research-article

Securing ARP/NDP From the Ground Up

Authors:

Dave Jing Tian,

Kevin R. B. Butler,

Joseph I. Choi,

Patrick McDaniel,

Padma KrishnaswamyAuthors Info & Claims

IEEE Transactions on Information Forensics and Security, Volume 12, Issue 9

Pages 2131 - 2143

https://doi.org/10.1109/TIFS.2017.2695983

Published: 01 September 2017 Publication History

Abstract

The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device’s media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces <italic>arpsec</italic>, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host’s ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (<italic>ndpsec</italic>) by extension of our previous work. Using commodity TPMs as our attestation base, we show that <italic>arpsec</italic> incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.

References

[1]

A. AlSa’deh and C. Meinel, “Secure neighbor discovery: Review, challenges, perspectives, and recommendations,” IEEE Security Privacy, vol. 10, no. 4, pp. 26–34, Jul./Aug. 2012.

Digital Library

[2]

I. Anati, S. Gueron, S. Johnson, and V. R. Scarlata, “Innovative technology for CPU based attestation and sealing,” in Proc. Workshop Hardw. Archit. Support Secur. Privacy (HASP), vol. 13. 2013.

[3]

J. Arkko, J. Kempf, B. Zill, and P. Nikander. (Mar. 2005). SEcure Neighbor Discovery (SEND). [Online]. Available: http://tools.ietf.org/html/rfc3971

Digital Library

[4]

F. Beck, T. Cholez, O. Festor, and I. Chrisment, “Monitoring the neighbor discovery protocol,” in Proc. 2nd Int. Workshop IPv6 Today-Technol. Deployment (IPv6TD), 2007, p. 57.

[5]

S. M. Bellovin, “Security problems in the TCP/IP protocol suite,” ACM SIGCOMM Comput. Commun. Rev., vol. 19, no. 2, pp. 32–48, Apr. 1989.

Digital Library

[6]

D. Bruschi, A. Ornaghi, and E. Rosti, “S-ARP: A secure address resolution protocol,” in Proc. 19th Annu. Comput. Secur. Appl. Conf. (ACSAC), 2003, pp. 66–74.

[7]

T. Cheneau. (2013). NDprotector. [Online]. Available: https://github.com/tcheneau/NDprotector

[8]

S. Chiu. (Apr. 2013). Easy-SEND. [Online]. Available: https://sourceforge.net/projects/easy-send/

[9]

D. Diaz et al. The GNU Prolog Web Site, accessed on Apr. 2017. [Online]. Available: http://gprolog.org/

[10]

J. Duncan. (Nov. 2011). IPv6 Secure Neighbor Discovery (SeND) and CGA. [Online]. Available: http://www.rmv6tf.org/wp-content/uploads/2012/11/IPv6_SeND_PPT1.pdf

[11]

R. Finlayson, T. Mann, J. Mogul, and M. Theimer. (Jun. 1984). A Reverse Address Resolution Protocol. [Online]. Available: http://tools.ietf.org/rfc/rfc903.txt

Digital Library

[12]

S. Frankel, R. Graveman, J. Pearce, and M. Rooks. (2010). Guidelines for the secure deployment of IPv6. NIST. [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf

Digital Library

[13]

Huawei Technologies. (Dec. 2009). IPv6-Send-CGA. [Online]. Available: https://code.google.com/archive/p/ipv6-send-cga/

[14]

Intel Software Guard Extensions Enclave Writer’s Guide. Revision 1.02, Intel Corp., Santa Clara, CA, USA, 2015.

[15]

B. Issac, “Secure ARP and secure DHCP protocols to mitigate security attacks,” Int. J. Netw. Secur., vol. 8, pp. 107–118, Mar. 2009.

[16]

T. Jaeger, R. Sailer, and U. Shankar, “PRIMA: Policy-reduced integrity measurement architecture,” in Proc. 11th ACM Symp. Access Control Models Technol. (SACMAT), 2006, pp. 19–28.

