper presents an efficient and secure version of ARP that is able to cope up with all these types of attacks and is also a feasible solution. It is a stateful protocol, by storing the information of the Request frame in the ARP cache, to reduce the chances of various types of attacks in ARP. It is more efficient and secure by broadcasting ARP Reply frame in the network and storing related entries in the ARP cache each time when communication take place.

Authors:

• Md. Ataullah
• Naveen Chauhan

Keywords:

• ARP cache poisoning
• MITM
• DoS

References:

[1] D. Bruschi, A. Omaghi and E. Rosti, "S-ARP: a secure address
resolution protocol," in Proceedings of the 19th Annual Computer
Security Applications Conference, December 2003.
[2] W. Lootah, W. Enck and P. McDaniel, "TARP: Ticket-based address
resolution protocol," in Proceedings of the 21st Annual Computer
Security Applications Conference, December 2005.
[3] M. A. Carnut and J. C. Gondim, "ARP spoofing detection on switched
Ethernet networks: A feasibility study," in Proceedings of the 5th
Simpósio Segurança em Informática, November 2003.
[4] M. M. Dessouky, W. Elkilany, and N. Alfishawy, "A Hardware
Approach for detecting the ARP Attack," in 7th International
Conference on Informatics and Systems (INFOS), May 2010.
[5] S. Puangpronpitag and N. Masusai, "An Efficient and Feasible Solution
to ARP Spoof Problem," in 6th International Conference on Electrical
Engineering/Electronics, Computer, Telecommunications and
Information Technology, May 2009.
[6] Roney Philip, "Securing Wireless Networks from ARP Cache
Poisoning," (2007).Master's Projects. Paper 131.
[7] Cristina L. Abad and Rafael I. Bonilla, "An Analysis on the Schemes for
Detecting and Preventing ARP Cache Poisoning Attacks," in 27th
International Conference on Distributed Computing Systems
Workshops, 2007.
[8] M. Tripunitara and P. Dutta, "A middleware approach to asynchronous
and backward compatible detection and prevention of ARP cache
poisoning," in Proceedings of the 15th Annual Computer Security
Applications Conference, December 1999.
[9] Mohamed G. Gouda and Chin-Tser Huang, "A secure address resolution
protocol" in the International Journal of Computer and
Telecommunications Networking, Computer Networks, Elsevier,
Volume 41, Issue 1, pages: 57-71, January, 2003.
[10] B. Issac and L. A. Mohammed, "Secure Unicast Address Resolution
Protocol (S-UARP) by Extending DHCP," in 13th IEEE International
Conference on Networks, 2005. Jointly held with the IEEE 7th Malaysia
International Conference on Communication 2005.
[11] B. Fleck and J. Dimov, "Wireless Access Points and ARP Poisoning:
Wireless vulnerabilities that expose the wired network,".
[12] D. C. Plummer, "An ethernet address resolution protocol," in RFC 826,
1982.
[13] B. Issac, "Secure ARP and Secure DHCP Protocols to Mitigate Security
Attacks," in International Journal of Network Security, Vol.8, No.2,
PP.107-118, March, 2009.