Securing ARP from the ground up

Jing Dave Tian; Kevin R.B. Butler; Patrick Drew McDaniel; Padma Krishnaswamy

doi:10.1145/2699026.2699123

Securing ARP from the ground up

Jing Dave Tian, Kevin R.B. Butler, Patrick Drew McDaniel, Padma Krishnaswamy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device's Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved modifying the basic protocol. This paper introduces arpsec, a secure ARP/RARP pro- tocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the tar- get (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and prop- erties, c) utilizes the TPM, a commodity component now present in the vast majority of modern computers, to aug- ment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at vi- ably low processing cost. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15:4% over the standard Linux ARP implementation and provides a first step towards a formally secure and trustworthy networking stack.

Original language	English (US)
Title of host publication	CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery, Inc
Pages	305-312
Number of pages	8
ISBN (Electronic)	9781450331913
DOIs	https://doi.org/10.1145/2699026.2699123
State	Published - Mar 2 2015
Event	5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 - San Antonio, United States Duration: Mar 2 2015 → Mar 4 2015

Publication series

Name	CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Other

Other	5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
Country	United States
City	San Antonio
Period	3/2/15 → 3/4/15

Fingerprint

Network protocols

Formal logic

Medium access control

Telecommunication networks

Processing

Costs

All Science Journal Classification (ASJC) codes

Information Systems
Software
Computer Science Applications

Cite this

Tian, J. D., Butler, K. R. B., McDaniel, P. D., & Krishnaswamy, P. (2015). Securing ARP from the ground up. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 305-312). (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery, Inc. https://doi.org/10.1145/2699026.2699123

Tian, Jing Dave ; Butler, Kevin R.B. ; McDaniel, Patrick Drew ; Krishnaswamy, Padma. / Securing ARP from the ground up. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. pp. 305-312 (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy).

@inproceedings{d2f1bbaccecd47fb97e46df33ad79b69,

title = "Securing ARP from the ground up",

abstract = "The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device's Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved modifying the basic protocol. This paper introduces arpsec, a secure ARP/RARP pro- tocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the tar- get (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and prop- erties, c) utilizes the TPM, a commodity component now present in the vast majority of modern computers, to aug- ment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at vi- ably low processing cost. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7{\%} to 15:4{\%} over the standard Linux ARP implementation and provides a first step towards a formally secure and trustworthy networking stack.",

author = "Tian, {Jing Dave} and Butler, {Kevin R.B.} and McDaniel, {Patrick Drew} and Padma Krishnaswamy",

year = "2015",

month = "3",

day = "2",

doi = "10.1145/2699026.2699123",

language = "English (US)",

series = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery, Inc",

pages = "305--312",

booktitle = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",

}

Tian, JD, Butler, KRB, McDaniel, PD & Krishnaswamy, P 2015, Securing ARP from the ground up. in CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery, Inc, pp. 305-312, 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, San Antonio, United States, 3/2/15. https://doi.org/10.1145/2699026.2699123

Securing ARP from the ground up. / Tian, Jing Dave; Butler, Kevin R.B.; McDaniel, Patrick Drew; Krishnaswamy, Padma.

CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. p. 305-312 (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Securing ARP from the ground up

AU - Tian, Jing Dave

AU - Butler, Kevin R.B.

AU - McDaniel, Patrick Drew

AU - Krishnaswamy, Padma

PY - 2015/3/2

Y1 - 2015/3/2

N2 - The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device's Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved modifying the basic protocol. This paper introduces arpsec, a secure ARP/RARP pro- tocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the tar- get (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and prop- erties, c) utilizes the TPM, a commodity component now present in the vast majority of modern computers, to aug- ment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at vi- ably low processing cost. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15:4% over the standard Linux ARP implementation and provides a first step towards a formally secure and trustworthy networking stack.

AB - The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device's Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved modifying the basic protocol. This paper introduces arpsec, a secure ARP/RARP pro- tocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the tar- get (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and prop- erties, c) utilizes the TPM, a commodity component now present in the vast majority of modern computers, to aug- ment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at vi- ably low processing cost. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15:4% over the standard Linux ARP implementation and provides a first step towards a formally secure and trustworthy networking stack.

UR - http://www.scopus.com/inward/record.url?scp=84928164622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84928164622&partnerID=8YFLogxK

U2 - 10.1145/2699026.2699123

DO - 10.1145/2699026.2699123

M3 - Conference contribution

T3 - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

SP - 305

EP - 312

BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

ER -

Tian JD, Butler KRB, McDaniel PD, Krishnaswamy P. Securing ARP from the ground up. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2015. p. 305-312. (CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy). https://doi.org/10.1145/2699026.2699123

Access to Document

10.1145/2699026.2699123