Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks

In this paper, we propose a new mechanism for counteracting ARP (Address Resolution Protocol) poisoning-based Man-in-the-Middle (MITM) attacks in a subnet, where wired and wireless nodes can coexist. The key idea is that even a new node can be protected from an ARP cache poisoning attack if the mapping between an IP and the corresponding MAC addresses is resolved through fair voting among neighbor nodes under the condition that the number of good nodes is larger than that of malicious nodes. Providing fairness in voting among the nodes that are heterogeneous in terms of the processing capability and access medium is quite a challenge. We attempt to achieve fairness in voting using the uniform transmission capability of Ethernet LAN cards and smaller medium access delays of Ethernet than for wireless LAN. Although there is another scheme that resolves the same issue based on voting, i.e. MR-ARP, the voting fairness is improved further by filtering the voting reply messages from the too-early responding nodes, and the voting-related key parameters are determined analytically considering the fairness in voting. This paper shows that fairness in voting can be achieved using the proposed approach, overcoming the limitations of other voting-based schemes, and ARP poisoning-based MITM attacks can be mitigated in a more generalized environment through experiments.

[1]  Brahim Bensaou,et al.  Performance evaluation of a fair backoff algorithm for IEEE 802.11 DFWMAC , 2002, MobiHoc '02.

[2]  Roney Philip Securing Wireless Networks from ARP Cache Poisoning , 2007 .

[3]  Gyu Sang Choi,et al.  Mitigating ARP poisoning-based man-in-the-middle attacks in wired or wireless LAN , 2012, EURASIP J. Wirel. Commun. Netw..

[4]  Christian Benvenuti Understanding Linux Network Internals , 2005 .

[5]  Dongwon Kim,et al.  Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks , 2010, IEEE Communications Letters.

[6]  Sophie Engle,et al.  AN INTRODUCTION TO ARP SPOOFING , 2001 .

[7]  Thierry Turletti,et al.  IEEE 802.11 rate adaptation: a practical approach , 2004, MSWiM '04.

[8]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[9]  David C. Plummer,et al.  Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware , 1982, RFC.

[10]  Hari Balakrishnan,et al.  An analysis of short-term fairness in wireless media access protocols (poster session) , 2000, SIGMETRICS '00.

[11]  Vipul Goyal,et al.  An Efficient Solution to the ARP Cache Poisoning Problem , 2005, ACISP.

[12]  Periklis Chatzimisios,et al.  IEEE 802.11 packet delay-a finite retry limit analysis , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[13]  Yusuf Bhaiji Network Security Technologies and Solutions , 2008 .

[14]  Sukumar Nandi,et al.  Modeling the short-term unfairness of IEEE 802.11 in presence of hidden terminals , 2004, Perform. Evaluation.

[15]  Hai Le Vu,et al.  MAC Access Delay of IEEE 802.11 DCF , 2007, IEEE Transactions on Wireless Communications.

[16]  Danilo Bruschi,et al.  S-ARP: a secure address resolution protocol , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[17]  Elaine Shi,et al.  Portcullis: protecting connection setup from denial-of-capability attacks , 2007, SIGCOMM '07.

[18]  Bojan Zdrnja,et al.  Malicious JavaScript Insertion through ARP Poisoning Attacks , 2009, IEEE Security & Privacy.

[19]  Patrick D. McDaniel,et al.  TARP: ticket-based address resolution protocol , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[20]  Elaine Shi,et al.  Portcullis: protecting connection setup from denial-of-capability attacks , 2007, SIGCOMM 2007.

[21]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.