[17]

B. Kauer, “OSLO: Improving the security of trusted computing,” in Proc. 16th USENIX Secur. Symp., 2007, pp. 1–9.

[18]

S. Kent. (Dec. 2005). IP Authentication Header. [Online]. Available: https://tools.ietf.org/html/rfc4302

Digital Library

[19]

S. Kent. (Dec. 2005). IP Encapsulating Security Payload (ESP). [Online]. Available: http://tools.ietf.org/html/rfc4303

Digital Library

[20]

S. Kent and K. Seo. (Dec. 2005). Security Architecture for the Internet Protocol. [Online]. Available: http://tools.ietf.org/rfc/rfc4301

Digital Library

[21]

Lawrence Berkeley National Laboratory Network Research Group. (2006). arpwatch: The Ethernet Monitor Program. [Online]. Available: http://ee.lbl.gov/

[22]

E. Levy-Abegnoli, G. van de Velde, C. Popoviciu, and J. Mohacsi. (Feb. 2011). IPv6 Router Advertisement Guard. [Online]. Available: https://tools.ietf.org/html/rfc6105

[23]

W. Lootah, W. Enck, and P. McDaniel, “TARP: Ticket-based address resolution protocol,” in Proc. 21st Annu. Comput. Secur. Appl. Conf. (ACSAC), 2005, pp. 108–116.

[24]

J. M. McCune et al., “TrustVisor: Efficient TCB reduction and attestation,” in Proc. 31st IEEE Symp. Secur. Privacy (IEEE S&P), May 2010, pp. 143–158.

[25]

J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, “Flicker: An execution infrastructure for TCB minimization,” in Proc. 3rd ACM Eur. Conf. Comput. Syst. (EuroSys), 2008, pp. 315–328.

[26]

M. Technet. Address Resolution Protocol, accessed on Apr. 2017. [Online]. Available:http://technet.microsoft.com/en-us/library/cc940021.aspx

[27]

T. Narten, E. Nordmark, W. Simpson, and H. Soliman. (Sep. 2007). Neighbor Discovery for IP Version 6 (IPv6). [Online]. Available: https://tools.ietf.org/html/rfc4861

Digital Library

[28]

J. Nathan. (2004). Nemesis. [Online]. Available: http://nemesis.sourceforge.net/

[29]

P. Nikander, J. Kempf, and E. Nordmark. (May 2004). IPv6 Neighbor Discovery (ND) Trust Models and Threats. [Online]. Available: https://tools.ietf.org/html/rfc3756

Digital Library

[30]

A. Ornaghi and M. Valleri. (2003). Man in the middle attacks Demos. Blackhat. [Online]. Available: http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf

[31]

A. P. Ortega, X. E. Marcos, L. D. Chiang, and C. L. Abad, “Preventing ARP cache poisoning attacks: A proof of concept using OpenWrt,” in Proc. 6th Latin Amer. Netw. Oper. Manage. Symp. (LANOMS), 2009, pp. 1–9.

[32]

B. Parno, “Bootstrapping trust in a ‘trusted’ platform,” in Proc. 3rd USENIX Summit Hot Topics Secur. (HotSec), 2008, pp. 1–6.

[33]

A. D. Pasquale. (2008). ArpOn: ARP Handler Inspection. [Online]. Available: http://arpon.sourceforge.net/index.html

[34]

R. Perez, R. Sailer, and L. van Doorn, “vTPM: Virtualizing the trusted platform module,” in Proc. 15th USENIX Security Symp., 2006, pp. 305–320.

[35]

K. Perumal and M. J. P. J. Priya, “Trust based security enhancement mechanism for neighbor discovery protocol in IPv6,” Int. J. Appl. Eng. Res., vol. 11, no. 7, pp. 4787–4796, 2016.

[36]

D. C. Plummer. (Nov. 1982). An Ethernet Address Resolution Protocol or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware. [Online]. Available: http://tools.ietf.org/search/rfc826

Digital Library

[37]

H. Rafiee, A. AlSa’deh, and C. Meinel, “WinSEND: Windows secure neighbor discovery,” in Proc. 4th Int. Conf. Security Inf. Netw. (SIN), 2011, pp. 243–246.

[38]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, “Design and implementation of a TCG-based integrity measurement architecture,” In Proc. 13th USENIX Secur. Symp., 2004, pp. 1–17.

[39]

J. Schmitz, J. Loew, J. Elwell, D. Ponomarev, and N. Abu-Ghazaleh, “TPM-SIM: A framework for performance evaluation of trusted platform modules,” in Proc. 48th Design Autom. Conf. (DAC), 2011, pp. 236–241.

[40]

C. Schridde, M. Smith, and B. Freisleben, “TrueIP: Prevention of IP spoofing attacks using identity-based cryptography,” in Proc. 2nd Int. Conf. Secur. Inf. Netw. (SIN), 2009, pp. 128–137.

[41]

L. Senecal, “Understanding and preventing attacks at layer 2 of the OSI reference model,” in Proc. 4th Annu. Commun. Netw. Services Res. Conf. (CNSR), May 2006, pp. 6–8.

[42]

D. Song. (2000). Dsniff. [Online]. Available: http://monkey.org/~dugsong/dsniff/

[43]

Symantec. (Dec. 20, 2000). Solaris Kernel Tuning for Security. http://www.symantec.com/connect/articles/solaris-kernel-tuning-security

[44]

C. Tarnovsky, “Deconstructing a ‘secure’ processor,” Black Hat Briefings Federal, Washington, DC, USA, Feb. 2010.

[45]

J. D. Tian, K. R. B. Butler, P. D. McDaniel, and P. Krishnaswamy, “Securing ARP from the ground up,” in Proc. 5th ACM Conf. Data Appl. Secur. Privacy (CODASPY), 2015, pp. 305–312.

[46]

M. V. Tripunitara and P. Dutta, “A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning,” in Proc. 15th Annu. Comput. Secur. Appl. Conf. (ACSAC), 1999, pp. 303–309.

[47]

TrouSerS. The Open-Source TCG Software Stack, accessed on Apr. 2017. [Online]. Available: http://trousers.sourceforge.net/

[48]

Trusted Computing Group. TPM Main Specification, accessed on Apr. 2017. [Online]. Available: http://www.trustedcomputinggroup.org/resources/tpm_main_specification

[49]

Trusted Computing Group. Trusted Computing Group Glossary, accessed on Apr. 2017. [Online]. Available: http://www.trustedcomputinggroup.org/developers/glossary

[50]

A. Wang, L. Jia, C. Liu, B. T. Loo, O. Sokolsky, and P. Basu, “Formally verifiable networking,” in Proc. 8th Workshop Hot Topics Netw. (HotNets), 2009, pp. 1–8. [Online]. Available: http://dblp.uni-trier.de/db/conf/hotnets/hotnets2009.html#WangJLLSB09

[51]

S. Whalen. (2001). An Introduction to ARP Spoofing, accessed on Apr. 2017. [Online]. Available: http://rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf

[52]

T. Zanussi et al. Relay (Formerly Relayfs), accessed on Apr. 2017. [Online]. Available: http://relayfs.sourceforge.net/

[53]

Z. Zhou, V. D. Gligor, J. Newsome, and J. M. McCune, “Building verifiable trusted path on commodity x86 computers,” in Proc. 33rd IEEE Symp. Secur. Privacy (IEEE S&P), May 2012, pp. 616–630.

[54]

Z. Zhou, M. Yu, and V. D. Gligor, “Dancing with giants: Wimpy kernels for on-demand isolated I/O,” in Proc. 35th IEEE Symp. Secur. Privacy (IEEE S&P), May 2014, pp. 308–323.

Cited By

Tian DChoi JHernandez GTraynor PButler KAhn GThuraisingham BKantarcioglu MKrishnan R(2019)A Practical Intel SGX Setting for Linux Containers in the CloudProceedings of the Ninth ACM Conference on Data and Application Security and Privacy10.1145/3292006.3300030(255-266)Online publication date: 13-Mar-2019
https://dl.acm.org/doi/10.1145/3292006.3300030

Index Terms

Securing ARP/NDP From the Ground Up

Index terms have been assigned to the content through auto-classification.

Recommendations

RFC1433: Directed ARP
Securing ARP From the Ground Up
CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device's Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past ...
An enhanced secure ARP protocol and LAN switch for preveting ARP based attacks
IWCMC '09: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly

After the ARP protocol was drafted, a subtle weakness in the protocol was discovered. In fact, ARP provides no means to establish the authenticity of the source of incoming ARP packets. That's why any host of a LAN network can forge an ARP message ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Information Forensics and Security

IEEE Transactions on Information Forensics and Security Volume 12, Issue 9

Sept. 2017

243 pages

ISSN:1556-6013

Issue’s Table of Contents

1556-6013 © 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 01 September 2017

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tian DChoi JHernandez GTraynor PButler KAhn GThuraisingham BKantarcioglu MKrishnan R(2019)A Practical Intel SGX Setting for Linux Containers in the CloudProceedings of the Ninth ACM Conference on Data and Application Security and Privacy10.1145/3292006.3300030(255-266)Online publication date: 13-Mar-2019
https://dl.acm.org/doi/10.1145/3292006.3300030

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents