BookPDF Available

Investigating ARP poisoning

Authors:

Abstract and Figures

Buy Link: https://www.amazon.com/Investigating-ARP-poisoning-great-detail/dp/6203911003 . Address Resolution protocol (ARP) is used to map logical addresses into its corresponding physical addresses and is widely used protocol in TCP/IP network. ARP protocol doesn’t provide any mechanism for authentication amongst hosts in the network. On other hand it is a stateless protocol. These limitations make ARP protocol vulnerable to attacks. ARP poisoning is a type of Man-In-The-Middle (MITM) in which attacker poisons the ARP cache of two hosts and place itself between legitimate traffic. In this work we implemented ARP poisoning using Ettercap and Cain and Abel tool. The work gives the systematic literature reviews of techniques for mitigation of ARP poisoning and bitcoin based model is proposed. The proposed model is based on the bitcoin networks and bitcoin cryptography. Our proposed scheme can efficiently mitigate the ARP poisoning attack as authentication is achieved through digital signature which can only be generated by legitimate host with their private key. Also, other host in the same network can check whether the communication between two hosts is authentic or not.
Content may be subject to copyright.
  









         
          


           



 !"#$

%"&''(($

$)*+),-.+/$!#
  

 0!
 0 -.-) % " & '    
'(($ 
ϭͮWĂŐĞ
ABSTRACT
Address Resolution protocol (ARP) is used to map logical addresses into its
corresponding physical addresses and is widely used protocol in TCP/IP network. ARP protocol
doesn’t provide any mechanism for authentication amongst hosts in the network. On other hand
it is a stateless protocol. These limitations make ARP protocol vulnerable to attacks. ARP
poisoning is a type of Man-In-The-Middle (MITM) in which attacker poisons the ARP cache of
two hosts and place itself between legitimate traffic. In this work we implemented ARP
poisoning using Ettercap and Cain and Abel tool. The work gives the systematic literature
reviews of techniques for mitigation of ARP poisoning and bitcoin based model is proposed.
The proposed model is based on the bitcoin networks and bitcoin cryptography. Our proposed
scheme can efficiently mitigate the ARP poisoning attack as authentication is achieved through
digital signature which can only be generated by legitimate host with their private key. Also,
other host in the same network can check whether the communication between two hosts is
authentic or not.
ϮͮWĂŐĞ
Table of Contents
CHAPTER 1 INTRODUCTION .................................................................................................6
CHAPTER.2 ADDRESS RESOLUTION PROTOCOL ..............................................................7
2.1. ARP (ADDRESS RESOLUTION PROTOCOL) ..............................................................7
2.2. VIEWING ARP CACHE ENTRIES ............................................................................... 10
2.3. ANALYZING ARP PACKETS ...................................................................................... 12
2.4. ARP POISONING (MITM) ATTACK ........................................................................... 14
2.5. IMPLEMENTATION OF ARP POISONING USING ETTERCAP ............................... 16
2.6. IMPLEMETATION OF ARP POISONING USING CAIN AND ABEL ........................ 30
2.6. DETECTING AND PREVENTING ARP POISONING ................................................. 35
CHAPTER 3 LITERATURE REVIEW .................................................................................... 36
CHAPTER 4 PROPOSED WORK ............................................................................................ 39
4.1 BITCOIN BASED ADDRESS RESOLUTION PROTOCOL (BB-ARP) ............................ 41
CHAPTER 5 CONCLUSION AND FUTURE SCOPE ............................................................. 44
REFERENCES ......................................................................................................................... 45
ϯͮWĂŐĞ
LIST OF FIGURES
Figure.1: ARP Request…………………………………………………………………………
Figure.2: ARP Reply………………………………………………………………………
Figure.3: ARP Packet Structure………………………………………………………………
Figure.4: Using arp –a command…………………………………………………………….
Figure.5: Using arp –s command…………………………………………………………….
Figure.6: Using arp –d command…………………………………………………………….
Figure.7: Investigating ARP Request packet in wireshark………………………………….
Figure.8: Investigating ARP reply packet in wireshark………………………………………..
Figure.9: Legitimate traffic between Host A and Host B……………………………………
Figure.10: Traffic after ARP poisoning……………………………………………………..
Figure.11: ARP poisoning setup……………………………………………………………….
Figure.12: Promisc mode option……………………………………………………………….
Figure.13: Unified sniffing option……………………………………………………………..
Figure.14: Network interface selection…………………………………………………………
Figure.15: Selecting “Scan for host” option…………………………………………………..
Figure.16: Hosts scanned in the network……………………………………………………
Figure.17: Selecting “hosts list” option………………………………………………………..
Figure.18: Selecting target 1 for ARP poisoning………………………………………………
Figure.19: Selecting target 2 for ARP poisoning…………………………………………….
Figure.20: Selecting “Start sniffing” option in Ettercap……………………………………….
Figure.21: “ARP poisoning” option in Ettercap………………………………………………..
Figure.22: Sniff remote connections parameter option for MITM……………………………..
Figure.23:Manage the plugins” option………………………………………………………..
Figure.24: Selecting “repoison_arp” parameter…………………………………………………
Figure.25: Selecting “remote_browser” parameter……………………………………………..
Figure.26: Viewing connections by selecting “Connections” option…………………………..
Figure.27: Active and idle connections………………………………………………..
Figure.28: Viewing connection details……………………………………………………….
ϰͮWĂŐĞ
Figure.29: Double clicking on connection to split screen………………………………….
Figure.30: Character injection……………………………………………………………..
Figure.31: Selecting interface on wireshark………………………………………………
Figure.32: Capturing ARP protocol by using “arp” keyword in filter option…………………
Figure.33: Viewing ARP reply packet in wireshark………………………………………
Figure.34: Starting “sniffer” option in Cain and Abel……………………………………..
Figure.35: Scanning host in Cain and Abel……………………………………………….
Figure.36: Selecting “Add to list” option…………………………………………………
Figure.37: Selecting target IP address for ARP poisoning………………………………….
Figure.38: IP address selection for ARP poisoning………………………………………….
Figure.39: ARP poisoning process initiation…………………………………………………
Figure.40: ARP detection using Xarp…………………………………………………….
