An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks

The address resolution protocol (ARP) is used by computers to map network addresses (IP) to physical addresses (MAC). The protocol has proved to work well under regular circumstances, but it was not designed to cope with malicious hosts. By performing ARP cache poisoning or ARP spoofing attacks, an intruder can impersonate another host (man-in-the-middle attack) and gain access to sensitive information. Several schemes to mitigate, detect and prevent these attacks have been proposed, but each has its limitations. In this paper we analyze each of these schemes, identify their strengths and weaknesses, and propose guidelines for the design of an alternative and (arguably) better solution to the problem of ARP cache poisoning.

[1]  Terry Bradley,et al.  Inverse Address Resolution Protocol , 1992, RFC.

[2]  Patrick D. McDaniel,et al.  TARP: ticket-based address resolution protocol , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[3]  Chin-Tser Huang,et al.  A secure address resolution protocol , 2003, Comput. Networks.

[4]  Partha Dutta,et al.  A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[5]  Vipul Goyal,et al.  An Efficient Solution to the ARP Cache Poisoning Problem , 2005, ACISP.

[6]  27th International Conference on Distributed Computing Systems Workshops (ICDCS 2007 Workshops), June 25-29, 2007, Toronto, Ontario, Canada , 2007, ICDCS Workshops.

[7]  Smoot Carl-Mitchell,et al.  Using ARP to implement transparent subnet gateways , 1987, RFC.

[8]  Sophie Engle,et al.  AN INTRODUCTION TO ARP SPOOFING , 2001 .

[9]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[10]  Danilo Bruschi,et al.  S-ARP: a secure address resolution protocol , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..