Thwarting Address Resolution Protocol Poisoning using Man In The Middle Attack in WLAN

The Address Resolution Protocol (ARP) takes the IP address and determines the corresponding MAC address through a broadcast reply mechanism. ARP poisoning can be done though a Man in the Middle (MITM) attack. In this paper, we present a trust based mechanism for addressing the problem of MITBM based ARP poisoning in a WLAN. The problem of ARP poisoning becomes acute in the wireless LAN environment due limited bandwidth, computation and memory, intermittent connectivity of nodes and the shared nature of the wireless broadcast channel. The resource constraints preclude employment of cryptographic primitives for authentication. The volatile connectivity and the possibility of continual arrival and departure from the networks makes manual configuration difficult. The proposed solution allows pairing of an IP address with multiple MAC addresses. This mapping prioritized according to an online trust mechanism. The implementation only requires the devices in the network to update their kernel with the modified ARP scheme. To determine the efficacy of the proposed method, it was implemented in FreeBSD kernel and tested for the successful prevention of MITM based ARP poisoning attack in a WLAN network.

[1]  Patrick D. McDaniel,et al.  TARP: Ticket-based Address Resolution Protocol , 2005, ACSAC.

[2]  C. Laymon A. study , 2018, Predication and Ontology.

[3]  Dijiang Huang,et al.  Using Power Hopping to Counter MAC Spoof Attacks in WLAN , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[4]  Danilo Bruschi,et al.  S-ARP: a secure address resolution protocol , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[5]  Wu Liu,et al.  Weakness analysis and attack test for WLAN , 2010, The 2010 International Conference on Green Circuits and Systems.

[6]  Audun Jøsang,et al.  AIS Electronic Library (AISeL) , 2017 .

[7]  Ying Wang,et al.  Practical Defense against WEP and WPA-PSK Attack for WLAN , 2010, 2010 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM).

[8]  Partha Dutta,et al.  A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[9]  Wassim El-Hajj,et al.  Using a Fuzzy Logic Controller to Thwart Data Link Layer Attacks in Ethernet Networks , 2007, 2007 IEEE Wireless Communications and Networking Conference.

[10]  Cristina L. Abad,et al.  An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks , 2007, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07).

[11]  Dongwon Kim,et al.  Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks , 2010, IEEE Communications Letters.

[12]  Jiantao Gu,et al.  Research on WLAN security technology based on IEEE 802.11 , 2011, 2011 3rd International Conference on Advanced Computer Control.

[13]  Shefalika Ghosh Samaddar,et al.  Different flavours of Man-In-The-Middle attack, consequences and feasible solutions , 2010 .

[14]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[15]  Azzedine Boukerche,et al.  Trust-based security for wireless ad hoc and sensor networks , 2007, Comput. Commun..

[16]  S. Selvakumar,et al.  Genuine ARP (GARP): a broadcast based stateful authentication protocol , 2011, SOEN.

[17]  Chin-Tser Huang,et al.  A secure address resolution protocol , 2003, Comput. Networks.

[18]  Lin Gao,et al.  A new client-puzzle based DoS-resistant scheme of IEEE 802.11i wireless authentication protocol , 2010, 2010 3rd International Conference on Biomedical Engineering and Informatics.

[19]  Cristina L. Abad,et al.  Preventing ARP cache poisoning attacks: A proof of concept using OpenWrt , 2009, 2009 Latin American Network Operations and Management Symposium.

[20]  Hyunuk Hwang,et al.  A Study on MITM (Man in the Middle) Vulnerability in Wireless Network Using 802.1X and EAP , 2008, 2008 International Conference on Information Science and Security (ICISS 2008).