Research Article DS-ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments

Similar documents
ARP SPOOFING Attack in Real Time Environment

P-ARP: A novel enhanced authentication scheme for securing ARP

SDN-based Defending against ARP Poisoning Attack

An Approach to Addressing ARP Spoof Using a Trusted Server. Yu-feng CHEN and Hao QIN

Two Methods for Active Detection and Prevention of Sophisticated ARP-Poisoning Man-in-the-Middle Attacks on Switched Ethernet LANs

An Efficient and Secure Solution for the Problems of ARP Cache Poisoning Attacks

Computer Network Routing Challenges Associated to Tackle Resolution Protocol

Satya P Kumar Somayajula et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 2 (4), 2011,

Securing ARP and DHCP for mitigating link layer attacks

CSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers

A Framework for Optimizing IP over Ethernet Naming System

A Study on Intrusion Detection Techniques in a TCP/IP Environment

ARP Inspection and the MAC Address Table for Transparent Firewall Mode

Distributed CoAP Handover Using Distributed Mobility Agents in Internet-of-Things Networks

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Keywords: ARP Protocol; ARP Cache; ARP Spoofing Attack; Reverse ARP Poisoning, Active IP Probing

Development of IDS for Detecting ARP Attack using DES Model

A Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art

ICS 451: Today's plan

ARP Inspection and the MAC Address Table

A Host Protection Framework Against Unauthorized Access for Ensuring Network Survivability

A New Logging-based IP Traceback Approach using Data Mining Techniques

CSE 565 Computer Security Fall 2018

AN INTRODUCTION TO ARP SPOOFING

Security Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router

ARP Spoofing And Mitigations

Prevention of Phishing and ARP Cache Poisoning in Man-In-The-Middle Attacks by using ARP Cache Management

Using a Fuzzy Logic Controller to Thwart Data Link Layer Attacks in Ethernet Networks

Cache poisoning in S-ARP and Modifications

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

Mitigating ARP poisoning-based man-in-themiddle attacks in wired or wireless LAN

Enhance the Security and Performance of IP over Ethernet Networks by Reduction the Naming System Design

Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks

CSE 127: Computer Security Network Security. Kirill Levchenko

Adopting Innovative Detection Technique To Detect ICMPv6 Based Vulnerability Attacks

VLAN Hopping, ARP Poisoning, and Man-In-TheMiddle Attacks in Virtualized Environments

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks

Research Article Implementation of Personal Health Device Communication Protocol Applying ISO/IEEE

20-CS Cyber Defense Overview Fall, Network Basics

PrECast: An Efficient Crypto-Free Solution for Broadcast-Based Attacks in IPv4 Networks. and Eric Pardede ID

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

A Comparative study of On-Demand Data Delivery with Tables Driven and On-Demand Protocols for Mobile Ad-Hoc Network

(In)security of ecient tree-based group key agreement using bilinear map

Robust EC-PAKA Protocol for Wireless Mobile Networks

Towards Layer 2 Authentication: Preventing Attacks based on Address Resolution Protocol Spoofing

MOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS

Man in the middle. Bởi: Hung Tran

A Host Protection Framework Against Unauthorized Access for Ensuring Network Survivability

Introduction and Statement of the Problem

Detecting and Preventing Network Address Spoofing

FHT: A Novel Approach for Filtering High-Availability Seamless Redundancy (HSR) Traffic

Research Article MFT-MAC: A Duty-Cycle MAC Protocol Using Multiframe Transmission for Wireless Sensor Networks

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

CSC 574 Computer and Network Security. TCP/IP Security

A Survey of BGP Security Review

Defending MANET against Blackhole Attackusing Modified AODV

Basic Concepts in Intrusion Detection

TSCBA-A Mitigation System for ARP Cache Poisoning Attacks

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks

CIS 5373 Systems Security

NETWORK SECURITY. Ch. 3: Network Attacks

Title : Cross-validation based man-in-the-middle attack protection

Configuring ARP CHAPTER4

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

CSc 466/566. Computer Security. 18 : Network Security Introduction

A Study on the Communication Agent Model for One-way Data Transfer System

Extending NTOP feature to detect ARP spoofing

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Chapter 5: Ethernet. Introduction to Networks - R&S 6.0. Cisco Networking Academy. Mind Wide Open