Figure.41: Bitcoin Ledger…………………………………………………………………..
Figure.42: ARP cache table……………………………………………………………….
Figure.43: Digital signature generation………………………………………………….
Figure.44: Signature verification process………………………………………………….
Figure.45: BB-ARP hosts in the network………………………………………………….
Figure.46: Communication via bitcoin based ARP……………………………………….
Figure.47: Broadcast of updated ledger………………………………………………….
LIST OF TABLES
Table.1:Search results and relevant papers……………………………………………………..
ϱͮWĂŐĞ
LIST OF ABBREVIATIONS AND ACRONYMS
ARP Address Resolution Protocol
DHCP Dynamic Host Configuration Protocol
S-ARP Secure-ARP
S-UARP Secure Unicast Address Resolution Protocol
TARP Ticket based Address Resolution Protocol
DAPS Dynamic ARP-spoof Protection & Surveillance
E-SDE Enhanced Spoof Detection System
GDPS Gratuitous decision Packet System
SDN Software Defined Network
PARP-S Secure Piggybacking based ARP
KARP Kerberos-ARP
BB-ARP Bitcoin Based-ARP
ES-ARP Efficient and Secure ARP
MR-ARP MITM Resistant-ARP
ϲͮWĂŐĞ
CHAPTER 1 INTRODUCTION
The network security is a prime concern for the companies in today’s scenario. Many companies
adopt strict security policies to ensure security within an organization. Attacks on an
organization can be inside attacks and outside attacks. The primary goal of the security policies
is to achieve CIA (Confidentiality, Integrity and Authenticity) model. Security mechanism is
implemented at every layer of the OSI reference model. However, security of the upper layer
protocols depends upon the security of the lower layer protocols. Therefore, hardening lower
layer protocol is essential for robust network as compromise of lower layer protocol leads to
serious inside attacks.
ARP protocol is used to map logical address into its corresponding physical address. The
purpose of ARP protocol is address resolution. ARP protocol is a stateless protocol. It doesn’t
provide any authentication amongst hosts in network thus making it susceptible to attacks. ARP
spoofing, or ARP poisoning is an attack in which an attacker poisons the ARP cache of the target
hosts and placed itself between legitimate traffic leading to attacks like MITM, sniffing,
connection hijacking, connection spoofing and DoS. Thus, makes it necessary to secure ARP
protocol.
In this work, we investigated the ARP packet using wireshark protocol analyzer. ARP poisoning
attack is implemented using Ettercap tool. The work gives the systematic literature review of
techniques that are proposed in the literature. Also, a bitcoin based model for mitigation of ARP
poisoning is proposed. The Proposed idea is based on the concept of bitcon network and bitcoin
cryptography.
ϳͮWĂŐĞ
CHAPTER.2 ADDRESS RESOLUTION PROTOCOL
2.1. ARP (ADDRESS RESOLUTION PROTOCOL)
The packet in the computer networks passes through many physical networks and interconnected
devices before reaching its destination. In TCP/IP network, every host has two addresses
namely- logical addresses and physical addresses. The logical address is a 32-bit network layer
address well known as IP address. It is assigned by the DHCP or DNS server. The layer two
addresses are called physical address. It is imprinted in the hardware NIC. It is well known as
MAC address. The jurisdiction of the MAC address is local network and is unique locally.
Anytime the host sends the IP datagram to another host in the network, it has IP address of the
receiver at network layer. However, this IP address should be resolved so that it can be
encapsulated within the data link layer frame and pass the physical layer.
ARP protocol maps the IP address to its corresponding MAC address [1]. It is defined in RFC
826 [2]. The mapping can be done is two ways either statically or dynamically. In static
mapping, ARP cache table are static which is stored at every host’s machine in the network on
other hand dynamic mapping finds one of the two address with the use of address resolution.
Static mapping has various limitations as physical address can be changed in many ways. Also,
for resolving MAC address to its corresponding IP address RARP (Reverse Address Resolution
Protocol) is used. Whenever the host communicates with another host in the same network it
sends the broadcast request containing its IP address, MAC address and receiver’s IP address and
asks for receiver’s MAC address (Figure.1).
ϴͮWĂŐĞ
Figure.1 ARP Request
Every host on the network receives the broadcast request but only intended receiver replies with
its MAC Address. Other host on the network discards this request. ARP request is broadcast and
reply is unicast (Figure.2).
Figure.2 ARP Reply
ϵͮWĂŐĞ
In an order to minimize the broadcast requests within the network. ARP reply is cached and kept
in a cache memory for a while (20-30 minutes). Every host maintains its ARP cache table and
before sending the ARP broadcast request it first check its cache. Cache table is record of IP
addresses and their corresponding IP addresses [1].
(Figure. 3) depict the format of the ARP header and the fields are as follows [3]: -
Hardware Type- This 16-bit field defines the type of network on which ARP is running.
Protocol Type- A 16-bit field defining protocol.
Hardware Address Length- A 8-bit field defines length of physical address in bytes or
octets. For Ethernet the length is 6.
Protocol Address Length- It defines the length of the logical address in bytes or octets.
Operation- It’s a function of ARP packet- 1 for request and 2 for reply.
Sender Hardware Address- It’s a Sender’s hardware address.
Sender Protocol Address- It’s an Address of sender’s upper layer protocol.
Target Hardware Address- The recipient hardware address. Always zero in request.
Target Protocol Address- It’s an Address of receiver’s upper layer protocol.
ϭϬͮWĂŐĞ
Figure.3 ARP Packet Structure [3]
2.2. VIEWING ARP CACHE ENTRIES
Static and dynamic ARP cache entries can be easily viewed on windows operating system by
command prompt. The steps are as follows: -
1. Open the Command Prompt.
2. ARP cache can easily be viewed by arp – a command in command prompt (Figure.4).
ϭϭͮWĂŐĞ
Figure.4 Using arp –a command
3. Addition in cache entries can be done manually by arp – s command (Figure.5)
Figure.5 Using arp –s command
ϭϮͮWĂŐĞ
4. Also to delete the ARP cache manually arp –d command is used (Figure.6)
Figure.6 Using arp –d command
2.3. ANALYZING ARP PACKETS
ARP packets can be analyzed using wireshark network protocol analyzer. We analyzed the two
packets used by the ARP protocol for dynamic mapping for IP address and MAC address
namely- ARP request packet and ARP reply Packet.
1. ARP request- The first packet is ARP request packet which is a broadcast request
containing source’s IP address, MAC address and target’s IP address (Figure.7). As
shown in Figure. The receiver MAC address is 00:00:00: 00:00:00 as it is marked zero in
ARP request. Opcode (1) depict it’s an ARP request packet. The hardware address for
Ethernet is 6.
ϭϯͮWĂŐĞ
Figure.7 Investigating ARP Request packet in wireshark
2. ARP reply: On response of the broadcast request the receiver sends it MAC address. The
receiver sends its MAC address. The Opcode here is (2) depict it’s a ARP reply request
as shown in (Figure.8).
ϭϰͮWĂŐĞ
Figure.8 Investigating ARP reply packet in wireshark
2.4. ARP POISONING (MITM) ATTACK
ARP protocol is a stateless protocol, it doesn’t keep track of request coming and going out. Also
ARP protocol doesn’t guarantee any authentication amongst host in the network. These factors
make ARP protocol susceptible to attacks [4].
ARP cache poisoning, ARP spoofing, or ARP poison routing is the Man-In-The-Middle attack in
which attacker placed itself in between two legitimate hosts and poison their ARP cache table [6]
(Figure.10). This is done by forge IP addresses, sending fake ARP replies, sending fake IP
address and so on [4].
ϭϱͮWĂŐĞ
Figure.9 Legitimate traffic between Host A and Host B
(Figure.9) shows the legitimate traffic between Host A and Host B. After the successful ARP
poisoning attack, attacker place itself between the traffic (Figure.10). The attacker can now
intercept and view the information. The objective of ARP poisoning is to take over the session.
ARP poisoning attack can cause sniffing, connection hijacking, connection spoofing and DoS
[5].
Figure.10 Traffic after ARP poisoning
Consider the scenario where three Hosts are connected via Ethernet. Host A wants to
communicate with Host B. Attacker can implement the ARP poison and poison the cache
through various ways [4]: -
ϭϲͮWĂŐĞ
Figure.11 ARP poisoning setup
Scenario one: Broadcast request
Host A sends the broadcast ARP request. This ARP request is received by every host connected
via Ethernet. Attacker in this scenario uses the IP address of the Host A and sends the ARP
broadcast request. This results in the two hosts with same IP address. This request is stored by
the Host B’s ARP cache table resulting in the ARP cache poisoning [4].
Scenario two: Multiple responses
In this scenario, Host A receives the response from the attacker and Host C. There exists a race
condition that attacker’s response is received first by the Host A [4].
Scenario three: Unsolicit ed response
Since ARP protocol is a stateless protocol. It doesn’t keep track of requests going out. Therefore,
an unsolicited response sometimes causes ARP cache poisoning [4].
2.5. IMPLEMENTATION OF ARP POISONING USING ETTERCAP
There are various tools available in the market through which ARP cache poisoning can be
implemented such as Ettercap, Subterfuge, Arpoison, Arpspoof, ARP-FILLUP-v0.1, Arp-sk-
ϭϳͮWĂŐĞ
v0.3.2, arping, Cain and Abel, SwitchSniffer and many more. The implementation is done on
windows operating system. Ettercap tool was used to launch ARP poisoning.
It should be noted that implementation is done in a controlled environment and three laptops was
connected to the LAN. Host A IP address is 192.168.0.107, Attacker IP address is 192.168.0.106
and Host C IP address is 192.168.0.104. Host A and Host C ran on windows operating system.
Attacker ran on Kali Linux and used Ettercap to implement ARP poisoning attack. The steps for
attack are as follows-
1. Start the Ettercap on attacker machine and configure it for “Promisc Mode” via options
drop down menu (Figure.12).
Figure.12 Promisc mode option
2. Start the “Unified Sniffing” through sniff drop down menu (Figure.13).
ϭϴͮWĂŐĞ
Figure.13 Unified sniffing option
3. Select the interface (wlan0) as Hosts are connected on the LAN (Figure.14).
Figure.14 Network interface selection
4. Click on the “Hosts” drop down menu and select “Scan for hosts” option for scanning the
hosts that are connected to the LAN (Figure.15). Once the scanning is completed, the list
of hosts was viewed (Figure.16) by selecting Host list option in Hosts drop down menu
(Figure.17).
ϭϵͮWĂŐĞ
Figure.15 Selecting “Scan for host” option
Figure.16 Hosts scanned in the network
ϮϬͮWĂŐĞ
Figure.17 Selecting“hosts list” option
5. From the list of hosts connected on the LAN, Attacker selects the two targets for MITM
attack (Figure.18) (Figure.19).
Figure.18 Selecting target 1 for ARP poisoning
ϮϭͮWĂŐĞ
Figure.19 Selecting target 2 for ARP poisoning
6. After selecting the two targets, click on the “Start” drop down menu and select “Start
sniffing” (Figure.20).
Figure.20Selecting “Start sniffing” option in ettercap
ϮϮͮWĂŐĞ
7. Once the sniffing started, select the “Arp poisoning” option in the “Mitm” drop down
menu and select “Sniff remote connection” (Figure.21) (Figure.22).
Figure.21“ARP poisoning” option in ettercap
ϮϯͮWĂŐĞ
Figure.22 Sniff remote connections parameter option for MITM
8. Under the “Plugins” drop down menu select “Manage the plugins” option (Figure.23).
Select “repoison_arp” and “remote_browser” parameters. The “remote_browser”
parameter allow attacker’s web browser to display the web pages of the victims
(Figure.24) (Figure.25).
ϮϰͮWĂŐĞ
Figure.23“Manage the plugins” option
Figure.24 Selecting “repoison_arp” parameter
ϮϱͮWĂŐĞ
Figure.25 Selecting “remote_browser” parameter
9. After selecting the parameters, go to “View” drop down menu and select “Connections”.
This shows the active and idle connection with source IP address and destination IP
address (Figure.26) (Figure.27).
ϮϲͮWĂŐĞ
Figure.26 viewing connections by selecting “Connections” option
Figure.27 Active and idle connections
10. Now Attacker can easily view the connection detail by right clicking the mouse and
choosing “View details” option (Figure.28). This will reveal the protocol, bytes
ϮϳͮWĂŐĞ
transferred, source IP address and MAC address. Also destination IP address and MAC
address. By double clicking on the connection, screen is spiltted into two parts. Attacker
can choose the targets and can inject characters (Figure.29) (Figure.30).
Figure.28 Viewing connection details
Figure.29 double clicking on connection to split screen
ϮϴͮWĂŐĞ
Figure.30 Character injection
The Attack can easily be investigated in the network by wireshark protocol analyzer. Selecting
“wlan0” as an interface and click on the “Start” option (Figure.31). After starting the capturing,
the protocol, apply “arp” to the filter and apply (Figure.32). The poisoned ARP packet is easily
rectified (Figure.33).
ϮϵͮWĂŐĞ
Figure.31 Selecting interface on wireshark
Figure.32 Capturing ARP protocol by using “arp” keyword in filter option
ϯϬͮWĂŐĞ
Figure.33 Viewing ARP reply packet in wireshark
2.6. IMPLEMETATION OF ARP POISONING USING CAIN AND ABEL
Cain and Abel is a password recovery tool for windows operating system. This is done by
sniffing the network. However, ARP poisoning can be done using Cain and Abel by following
the below steps: -
1. Start the Cain and Abel and click on the Start/Stop sniffer button (Figure.34)
ϯϭͮWĂŐĞ
Figure.34 Starting “sniffer” option in Cain and Abel.
2. Choose the “Sniffer” option and click on the Add (+) button to scan all hosts in the
subnet (Figure.35).
ϯϮͮWĂŐĞ
Figure.35 Scanning host in Cain and Abel
3. Start “APR” option and select the target for ARP poisoning by Add (+), this will add the
hosts in the list. After selecting the two target if the status is not idle passwords and
HTTP packets can be easily recovered. (Figure.36) (Figure.37) (Figure.38) (Figure.39).
ϯϯͮWĂŐĞ
Figure.36 Selecting “Add to list” option
Figure.37. Selecting target IP address for ARP poisoning
ϯϰͮWĂŐĞ
Figure.38 IP address selection for ARP poisoning
Figure.39 ARP poisoning process initiation
ϯϱͮWĂŐĞ
2.6. DETECTING AND PREVENTING ARP POISONING
The ARP poisoning can be detected in the network by using the IDS (Intrusion Detection
System) and use of Firewalls. There are many tools available which can be used to rectify ARP
poisoning within an organization. Some of them are Snort, Colasoft, Arpalert, Arpwatch, anti-
spoof, Antidote, Xarp etc. These are GUI based tools which is easy to use and deploy. We have
used Xarp for detecting the ARP poisoning within the network. (Figure.40).
Figure.40 ARP detection using Xarp
ϯϲͮWĂŐĞ
CHAPTER 3 LITERATURE REVIEW
The extensive literature review was carried as per the guidelines proposed by Kitchenham [7].
The objective of carrying literature review was to gain deeper understanding of mitigation
techniques that exists in literature and to find gap in the study. The literature has been carried out
in following journals: -
1. Springer
2. ACM digital library
3. Wiley online library
4. Science Direct
5. IEEE Xplore
The search term was “ARP poisoning” in the search field. The papers in journals and conference
proceedings were taken into consideration for the literature survey. The result of the search is
shown in (Table.1).
^͘EK͘:KhZE>^Z,Z^h>d^Z>sEdWWZ^
ϭ͘ /yƉůŽƌĞ ϰϭϭϲ
Ϯ͘ ^ƉƌŝŶŐĞƌ ϭϭϴ ϭ
ϯ͘ ^ĐŝĞŶĐĞŝƌĞĐƚ ϳϮϬ Ϯ
ϰ͘ tŝůĞLJKŶůŝŶĞ>ŝďƌĂƌLJ ϰϮϭϬ
ϱ͘ D ϭϰϱ ϯ
Table.1 Search results and relevant papers
ϯϳͮWĂŐĞ
Total 22 relevant papers were selected for review. The papers in journals and conferences are
taken into consideration.
One of the earliest paper in literature was published by Tripunitra and Dutta in 1999 [8],
proposes a middleware approach that utilizes design constraints. The implementation was done
on stream based networking subsystem. ARP poisoning can be detected and prevented but
limitation was compatibility of existing network architecture with proposed one.
The paper by Bruschi. Ornaghi and Rosti in 2003 [9] presents S-ARP in which public and private
key are distributed to every hosts in the network by Central Server that act as a Certificate
Authority. PKI based authentication mechanism is used. S-ARP has a limitation of single point
of failure as if the Central Server fails; the whole network will not work. Also the cost of manual
configuration to give keys to new hosts.
In 2005, Isaac and Mohammed [10] proposed S-UARP that uses ARP unicast request mechanism
rather than broadcast request to Central Server. Thus, minimizes the broadcast requests within
the network. As technique depends on Central Server it has a limitation of single point of failure.
In 2007, two papers were published. The work by Trabelsi and El-Hajj [11] introduced a
technique that uses ARP stateful cache instead of traditional ARP stateless cache via Fuzzy
Logic Controller. The paper by Lootah et al [12] proposes a TARP where tickets and IP/MAC
mapping are centrally distributed to the hosts by DHCP server. Since it is a centralize approach,
it has a limitation of single point of failure.
In 2009, three paperswere published. Ortega et al [13] introduced a scheme that uses SOHOs by
using low end networking equipment running on the OpenWrt firmware. The paper by
Hammouda and trabelsi [14], proposes scheme where modification of switch is done to act as a
“Trusted Authority” and authenticate hosts while communication. The scheme has dependability
on switch configuration. The work done by Puangpronpitag and Masusas [15] presents dynamic
ARP spoof protection and surveillance (DAPS) for mitigation of ARP poisoning.
In 2010, Nam et al [16] invented the voting based resolution mechanism MR-ARP, where
concept of voting is done by the hosts in an order to prevent ARP poisoning. It has some
limitations like it is not valid in 802.11 networks.
ϯϴͮWĂŐĞ
In 2011, Dangol et al [17] proposes GARP. In this protocol the ARP reply is broadcast not
unicast and Central Authority monitors ARP table.
In 2012, four papers were published. Kumar and Tapaswi [18] present a centralize mechanism
where every host check and validates their ARP entries through ARP Central Server (ACS).
ACS corrects and detects ARP poisoning. It is susceptible to single point of failure. Again, Nam
et al [19] published a paper that improves voting based mechanism of MR-ARP [16] through
puzzle based computational method. In an order to gain fair voting RSA algorithm is used. Salim
et al [20] introduced GDPS that detects the doubtful packets and legitimate host can be
recognized by sending modified request of gratuitous packets. Ataullah and Chauhan [21]
launched ES-ARP that is a stateful protocol and cache is updated after each communication.
In 2013, three papers were published. The paper by Tripathi and Mehtre [22], suggested an
approach where ICMP based secondary cache is maintained by every host in the network.
According to ICMP responses, the cache is updated. It has an advantage as there is no single
point of failure. Nam et al [23] in their paper proposes a scheme to enhance the voting amongst
host by adding some parameters like filtering, key parameters and early response. Pandey [24]
presents E-SDE in which ICMP and ARP packets are used as a probe packets and algorithm for
this is introduced.
In 2015, five papers were published. Masoud et al [25] make use of SDN ( Software Defined
Network) for mitigating ARP poisoning. Tian [26] et al introduces arpsec, a secure ARP/RARP
that utilizes TPM commodity as attestation base, verify the identity of the tar-get machine and
doesn’t require protocol modification. Saputro and Akkaya [27], presents PARP-S but it is suited
for 802.11s based smart grid networks. Bakhache and Rostom [28], launched a method that use
Kerberos protocol for authentication. This technique was named KARP. It is low cost but has a
limitation of single point of failure. The paper by Arote and Arya [29] detects and prevent ARP
poisoning by voting among host and modified ICMP.
ϯϵͮWĂŐĞ
CHAPTER 4 PROPOSED WORK
This work proposed a Bitcoin network based approach for the mitigation of ARP poisoning
attacks. Bitcoin is a transaction system where every host in the network maintains a digital file
called as Ledger [30]. The various host on the network exchange money by exchanging ledger.
Bitcoin starts with the creation of bitcoin account which contains the account number, public key
and the private key of the host. Unlike ARP cache table, bitcoin ledger table contains the host’s
name and its balance (Figure.41) (Figure.42).
Figure.41 Bitcoin Ledger Figure.42 ARP cache table
Bitcoin is based on decentralized network. There is no centralizing authority in bitcoin
transaction like bank. Suppose Host A wants to send 5$ to Host B, Host A sends the broadcast
request containing digital signature and transaction message. Host B receives the request update
its balance with plus 5$ resulting in balance of Host A minus 5%. Now this updated ledger is
broadcasted to the network so that everyone updates their ledger. In bitcoin, everyone can see
everyone else balances and transactions [30]. Now the following questions arise: -
Who maintains the ledger?
Every host in the network maintains its own copy of ledger there is no centralize authority which
owns the ledger (Figure.45).
How authentication is done?
The authentication in bitcoin is done by digital signature by make use of host’s private key
(Figure.43).
ϰϬͮWĂŐĞ
Figure.43 Digital signature generation
How other Hosts make verify that request is legitimate?
The broadcast requests are easily verified by the other hosts in the network as another function is
created and it allows other people to check whether the transaction is legitimate or not
(Figure.44).
ϰϭͮWĂŐĞ
Figure.44. Signature verification process
In bitcoin transactions, the cryptographic functions and mathematics is used to achieve
authentication amongst the host. However, the concept if used in ARP protocol can enhance its
security and makes it less susceptible to attacks. The processing of broadcast request is more in
bitcoin as compare to ARP protocol, but if the security is the prime concern. It can be used with
ARP protocol. In this work we propose a Bitcoin Based ARP (BB-ARP).
4.1 BITCOIN BASED ADDRESS RESOLUTION PROTOCOL (BB-ARP)
In bitcoin based ARP protocol every host maintains the ledger containing host’s account number,
public key and private key. Also the list of corresponding MAC addresses and its IP addresses.At
the administrator level each host on the network will be assigned a pair of public key and private
key. Public key will have distributed in such a way that every host in the network will have
everyone’s public key. Now if host want to resolve its IP address into its corresponding MAC
address it broadcast the message encrypted with the public key of destined host so that it can
only decrypted by it.
ϰϮͮWĂŐĞ
Figure.45 BB-ARP hosts in the network
When Host A communicates with Host B in the network. Host A sends the broadcast request
containing digital signature of host and a transaction message (Figure 46). Host B encrypt the
message by using Host A’s public key and its private key. Other Hosts on network can verify
whether the transaction between Host A and Host B is legitimate or not (Figure 44). After the
successful communication or transaction Host A and Host B broadcast the updated transaction
message containing IP address and MAC address mapping. Therefore, other host on the network
updates their ledger containing updated information. In BB-ARP every host maintains its copy of
ledger and mechanism is decentralized (Figure.47) (Figure.45).
Figure.46 Communication via bitcoin based ARP
ϰϯͮWĂŐĞ
Figure.47 Broadcast of updated ledger
ϰϰͮWĂŐĞ
CHAPTER 5 CONCLUSION AND FUTURE SCOPE
The systematic literature review has been carried out in an order to find techniques that were
proposed for mitigation of ARP poisoning. There are various techniques that exists in literature
but has limitations and constraints. Therefore, need for proposing new technique arises.In this
work the bitcoin based model is proposed for the mitigation of ARP poisoning. The
authentication is done by the digital signature and other hosts can verify whether the
communication between two host are legitimate or not. Since the approach is decentralized it is
not prone to single point of failure problem. The proposed scheme has a limitation of cost of
manual configuration as public key and private key is distributed to the new host manually every
time. Apart from this, it provides robust security and strong authentication.
ϰϱͮWĂŐĞ
REFERENCES
1. B. Forouzan and S. Fegan, Data communications and networking. New York: McGraw-
Hill Higher Education, 2007.
2. 1982 [Online]. Available: https://tools.ietf.org/html/rfc826. [Accessed: 10-Apr-2016].
3. C. Sanders, Practical Packet Analysis: Using WIRESHARK to Solve Real-World Network
Problems; Second Edition. No Starch Press, 2011.
4. "ARP Cache Poisoning Detection and Prevention", San Jose University, 2003.
5. 2007 [Online] Available:http://www.harmonysecurity.com/files/HS-P004_ARPPoisoning
.pdf
6. 2014 [Online]. Available:http://www.cisco.com/c/en/us/products/collateral/switches/cata
lyst-6500-series-switches/white_paper_c11_603839.html.
7. B. Kitchenham, O. Pearl Brereton, D. Budgen, M. Turner, J. Bailey and S. Linkman,
"Systematic literature reviews in software engineering – A systematic literature review",
Information and Software Technology, vol. 51, no. 1, pp. 7-15, 2009.
8. M. Tripunitara and P. Dutta, "A middleware approach to asynchronous and backward
compatible detection and prevention of ARP cache poisoning", Proceedings 15th Annual
Computer Security Applications Conference (ACSAC'99).
9. D. Bruschi, A. Ornaghi and E. Rosti, "S-ARP: a secure address resolution protocol", 19th
Annual Computer Security Applications Conference, 2003. Proceedings.
10. L. Biju Issac, "Secure Unicast Address Resolution Protocol (S-UARP) by Extending
DHCP", 2005 13th IEEE International Conference on Networks Jointly held with the
2005 IEEE 7th Malaysia International Conf on Communic.
11. Z. Trabelsi and W. El-Hajj, "Preventing ARP Attacks Using a Fuzzy-Based Stateful ARP
Cache", 2007 IEEE International Conference on Communications, 2007.
12. W. Lootah, W. Enck and P. McDaniel, "TARP: Ticket-based address resolution protocol",
Computer Networks, vol. 51, no. 15, pp. 4322-4337, 2007.
13. A. Ortega, X. Marcos, L. Chiang and C. Abad, "Preventing ARP cache poisoning attacks:
A proof of concept using OpenWrt", 2009 Latin American Network Operations and
Management Symposium, 2009.
14. S. Hammouda and Z. Trabelsi, "An enhanced secure ARP protocol and LAN switch for
preveting ARP based attacks", Proceedings of the 2009 International Conference on
Wireless Communications and Mobile Computing Connecting the World Wirelessly -
IWCMC '09, 2009.
15. S. Puangpronpitag and N. Masusai, "An efficient and feasible solution to ARP Spoof
problem", 2009 6th International Conference on Electrical Engineering/Electronics,
Computer, Telecommunications and Information Technology, 2009
16. S. Nam, D. Kim and J. Kim, "Enhanced ARP: preventing ARP poisoning-based man-in-
the-middle attacks", IEEE Communications Letters, vol. 14, no. 2, pp. 187-189, 2010.
17. S. Dangol, S. Selvakumar and M. Brindha, "Genuine ARP (GARP)", SIGSOFT Softw.
Eng. Notes, vol. 36, no. 4, p. 1, 2011.
ϰϲͮWĂŐĞ
18. S. Kumar and S. Tapaswi, "A centralized detection and prevention technique against ARP
poisoning", Proceedings Title: 2012 International Conference on Cyber Security, Cyber
Warfare and Digital Forensic (CyberSec), 2012.
19. S. Nam, S. Jurayev, S. Kim, K. Choi and G. Choi, "Mitigating ARP poisoning-based
man-in-the-middle attacks in wired or wireless LAN", EURASIP J Wirel Commun Netw,
vol. 2012, no. 1, p. 89, 2012.
20. H. Salim, Z. Li, H. Tu and Z. Guo, "Preventing ARP Spoofing Attacks through Gratuitous
Decision Packet", 2012 11th International Symposium on Distributed Computing and
Applications to Business, Engineering & Science, 2012.
21. M. Ataullah and N. Chauhan, "ES-ARP: An efficient and secure Address Resolution
Protocol", 2012 IEEE Students' Conference on Electrical, Electronics and Computer
Science, 2012.
22. N. Tripathi and B. Mehtre, "An ICMP based secondary cache approach for the detection
and prevention of ARP poisoning", 2013 IEEE International Conference on
Computational Intelligence and Computing Research, 2013.
23. S. Nam, S. Djuraev and M. Park, "Collaborative approach to mitigating ARP poisoning-
based Man-in-the-Middle attacks", Computer Networks, vol. 57, no. 18, pp. 3866-3884,
2013.
24. P. Pandey, "Prevention of ARP spoofing: A probe packet based technique", 2013 3rd
IEEE International Advance Computing Conference (IACC), 2013.
25. M. Masoud, Y. Jaradat and I. Jannoud, "On preventing ARP poisoning attack utilizing
Software Defined Network (SDN) paradigm", 2015 IEEE Jordan Conference on Applied
Electrical Engineering and Computing Technologies (AEECT), 2015.
26. J. Tian, K. Butler, P. McDaniel and P. Krishnaswamy, "Securing ARP From the Ground
Up", Proceedings of the 5th ACM Conference on Data and Application Security and
Privacy - CODASPY '15, 2015.
27. N. Saputro and K. Akkaya, "PARP-S: A secure piggybacking-based ARP for IEEE
802.11s-based Smart Grid AMI networks", Computer Communications, vol. 58, pp. 16-
28, 2015.
28. B. Bakhache and R. Rostom, "Kerberos secured Address Resolution Protocol (KARP)",
2015 Fifth International Conference on Digital Information and Communication
Technology and its Applications (DICTAP), 2015.
29. P. Arote and K. Arya, "Detection and Prevention against ARP Poisoning Attack Using
Modified ICMP and Voting", 2015 International Conference on Computational
Intelligence and Networks, 2015.
30. C. Wilmer and C. Barski, Bitcoin for the Befuddled. No Starch Press, 2015.
31. Alam M, Khan AH, Khan IR (2016). Swarm intelligence in MANETS: a survey. Int J
Emerg Res Manag Technol 5(5):141–150. DOI: 10.6084/m9.figshare.14309384.
32. Alam, M. (2011). Online Banking (1st ed.). New Delhi. LAP LAMBERT Academic
Publishing, ISBN: 978-620-3-86302-4, DOI: 10.6084/m9.figshare.14612127.
33. Alam, M. (2012). Electronic Ticket Machine (1st ed.). New Delhi. LAP LAMBERT
Academic Publishing, ISBN: 978-620-3-86332-1, DOI: 10.6084/m9.figshare.14661354.
34. Alam, M. (2013). Just Shop-Shopping (1st ed.). New Delhi. LAP LAMBERT Academic
Publishing, ISBN: 978-620-3-58124-9, DOI: 10.6084/m9.figshare.14431382.
35. Alam, M. (2013). Core ePortal (1st ed.). New Delhi. Glasstree Bookstore, ISBN: 978-1-
6671-9827-9, DOI: 10.20850/9781667198279.
ϰϳͮWĂŐĞ
36. Alam, M., & Khan, M. (2013). E-Cops (1st ed.). New Delhi. LAP LAMBERT Academic
Publishing, ISBN: 978-620-3-86368-0, DOI: 10.6084/m9.figshare.14662479.
37. Alam, M. (2014). Stegnography (1st ed.). New Delhi. LAP LAMBERT Academic
Publishing, ISBN: 978-620-3-86944-6, DOI: 10.6084/m9.figshare.14662680.
38. Alam, M. (2016). Applicability of Swarm Intelligence in Mobile Ad Hoc Network (1st
ed.). New Delhi. LAP LAMBERT Academic Publishing, ISBN: 978-620-3-57426-5,
DOI: 10.6084/m9.figshare.14313548.
39. Alam, M., & Ahmed, I. (2017). Payroll Management System (1st ed.). New Delhi. LAP
LAMBERT Academic Publishing, ISBN: 978-620-3-86260-7, DOI:
10.6084/m9.figshare.14662860.
ϰϴͮWĂŐĞ
40.
ϰϵͮWĂŐĞ
41.
ϱϬͮWĂŐĞ
42.
KS OmniScriptum Publishing
Brivibas gatve 197
LV-1039 Riga, Latvia
Telefax: +371 686 204 55
info@omniscriptum.com
www.omniscriptum.com
Buy your books fast and straightforward online - at one of world’s
fastest growing online book stores! Environmentally sound due to
Print-on-Demand technologies.
Buy your books online at
www.morebooks.shop
Kaufen Sie Ihre Bücher schnell und unkompliziert online – auf einer
der am schnellsten wachsenden Buchhandelsplattformen weltweit!
Dank Print-On-Demand umwelt- und ressourcenschonend produzi
ert.
Bücher schneller online kaufen
www.morebooks.shop
Book
Full-text available
Buy Link: https://www.amazon.com/Computer-Technology-technologies-great-details/dp/6203926515 This book can be read on two different levels. First, it may be read by ordinary people with a limited, if any, scientific background. Throughout, the book has been written with this audience in mind. At times, the science presented might seem overwhelming but I hope that you won’t be easily discouraged. Even if the technical content of a given chapter is hard to understand, the scientific evidence presented, the citations from original documents, conclusions drawn, and recommendations made can be easily comprehended. One of the important features of this book is that it does not have a textbook structure when the chapters, in order to be understood, need to be read in the sequence given. In fact, you can start the journey from any chapter, based on your interests, tastes, and preferences. The second group of readers will be represented by professionals from the computer science industry, academia, and government agencies, as well as consumer protection and advocacy groups. I do not expect everybody in the scientific community to agree with the content and ideas put forth in this book. But I do hope that the information and knowledge presented will become a wake-up call for the general public, regulatory agencies, legislators, business leaders, and scientists. The book comprises four chapters. Chapter 1 is about cryptography. Chapter 2 presents the Defence Mechanisms Countering DDOS Attacks. Chapter 3 introduces the concept of “Kerberos”. Chapter 4 introduces Applicability of Genetic Algorithm in Cryptanalysis.
Book
Full-text available
Buy Link: https://www.amazon.com/FilesDen-Safe-Place-Your-Files/dp/6203925799 The project “Files Den” aims at online storage and files, it us developed as a web-based application that provides uploading and downloading of files. The application will be useful for online data backup and for easy availability of data at any location. Key Features of the application are • Online storage of files of any format. • Mails are helpful for communication and exchange of information. • Administrator module for overall management of the files and sharing information and updates among users. • Feedback is useful for getting suggestions from users for modifications if needed in the application
Book
Full-text available
Buy Link: https://www.amazon.com/Payroll-Management-System-system-efficiency/dp/6203862606 . Payroll management system explain itself that it’s an accounting package that will provide a financial solution for a particular organization or for a particular institutional body. This payroll management helps accounts to maintain all records by using predefined rules set by the organization working pattern. Its admin module has been developed in such a pattern that allows to change the working rules any time as per the business requirement. Its automatic rates and salary are fixed which saves processing time for preparing final ledger. Admin will only have to fill the database with only employee’s details and select their type of work and their post and final report will be prepared by the generation module. As codes has been developed by using the concepts of object-oriented programming so, coding reusability can easily be achieved. Even if there will be changes to made in future, it can be performed by the technical person within few seconds just by changing the working rules. All working departments within the organization will share the common file to access the particular data, so there is no chance of data redundancy and helping in maintaining data consistency. Each working section can be done by selecting only options and its graphical user interface will make the system unique as compared to other system.
Book
Full-text available
Marketing is identifying customer needs, wants and desire converting them into products and services. Sale is we already have the product or service we have to sale it. Sales is a onetime process (means just selling the product to the customer) but marketing is ongoing process. Identifying the customer needs, developing the desired product, sales and then after sales services or customer.
Book
Full-text available
Buy link: https://www.amazon.com/Applicability-Swarm-Intelligence-Mobile-Network/dp/6203574260 . The Wireless Adhoc Networks (WANETs) are decentralized network with no infrastructure and access point to control the nodes. Since the topologies in WANETs are dynamic the routing becomes the challenging task as nodes are moving with low bandwidth and traditional routing algorithm doesn’t work with WANETs. This work gives the systematic literature review of techniques and routing algorithm that exists in WANETs, also the applicability of Swarm Intelligence (SI) in MANETs. The aim of performing the survey is to gain better knowledge of Swarm Intelligence and techniques that are applied to the WANETs.
Book
Full-text available
Buy Link; https://www.amazon.com/Cops-Policing-Home-Mehtab-Alam/dp/6203863688 . Generally, many crimes seen by the public will not reach to the police due to many reasons like fear, Lack of time, Ignorance. Due to this reason many cases are not even reaching the police station. Though some cases are registered they are not investigated properly due to lack of evidences and Cooperation of the public. This software helps the public to report about the crimes to the police without any fear in correct time. This is helpful to police in solving the cases. This is also helpful for higher authorities of police to have an overview about the progress of the investigation. With ECOPS, the exchange of information with in police stations and other senior police officers in the departments is faster. It also streamlines the workflow in police department machinery. A central database permits the police units to operate more efficiently leading to speedy detection of crime and prosecution monitoring. The senior police officers of the state can access the reports, which allow them to take quick and timely decisions. Crime analysis reports will enable the senior police officers to observe the crime trends and to guide the investigating officers .
Book
Full-text available
Buy Link: https://www.amazon.com/Electronic-Ticket-Machine-Tickets-Everywhere/dp/6203863327 . The introduction of the high standard Low Floor Busses, by the, Delhi Transport Corporation in India was a great leap in the history on Indian Public Transportation. With this introduction the government is also introducing Electronic Ticket Machines on the buses. The ticket machines would end the use of the hefty bunches of ticket racks carried by the conductors. It would also end the practice of tearing out tickets and marking fare stages. Instead, the conductor would just have to key in the details about the fare stage and the ticket machine would print out the ticket. The machine weighs only 800 grams and is convenient to carry. The parameters are almost like that of a railway ticket, the only difference being that the machine is portable. The machine can print over 2,300 tickets, including the journey report in order to facilitate inspection by the corporation's checking inspectors. Each machine costs around Rs.10,000 to Rs.12,000. The DTC has budgeted over Rs.2 cores (Rs. 20,000,000) for this innovative step which would have the support of the Information Technology Department. In old days the DTC was spending Rs. 85 lakhs on printing tickets. The ticket machines would help prevent loss on account of malpractice. It would also help in providing adequate data to the corporation, particularly with regard to the boarding of passengers from fare stages and important points. This would help the corporation prepare and organize its schedules more efficiently on the basis of traffic demand. Besides, it would provide data on concessions given to various sections. Another additional feature is that the data in the ticket machine could be fed into the computer. More over the depots of the corporation would be fully computerized so we want to add some other modules in our domain for depot’s verification.
Book
Full-text available
The project entitled “Online Banking" which keeps the day by day tally record as a complete banking system. It can keep the information of bank employee, transactions, loan solution, ATM information and account information. The exciting part of this project is, it displays the employee details, payment details, loan details and transaction details. This 'Online Banking' Project is a model Internet Banking Site. This site enables the customers to perform the basic banking transactions by sitting at their office or at homes through PC or laptop. The customers can access the banks website for viewing their Account details and perform the transactions on account as per their requirements. With Internet Banking, the brick and mortar structure of the traditional banking gets converted into a click and portal model, thereby giving a concept of virtual banking a real shape. Thus today's banking is no longer confined to branches. E-banking facilitates banking transactions by customers round the clock globally. The primary aim of this software is to provide an improved design methodology, which envisages the future expansion, and modification, which is necessary for a core sector like banking. This necessitates the design to be expandable and modifiable and so a modular approach is used in developing the software. Anybody who is an Account holder in this bank can become a member of online banking. He has to fill a form with his personal details and Account Number. All transactions are carried out online by transferring from accounts in the same Bank. The software is meant to overcome the drawbacks of the manual system. The software has been developed using the most powerful and secure backend MS SQL Server 2012 and the most widely accepted web oriented as well as application oriented .Net Platform 2012 which is being deployed using MS Windows Seven.
Book
Full-text available
Buy Link: https://www.amazon.com/JUST-SHOP-Shopping-destination-Mehtab-Alam/dp/6203581240 . The project entitled “Just Shop” enables customer to buy products and accessories from the comfort of their homes through online website. This website advertises the products for shopping. To buy products, customer has to create an account with the website. Those who do not have an account, they can only view the available product. They can’t buy it. Once the customer has created account, not only he can view the products, he can also add the product to the cart and can place an order to buy those products. This application then generates bill for that particular customer. After the confirmation, the customer has to enter his credit card details to buy those products. This project is a business to consumer, e-commerce web site. Users can search among the varieties of products and choose among their favorite brands. The consumer can place orders as required and can specify the delivery address if other than the address registered earlier with the website. Online Shopping is a well-known company serving India and other countries, with a variety in all the available products. These include laptop, hard disk, clothing, books, foot wear, gaming devices, kitchen appliances and many more. This project is a B2C (business to costumer) e- commerce website, which means that online money transactions is taking place between consumer and business house.
Article
Full-text available
he Wireless Adhoc Networks (WANETs) are decentralized network with no infrastructure and access point to control the nodes. Since the topologies in WANETs are dynamic the routing becomes the challenging task as nodes are moving with low bandwidth and traditional routing algorithm doesn't work with WANETs. This paper gives the systematic literature review of techniques and routing algorithm that exists in WANETs, also the applicability of Swarm Intelligence (SI) in MANETs. The aim of performing the survey is to gain better knowledge of Swarm Intelligence and techniques that are applied to the WANETs.
Conference Paper
Full-text available
the complexity of networking has been tackled over the years by introducing more devices and tailored protocols. Software Defined Network (SDN) is an emerging network paradigm that introduces a centralized controller to the network. This controller has the ability to manipulate and program the algorithms and protocols that run over the underlying hardware. SDN has emerged to handle network complexity and management. In this work, SDN has been utilized to alleviate and eliminate the problem of ARP poisoning attack. This attack is the underlying infrastructure for many other network attacks, such as, man in the middle, denial of service and session hijacking. In this paper we propose a new algorithm to resolve the problem of ARP spoofing. The algorithm can be applied in two different scenarios. The two scenarios are based on whether a network host will be assigned a dynamic or a static IP address. We call the first scenario SDN_DYN; the second scenario is called SDN_STA. For the evaluation process, a physical SDN-enabled switch has been utilized with Ryu controller. Our results show that the new algorithm can prevent ARP spoofing and other attacks exploiting it.