Mitigating ARP poisoning-based man-in-the-middle attacks in wired or wireless LAN
- PDF / 277,676 Bytes
- 17 Pages / 595.28 x 793.7 pts Page_size
- 22 Downloads / 185 Views
RESEARCH
Open Access
Mitigating ARP poisoning-based man-in-themiddle attacks in wired or wireless LAN Seung Yeob Nam*, Sirojiddin Jurayev, Seung-Sik Kim, Kwonhue Choi and Gyu Sang Choi
Abstract In this article, an enhanced version of address resolution protocol (ARP) is proposed to prevent ARP poisoningbased man-in-the-middle (MITM) attacks in wired or wireless LAN environments. The proposed mechanism is based on the idea that when a node knows the correct MAC address for a given IP address, if it does not delete the mapping while the machine is alive, then MITM attack is not possible for that IP address. In order to prevent MITM attack even for a new IP address, we propose a new IP/MAC mapping conflict resolution mechanism based on computational puzzle and voting. Our proposed scheme can efficiently mitigate ARP poisoning-based MITM attacks, even in Wi-Fi hot-spots where wireless machines can easily come and leave, since the proposed mechanism does not require manual configuration if the proposed ARP is deployed through operating system (OS) upgrade. The proposed scheme is backward compatible with the existing ARP protocol and incrementally deployable with benefits to the upgraded machines. 1 Introduction The address resolution protocol (ARP) is used to find the media access control (MAC) address of a node corresponding to a given IP address in the same subnet [1,2]. The resolved addresses are temporarily kept in the ARP cache to reduce the resolution time and avoid additional ARP traffic overhead for recently resolved IP addresses [3]. The ARP poisoning attack refers to the behavior of registering a false (IP, MAC) address mapping in the ARP cache of another node for malicious purposes. As an example, when there are three different nodes A, B, and C in the same subnet, if Node A registers the (IPC, MACA) mapping in the ARP cache of Node B, then it is an ARP poisoning attack of Node A. If the above attack is successfully made, Node A can receive all the packets from B to C because B considers that MAC A is the MAC address of Node C and sends all the traffic for C to MACA. Thus, ARP poisoning enables the attacker to eavesdrop the communication between other nodes, modify the content of the packets, and hijack the connection. This ARP poisoning can also be used to launch a denial-of-service (DoS) attack [4]. For example, if an attacker replaces the MAC address of a particular host * Correspondence: [email protected] Department of Information and Communication Engineering, Yeungnam University, Gyeongsan-si, Gyeongbuk 712-749, Korea
with another value in the ARP cache of a remote machine, then the victim will experience DoS since it cannot access the original host due to the wrong MAC address. Furthermore, ARP poisoning can be used to mount man-in-the-middle (MITM) attack [5]. In the above example, if Node A registers the (IP B , MAC A ) mapping in the ARP cache of node C additionally, then Node A can see all the packets that are exchanged between Nodes B and C. If this attack occurs, the adversary may eavesdrop, in
Data Loading...