Securing ARP/NDP from the Ground Up

Dave Jing Tian; Kevin R.B. Butler; Joseph I. Choi; Patrick McDaniel; Padma Krishnaswamy

doi:10.1109/TIFS.2017.2695983

Securing ARP/NDP from the Ground Up

Dave Jing Tian, Kevin R.B. Butler, Joseph I. Choi, Patrick McDaniel, Padma Krishnaswamy

Research output: Contribution to journal › Article › peer-review

10 Scopus citations

Abstract

The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device's media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (ndpsec) by extension of our previous work. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.

Original language	English (US)
Article number	7904631
Pages (from-to)	2131-2143
Number of pages	13
Journal	IEEE Transactions on Information Forensics and Security
Volume	12
Issue number	9
DOIs	https://doi.org/10.1109/TIFS.2017.2695983
State	Published - Sep 2017

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Computer Networks and Communications

Access to Document

10.1109/TIFS.2017.2695983

Cite this

@article{e7308e8950d341c398823b83933d6ef4,

title = "Securing ARP/NDP from the Ground Up",

abstract = "The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device's media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (ndpsec) by extension of our previous work. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.",

author = "Tian, {Dave Jing} and Butler, {Kevin R.B.} and Choi, {Joseph I.} and Patrick McDaniel and Padma Krishnaswamy",

note = "Funding Information: Manuscript received October 29, 2016; revised February 28, 2017; accepted April 3, 2017. Date of publication April 19, 2017; date of current version June 20, 2017. This work was supported by the U.S. National Science Foundation under Grant CNS-1540217. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Qian Wang. (Corresponding author: Kevin R. B. Butler.) D. Tian, K. R. B. Butler, and J. I. Choi are with the Department of Computer Science and Engineering, University of Florida, Gainesville, FL 32601 USA (e-mail: daveti@ufl.edu; butler@ufl.edu; choijoseph007@ufl.edu). Publisher Copyright: {\textcopyright} 2005-2012 IEEE.",

year = "2017",

month = sep,

doi = "10.1109/TIFS.2017.2695983",

language = "English (US)",

volume = "12",

pages = "2131--2143",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "9",

}

TY - JOUR

T1 - Securing ARP/NDP from the Ground Up

AU - Tian, Dave Jing

AU - Butler, Kevin R.B.

AU - Choi, Joseph I.

AU - McDaniel, Patrick

AU - Krishnaswamy, Padma

N1 - Funding Information: Manuscript received October 29, 2016; revised February 28, 2017; accepted April 3, 2017. Date of publication April 19, 2017; date of current version June 20, 2017. This work was supported by the U.S. National Science Foundation under Grant CNS-1540217. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Qian Wang. (Corresponding author: Kevin R. B. Butler.) D. Tian, K. R. B. Butler, and J. I. Choi are with the Department of Computer Science and Engineering, University of Florida, Gainesville, FL 32601 USA (e-mail: daveti@ufl.edu; butler@ufl.edu; choijoseph007@ufl.edu). Publisher Copyright: © 2005-2012 IEEE.

PY - 2017/9

Y1 - 2017/9

N2 - The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device's media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (ndpsec) by extension of our previous work. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.

AB - The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device's media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (ndpsec) by extension of our previous work. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.

UR - http://www.scopus.com/inward/record.url?scp=85028825115&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85028825115&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2017.2695983

DO - 10.1109/TIFS.2017.2695983

M3 - Article

AN - SCOPUS:85028825115

VL - 12

SP - 2131

EP - 2143

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 9

M1 - 7904631

ER -

Securing ARP/NDP from the Ground Up

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this