Switching & ARP Week 3

IPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC

Optimized Paging Cache Mappings for efficient location management Hyun Jun Lee, Myoung Chul Jung, and Jai Yong Lee

Low Overhead Geometric On-demand Routing Protocol for Mobile Ad Hoc Networks

Man In The Middle Project completed by: John Ouimet and Kyle Newman

DELVING INTO SECURITY

[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor

Efficient RFID Authentication protocol for Ubiquitous Computing Environment

Providing Security to the Architecture of Presence Servers

A Secure Wireless LAN Access Technique for Home Network

Configuring ARP CHAPTER 5

Threats in Optical Burst Switched Network

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Secure Transmission for Interactive Three-Dimensional Visualization System

Operation Manual ARP H3C S5500-SI Series Ethernet Switches. Table of Contents

Wireless Network Security Spring 2016

Secure Initial Access Authentication in WLAN

Ruijie Anti-ARP Spoofing

IPv6 migration challenges and Security

The new method to prevent ARP spoofing based on 802.1X protocol. Qinggui Hu

Address Resolution Protocol (ARP), RFC 826

Improvement of Address Resolution Security in IPv6 Local Network using Trust-ND

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

A Review on various Location Management and Update Mechanisms in Mobile Communication

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

(Submit to Bright Internet Global Summit - BIGS)

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Transcription:

Hindawi Publishing Corporation e Scientific World Journal Volume 2014, Article ID 264654, 7 pages http://dx.doi.org/10.1155/2014/264654 Research Article DS-ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments Min Su Song, 1 Jae Dong Lee, 1 Young-Sik Jeong, 2 Hwa-Young Jeong, 3 and Jong Hyuk Park 1 1 Department of Computer Science and Engineering, SeoulTech, Seoul 139-743, Republic of Korea 2 Department of Multimedia Engineering, Dongguk University, Seoul 100-715, Republic of Korea 3 Humanitas College, Kyung Hee University, Seoul 130-701, Republic of Korea Correspondence should be addressed to Jong Hyuk Park; parkjonghyuk1@hotmail.com Received 19 April 2014; Accepted 11 June 2014; Published 27 August 2014 Academic Editor: Han-Chieh Chao Copyright 2014 Min Su Song et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Despite the convenience, ubiquitous computing suffers from many threats and security risks. Security considerations in the ubiquitous network are required to create enriched and more secure ubiquitous environments. The address resolution protocol (ARP) is a protocol used to identify the IP address and the physical address of the associated network card. ARP is designed to work without problems in general environments. However, since it does not include security measures against malicious attacks, in its design, an attacker can impersonate another host using ARP spoofing or access important information. In this paper, we propose a new detection scheme for ARP spoofing attacks using a routing trace, which can be used to protect the internal network. Tracing routing can find the change of network movement path. The proposed scheme provides high constancy and compatibility because it does not alter the ARP protocol. In addition, it is simple and stable, as it does not use a complex algorithm or impose extra load on the computer system. 1. Introduction Ubiquitous computing has been perceived as the new paradigm for a comfortable life in recent times. In particular, the use of smart applications has greatly increased. However, a growing number of security concerns in this environment have emerged at the same time. Ubiquitous environments always need connected networks. Therefore, one of the important considerations in ubiquitous environments is network security. A secure network can maintain rich ubiquitous environments. Therefore, security considerations in the ubiquitous networks are required. An ARP spoofing attack is an attack in which the media access control (MAC) address of a computer is masqueraded as that of another. Although various studies have addressed ARP spoofing attack detection, and presented countermeasure plans, there are numerous fundamental difficulties in finding an optimized solution. Countermeasure schemes, such as the cache table static management, S-ARP, T-ARP, andarptableserversynchronizationmethod,havebeen presented. Nevertheless, because of various reasons, such as compatibility with the existing network configurations, protocols, and administrative overhead, applying these schemes poses difficulties. In this paper, we present a new detection scheme for ARP spoofing attacks using local network information and a routing trace, which can protect the internal network from ARP spoofing. The detection is composed of ARP Cache Table periodic surveillance and Routing trace. Additional network configuration and protocol change are not required in the proposed scheme, since it does not increase the system and network overhead. The remainder of this paper is organized as follows. Section 2 discusses related studies including problems in ARP spoofing, security requirements, and existing research. Section 3 introduces a new detection scheme for ARP spoofing using a routing trace. Finally, Section 4 presents concluding remarks and briefly discusses the scope for further research. 2. Related Work ARP is used to map the MAC physical address and the IP network address, as presented in Figure 1. When a host

2 The Scientific World Journal Host X IP address x.x.x.x Host Y Host X MAC address xx:xx:xx:xx:xx:xx Host Y Request Reply (a) ARP request (Broadcast) (b) ARP reply (Unicast) Figure 1: ARP request/reply protocol. on a local network wants to know the MAC address of the corresponding IP address, it broadcasts an ARP request messagetoallthehostsconnectedtothenetwork.allhosts receive the ARP request, and the host with the information on the requested IP address and MAC address will reply with the IP, MAC pair information via unicast [1]. This IP, MAC pair information is efficiently managed through the ARP cache table. Typically, ARP cache entries expire after 20-minute intervals, and in some operating systems, the expiration timer is reset. As shown in Figure 1, Host Y sends an ARP request message to all the hosts connected to the local network to get the MAC address of Host X. Host X sends the ARP reply message, its IP, MAC pair information, to Host Y via unicast [2, 3]. 2.1. Problems in ARP and ARP Spoofing. As ARP updates the host s ARP cache table in the absence of reliable mutual agreement procedures while transmitting the request/reply messages, it has a few fundamental security problems. ARP spoofing attacks are described as follows [4]. (i) Block host: an attacker, using the ARP spoofing technique, can change the ARP cache table. The packets sent by the host, in which the ARP cache table is changed, do not reach the real destination address but reach the attacker. Thus, the host network can be blocked by the attacker. (ii) Host impersonation: an attacker can impersonate a host, and, by doing so, can discard the host s packet and cancel the host s request. (iii) Man-in-the-middle (MITM) attack: an attacker can change the ARP cache table of two hosts and monitor the communication between them. 2.2. Security Requirements for an Ideal Solution. We can consider the following security requirements as the response scheme for ARP spoofing attacks [3]. (1) costs of hosts should be controlled. (2) The cryptographic processing, which can lower the performance of ARP, should be minimized. (3) Prevention and block should be detected with timely warnings, which will alert the administrator about the attack situation. (4) The solution has to be universal and easily applicable. (5) Hardware costs should be minimized. (6) The solution has to be compatible with ARP. (7) It should not slow down the ARP request/reply communications. (8) If possible, it should consider all the ARP attacks. (9)Thenetworktrafficshouldbecontained. 2.3. Existing Research. Gouda and Huang [5] proposeda structure that resolves the security problems of MAC address and IP address within the Ethernet. The proposed scheme consists of a security server whose two protocols, Inviteaccept and Request-reply, are connected to all hosts. Each host checks, through Invite-accept and Request-reply, the IP address and MAC address from the security server, thereby enhancingsecurity[5]. Secure ARP (S-ARP) uses the public and private key pair, authorized through an asymmetric encryption algorithm. All hosts create public and private key pairs during the initial contact of the network and send them with signed certificates to the authoritative key distributor (AKD). Thus, an ARP spoofing attack can be prevented by identifying whether the transmitted request is from a valid user [6]. Theportsecurityschemeproposesaformofsecurity using a physical port at the MAC address formed at the switch. Port security can be an effective defense against an attacker who replicates a MAC address. This scheme can definitely protect hosts from MAC-hijacking-type attacks [2, 3]. Dynamic ARP inspection (DAI) is a scheme that can only be used with certain switch types. DAI solves security problems by preventing invalid or malicious ARP packets that are delivered from the network. It identifies whether the ARP packet is valid by comparing the packet at the switch, before it is delivered. If a security problem is detected, the packet is deleted [2, 3]. The ticket-based address resolution protocol (T-ARP) defends ARP spoofing by distributing the centrally secured IP address and MAC

