S-ARP: a Secure Address Resolution Protocol

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by D. Bruschi Articles by A. Ornaghi Articles by E. Rosti

19th Annual Computer Security Applications Conference (ACSAC '03)

Las Vegas, Nevada

December 08-December 12

ISBN: 0-7692-2041-3

	ASCII Text	x
	D. Bruschi, A. Ornaghi, E. Rosti, "S-ARP: a Secure Address Resolution Protocol," Computer Security Applications Conference, Annual, pp. 66, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003.

	BibTex	x
	@article{ 10.1109/CSAC.2003.1254311, author = {D. Bruschi and A. Ornaghi and E. Rosti}, title = {S-ARP: a Secure Address Resolution Protocol}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2003}, issn = {1063-9527}, pages = {66}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254311}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - S-ARP: a Secure Address Resolution Protocol SN - 1063-9527 SP EP A1 - D. Bruschi, A1 - A. Ornaghi, A1 - E. Rosti, PY - 2003 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

D. Bruschi, Universit? degli Studi di Milano, Italy

A. Ornaghi, Universit? degli Studi di Milano, Italy

E. Rosti, Universit? degli Studi di Milano, Italy

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254311

Tapping into the communication between two hosts on a LAN has become quite simple thanks to tools that can be downloaded from the Internet. Such tools use the Address Resolution Protocol (ARP) poisoning technique, which relies on hosts caching reply messages even though the corresponding requests were never sent. Since no message authentication is provided, any host of the LAN can forge a message containing malicious information.

This paper presents a secure version of ARP that provides protection against ARP poisoning. Each host has a public/private key pair certified by a local trusted party on the LAN, which acts as a Certification Authority. Messages are digitally signed by the sender, thus preventing the injection of spurious and/or spoofed information. As a proof of concept, the proposed solution was implemented on a Linux box. Performance measurements show that PKI based strong authentication is feasible to secure even low level protocols, as long as the overhead for key validity verification is kept small.

Citation:

D. Bruschi, A. Ornaghi, E. Rosti, "S-ARP: a Secure Address Resolution Protocol," acsac, pp.66, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.