Similar articles

Abstract: Address-resolution protocol (ARP) is an important protocol of data link layers that aims to obtain the corresponding relationship between Internet Protocol (IP) and Media Access Control (MAC) addresses. Traditional ARPs (address-resolution and neighbor-discovery protocols) do not consider the existence of malicious nodes, which reveals destination addresses in the resolution process. Thus, these traditional protocols allow malicious nodes to easily carry out attacks, such as man-in-the-middle attack and denial-of-service attack. To overcome these weaknesses, we propose an anonymous-address-resolution (AS-AR) protocol. AS-AR does not publicize the destination address in the address-resolution process and hides the IP and MAC addresses of the source node. The malicious node cannot obtain the addresses of the destination and the node which initiates the address resolution; thus, it cannot attack. Analyses and experiments show that AS-AR has a higher security level than existing security methods, such as secure-neighbor discovery.

匿名地址解析模型

[1]AlSa‚deh, A., Rafiee, H., Meinel, C., 2012. Stopping time condition for practical IPv6 cryptographically generated addresses. 26th IEEE Int. Conf. on Information Networking, p.257-162.[doi:10.1109/ICOIN.2012.6164388]

[2]Arkko, J., Kempf, J., Zill, B., et al., 2005. SEcure Neighbor Discovery (SEND). Internet Engineering Task Force.Available from http://tools.IETF.org/html/rfc3971.

[3]Ataullah, M., Chauhan, N., 2012. ES-ARP: an efficient and secure address resolution protocol. IEEE Students‚ Conf. on Electrical, Electronics & Computer Science, p.1-5.[doi:10.1109/SCEECS.2012.6184794]

[4]Barbhuiya, F.A., Biswas, S., Nandi, S., 2011. An active DES based IDS for ARP spoofing. IEEE Int. Conf. on Systems, Man & Cybernetics, p.2743-2748. ewline[doi:10.1109/ICSMC.2011.6084088]

[5]Bruschi, D., Ornaghi, A., Rosti, E., 2003. S-ARP: a secure address resolution protocol. IEEE 19th Annual Computer Security Applications Conf., p.66-74.[doi:10.1109/CSAC.2003.1254311]

[6]Fall, K.R., Stevens, W.R., 2011. TCP/IP Illustrated, Volume I: the Protocols. Addison-Wesley, London.

[7]Garcia-Martine, A., Bagnulo, M., 2012. An integrated approach to prevent address spoofing in IPv6 links. IEEE Commun. Lett., 16(11):1900-1902.

[8]Gouda, M.G., Huang, C.T., 2003. A secure address resolution protocol. Comput. Netw., 41(1):57-71.[doi:10.1016/S1389-1286(02)00326-2]

[9]Goyal, V., Tripathy, R., 2005. An efficient solution to the ARP cache poisoning problem. LNCS, 3574:40-51.[doi:10.1007/11506157_4]

[10]Hou, Y., Wang, Z., Wang, Y., et al., 2012. Routing attack in the ND and SEND mixed environment. 4th IEEE Int. Conf. on Multimedia Information Networking and Security, p.959-962.[doi:10.1109/MINES.2012.196]

[11]Issac, B., Mohammed, L.A., 2005. Secure unicast address resolution protocol (S-UARP) by extending DHCP. 13th IEEE Int. Conf. on Networks, p.1-6.[doi:10.1109/ICON.2005.1635503]

[12]Kumar, N., Bansal, G., Biswas, S., et al., 2013. Host based IDS for NDP related attacks: NS and NA spoofing. Annual IEEE India Conf., p.1-6.[doi:10.1109/INDCON.2013.6726054]

[13]Li, J., Wu, J., Xu, K., et al., 2012. A hierarchical inter-domain authenticated source address validation solution. Chin. J. Comput., 35(1):85-100 (in Chinese).[doi:10.3724/SP.J.1016.2012.00085]

[14]Nam, S.Y., Kim, D., Kim, J., 2010. Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun. Lett., 14(2):187-189.[doi:10.1109/LCOMM.2010.02.092108]

[15]Narten, T., Nordmark, E., Simpson, W., et al., 2007. Neighbor Discovery for IP Version 6 (IPv6). Internet Engineering Task Force.Available from http://tools.IETF.org/html/rfc4861.

[16]Oh, H., Chae, K., 2007. An efficient security management in IPv6 network via MCGA. 9th Int. Conf. on Advanced Communication Technology, p.1179-1181.

[17]Oh, M., Kim, Y.G., Hong, S., et al., 2012. ASA: agent-based secure ARP cache management. IET Commun., 6(7): 685-693.[doi:10.1049/iet-com.2011.0566]

[18]Plummer, D.C., 1982. An Ethernet Address Resolution Protocol—or—Converting Network Protocol Addresses to48.BitEthernet Address for Transmission on Ethernet Hardware. Internet Engineering Task Force.Available from http://tools.IETF.org/html/rfc826.

[19]Rafiee, H., AlSa‚deh, A., Meinel, C., 2011. WinsSEND: Windows SEcure Neighbor Discovery. 4th Int. Conf. on Security of Information and Networks, p.243-246.[doi:10.1145/2070425.2070469]

[20]Rehman, S.U., Manickam, S., 2015. Integrated framework to detect and mitigate denial of service (DoS)attacks on duplicate address detection process in IPv6 link local communication. Int. J. Secur. Appl., 9(11):77-86.

[21]Stinson, D.R., 2005. Cryptography: Theory and Practice. CRC Press.

[22]Su, G., Wang, W., Gong, X., et al., 2010. A quick CGA generation method. 2nd IEEE Int. Conf. on Future Computer and Communication, p.769-773.[doi:10.1109/ICFCC.2010.5497324]

[23]van Heuse, M., 2016. THC IPv6. Available from https://www.thc.org/thc-ipv6.

[24]Wang, X., Yu, H., 2005. How to break MD5 and other hash functions. Int. Conf. on Theory & Applications of Cryptographic Techniques, p.19-35.

[25]Wang, X., Lai, X., Feng, D., et al., 2005. Cryptanalysis of the hash functions MD4 and RIPEMD. LNCS, 3494:1-18.[doi:10.1007/11426639_1]

[26]Wu, J., Ren, G., Li, X., 2007. Source address validation: architecture and protocol design. IEEE Int. Conf. on Network Protocols, p.276-283.[doi:10.1109/ICNP.2007.4375858]

[27]Wu, J., Bi, J., Li, X., et al., 2008. A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience.Internet Engineering Task Force.Available fromhttps://datatracker.ietf.org/doc/rfc5210/?include_text=1

[28]Xiao, P., Bi, J., 2013. OpenFlow based intra-AS source address validation. J. Chin. Comput. Syst., 34(9):1999-2003 (in Chinese).[doi:10.3969/j.issn.1000-1220.2013.09.007]