The Scientific World Journal 3 DS-ARP agent Protection DS-ARP server Detection Audit DS-ARP agent Protection Detection Report DS-ARP server DS-ARP agent A Audit Network Report DS-ARP agent Protection Detection DS-ARP server DS-ARP agent B Figure 2: Overall architecture of the DS-ARP scheme. address mapping proof. This proof, called ticket, is delivered to the client when it approaches the network. Unlike other public key methods, this protocol can reduce costs [7]. Xing et al. proposed a scheme to capture and filter ARP packets using the WinPcap library. This method involves collecting ARP packets through a WinPcap filtering setting. If the collected ARP packet has a valid value, the ARP cache table is updated [8]. Ramachandran and Nandi proposed a scheme for detecting ARP spoofing through the mismatch of the ARP request/response packet and the IP, MAC pair of TCP SYN. When the information in an ARP request/response packet is different from that of the IP, MAC, and the TCP connection is made, ARP spoofing is assumed. Following this, all attack packets are dropped and reported to the server [9]. P-ARP proposed by Limmaneewichid and Lilakiatsakun [10] modifies only the confirmed ARP packet, an ARP protocol 28-byte ARP message with an 18-byte authentication data ARP trailer attached [10]. ASA is set to static all the Link Type of ARP Cache Table. ASA is not use the ARP Filter Driver of Kernel layer and directly update using encrypted ARP information in ASA agent [11]. 3. DS-ARP Scheme In this section, the proposed detection scheme for ARP spoofing attack using a routing trace, namely detection scheme for ARP spoofing (DS-ARP), is discussed in detail. 3.1. Architecture. The architecture of the proposed scheme can be divided into the agent and server side. Detection and protection are the key technologies involved, as shown in Figure 2. Detection periodically keeps the updated state of the ARP cache table under surveillance. When the ARP cache table is updated, the DS-ARP performs a routing trace to Table 1: Description of Acronym. Acronym ACTMM PSM TRV ACTM ACTR Database Description ARP cache table monitor manger Packet send manager Trace routing validation ARP cache table manager ARP cache table repository Database identify the corresponding IP, MAC pair information. If an ARP spoofing attack is suspected, it reports to the server and initiates the protection process. It also converts the corresponding IP, MAC pair ARP type to static mode. Table 1 shows the description of acronym. 3.2. Operation Process of DS-ARP. The detection module periodically keeps the ARP cache table under surveillance and checks changed items. Once a change in the ARP cache table is identified, the DS-ARP determines whether an ARP spoofing attack has taken place through a routing trace. The protection module converts the IP, MAC pair information, which is changed, by the ARP spoofing attack in the ARP cache table list, to the previous state. It prevents ARP spoofing attacks by changing the link type from a dynamic state to a static state. Step 1 (Detection). See Figure 3. A ACTMM (ARP cache table surveillance). ACTM periodically monitors the ARP cache table and the information in the host network. B ACTMM PSM (sending the ACT changed identity). The changed information in the ARP cache table is transmitted to PSM using ACTMM.

4 The Scientific World Journal Table 2: Comparisons of current schemes versus the proposed scheme. Classification T-ARP [7] Xing[10] P-ARP[12] ASA[7] DS-ARP Host cost minimization I I Cryptographic technique minimization I Warning/detection effectiveness Universality, easy applicability I I I Hardware costs minimization I ARP compatibility ARP speed I I Network loading Security I :Strong,I: Medium, :Weak. ACTMM PSM TRV 1. ACT cache table surveillance 2. Sending the ACT changed identity 3. Sending an ICMP packet 4. Sending the ICMP result 5. ICMP validation Figure 3: Protocol for the detection stages. C PSM (sending an ICMP packet). PSM sends the ICMP packet in which the TTL value is increased to TRV. D PSM TRV (sending the ICMP result). PSM sends the resultant values of ICMP response to TRV. E TRV (ICMP validation). TRV checks the moving path of the ICMP and identifies ARP spoofing attacks. Step 2 (Protection). See Figure 4. A ACTM (changing the ARP link type). ACTMN protects the host by changing the ARP link type of the corresponding IP, MAC pair from a dynamic mode to a static mode. B ACTM ACTR (requesting for the IP, MAC pair). ACTM requests the ACTR for the normal IP, MAC pair, that is, before it was changed. C ACTR ACTM (responding with the IP, MAC pair). ACTR responds to ACTM with the normal IP, MAC pair before the pair was changed. D ACTM (changing the IP, MAC pair). ACTM applies the normal IP, MAC pair to the ARP cache table. E ACTM Database (sending information regarding the victim host). ACTM sends information regarding thevictimhosttothedatabase. F Database (update). Database updates the information about the victim host to the ARP spoofing attacked state. 3.3. Analyses of the Proposed DS-ARP. In this section, we analyze the existing schemes and the proposed DS-ARP based on the security requirements described in Section 2.2. A comparison of current schemes versus the proposed scheme is shown in Table 2. The scheme of using the WinPcap library by Xing et al. has the disadvantage of continuously monitoring the ARP packets and repeatedly comparing them with local information. The scheme proposed by Ramachandran and Nandi causes excessive traffic in the network. Although S-ARP and T-ARP are the most infallible schemes for preventing ARP spoofing, using a pair of authorized keys, their disadvantage is the requirement of an ARP protocol change. Port security cannot be a perfect solution, as it is vulnerable to MITM attacks. The DAI has a drawback in that the network configuration and switches need to be changed. Limmaneewichid and Lilakiatsakun proposed an effective scheme that ensures the integrity of the ARP packet. However this scheme slows down the network to an unacceptable level. Abad and Bonilla defined the requirements to be fulfilled by the ARP spoofing solution schemes. Based on these requirements, the existing schemes and the scheme proposed in this study are compared in Table 2. The existing schemes can increase the system and network load. In addition, they either are hardwaredependent or perform limited ARP spoofing detection. Furthermore, the current schemes influence the speed of ARP or resultinadirectoverheadonthenetwork,andtheyarenot easy to use because of their universal disadvantages. ASA is not compatible with ARP.

The Scientific World Journal 5 ACTM ACTR Database 1. Changing the ARP link type 2. Requesting for the <IP, MAC> pair 3. Responding with the <IP, MAC> pair 4. Changing the <IP,MAC>pair 5. Sending information regarding the victim host 6. Update Figure 4: Protocol for the protection stages. 192.168.1.1 00-11-22-33-44-AA ARP spoofing Host A Attacker Host B 192.168.1.11 192.168.1.22 192.168.1.33 00-11-22-33-44-BB 00-11-22-33-44-CC 00-11-22-33-44-DD ARP table 192.168.1.1 00-11-22-33-44-AA dynamic 192.168.1.22 00-11-22-33-44-CC dynamic 192.168.1.33 00-11-22-33-44-CC dynamic Figure 5: ARP spoofing detection. The proposed DS-ARP can overcome the problems of the existing schemes and it offers a simple and high-performance solution. The detection and protection scenario for the proposed scheme is discussed in the following two steps. Step 1 (Detection). When the network is attacked through ARP spoofing, the moving path of the network bypasses the attacker s host and passes the gateway. As shown in Figure 5, ifthereisachangeinthearpcachetableandthegatewayof Host A s network information does not move to the primary path through network routing tracing, it can be deemed that an ARP spoofing attack has taken place in the network. The routing tracing of the network uses the timeexceeded ICMP message of the ICMP protocol. The TTL value of ICMP decreases with each pass through the router. In other words, if the packet is sent after setting the TTL value to one, the first router on the path will cause the timeexceeded message to return. The network path can be traced by increasing the TTL value. Step2(Protection).Once it is deemed that an ARP spoofing attack has taken place, the changed IP, MAC pair of the ARP cache table is restored to that stored in the memory and is converted to static. An ARP spoofing warning is sent to the server. Figure 6 explains a case of the ARP spoofing detection. 4. Conclusion We discussed a new detection scheme for ARP spoofing attacks based on routing trace for ubiquitous environments in this paper. This scheme detects ARP attacks through realtime monitoring of the ARP cache table and a routing trace

6 The Scientific World Journal Administrator 192.168.1.1 00-11-22-33-44-AA Host A Attacker Host B 192.168.1.11 00-11-22-33-44-BB 192.168.1.22 00-11-22-33-44-CC 192.168.1.33 00-11-22-33-44-DD ARP table 192.168.1.1 00-11-22-33-44-AA dynamic 192.168.1.22 00-11-22-33-44-CC dynamic 192.168.1.33 00-11-22-33-44-CC static ARP table 192.168.1.1 00-11-22-33-44-AA dynamic 192.168.1.22 00-11-22-33-44-CC dynamic 192.168.1.33 00-11-22-33-44-CC static Figure 6: ARP spoofing protection. and protects the hosts from attackers through ARP Link Type Control which changes from dynamic to static. In addition, it can solve problems such as host impersonation, man-in-the-middle attack, and block of host. And also, the proposed scheme does not require an ARP protocol change or a complex encryption algorithm; moreover, it does not cause high system load. Despite the various solutions presented in this paper, new attack techniques can still cause new security problems, since the ARP protocol has a few basic weaknesses. Therefore, further studies on resolving the fundamental security vulnerabilities of the ARP protocol are required. Conflict of Interests The authors declare that there is no conflict of interests regarding the publication of this paper. Acknowledgments This research was supported by the MSIP (Ministry of Science, ICT, and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (NIPA-2014-H0301-14-1021), supervised by the NIPA (National IT Industry Promotion Agency). References [1] R. Philip, Securing wireless networks from ARP cache poisoning [M.S. thesis], San Jose State University, 2007. [2] C. L. Abad and R. I. Bonilla, An analysis on the schemes for detecting and preventing ARP cache poisoning attacks, in Proceeding of the 27th International Conference on Distributed Computing Systems Workshops (ICDCSW '07),pp.22 29, Toronto, Canada, June 2007. [3] S.Y.Nam,S.Djuraev,andM.Park, Collaborativeapproachto mitigating ARP poisoning-based Man-in-the-Middle attacks, Computer Networks,vol.57,pp.3866 3884,2013. [4] L.Wu,T.Yu,D.Wu,andJ.Cheng, TheResearchandImplementation of ARP Monitoring and Protection, in Proceedings of the International Conference on Internet Technology and Applications (itap 11), pp. 1 4, Wuhan, China, August 2011. [5] M. G. Gouda and C.-T. Huang, A secure address resolution protocol, Computer Networks, vol. 41, no. 1, pp. 57 71, 2003. [6] D. Bruschi, A. Ornaghi, and E. Rosti, S-ARP: a secure address resolution protocol, in Proceedings of the Computer Security Applications Conference, pp. 66 74, December 2003.

The Scientific World Journal 7 [7] W. Lootah, W. Enck, and P. McDaniel, TARP: ticket-based address resolution protocol, Computer Networks, vol. 51, no. 15, pp. 4322 4337, 2007. [8] W. Xing, Y. Zhao, and T. Li, Research on the defense against ARP spoofing attacks based on Winpcap, in Proceedings of the 2nd International Workshop on Education Technology and Computer Science (ETCS 10), pp. 762 765, March 2010. [9] V. Ramachandran and S. Nandi, Detecting ARP Spoofing: an active technique, Information Systems Security, vol. 3803, pp. 239 250, 2005. [10] P. Limmaneewichid and W. Lilakiatsakun, P-ARP: a novel enhanced authentication scheme for securing ARP, in Proceedings of the International Conference on Telecommunication Technology and Applications,vol.5,pp.83 87,May2011. [11] M. Oh, Y.-G. Kim, S. Hong, and S. Cha, ASA: agent-based secure ARP cache management, IET Communications, vol. 6, no.7,pp.685 693,2012. [12] A. P. Ortega, X. E. Marcos, L. D. Chiang, and C. L. Abad, Preventing ARP cache poisoning attacks: a proof of concept using OpenWrt, in Proceedings of the 6th IEEE/IFIP Latin American Network Operations and Symposium (LANOMS 09), pp. 1 9, October 2009.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback