TY - GEN
T1 - Securing ARP from the ground up
AU - Tian, Jing Dave
AU - Butler, Kevin R.B.
AU - McDaniel, Patrick D.
AU - Krishnaswamy, Padma
N1 - Publisher Copyright:
Copyright © 2015 ACM.
PY - 2015/3/2
Y1 - 2015/3/2
N2 - The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device's Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved modifying the basic protocol. This paper introduces arpsec, a secure ARP/RARP pro- tocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the tar- get (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and prop- erties, c) utilizes the TPM, a commodity component now present in the vast majority of modern computers, to aug- ment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at vi- ably low processing cost. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15:4% over the standard Linux ARP implementation and provides a first step towards a formally secure and trustworthy networking stack.
AB - The basis for all IPv4 network communication is the Address Resolution Protocol (ARP), which maps an IP address to a device's Media Access Control (MAC) identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved modifying the basic protocol. This paper introduces arpsec, a secure ARP/RARP pro- tocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the tar- get (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and prop- erties, c) utilizes the TPM, a commodity component now present in the vast majority of modern computers, to aug- ment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at vi- ably low processing cost. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15:4% over the standard Linux ARP implementation and provides a first step towards a formally secure and trustworthy networking stack.
UR - http://www.scopus.com/inward/record.url?scp=84928164622&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84928164622&partnerID=8YFLogxK
U2 - 10.1145/2699026.2699123
DO - 10.1145/2699026.2699123
M3 - Conference contribution
AN - SCOPUS:84928164622
T3 - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
SP - 305
EP - 312
BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery
T2 - 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
Y2 - 2 March 2015 through 4 March 2015
ER -