Abstract
The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device's media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (ndpsec) by extension of our previous work. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.
| Original language | English (US) |
|---|---|
| Article number | 7904631 |
| Pages (from-to) | 2131-2143 |
| Number of pages | 13 |
| Journal | IEEE Transactions on Information Forensics and Security |
| Volume | 12 |
| Issue number | 9 |
| DOIs | |
| State | Published - Sep 2017 |
Fingerprint
All Science Journal Classification (ASJC) codes
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications
Cite this
}
Securing ARP/NDP from the Ground Up. / Tian, Dave Jing; Butler, Kevin R.B.; Choi, Joseph I.; McDaniel, Patrick; Krishnaswamy, Padma.
In: IEEE Transactions on Information Forensics and Security, Vol. 12, No. 9, 7904631, 09.2017, p. 2131-2143.Research output: Contribution to journal › Article
TY - JOUR
T1 - Securing ARP/NDP from the Ground Up
AU - Tian, Dave Jing
AU - Butler, Kevin R.B.
AU - Choi, Joseph I.
AU - McDaniel, Patrick
AU - Krishnaswamy, Padma
PY - 2017/9
Y1 - 2017/9
N2 - The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device's media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (ndpsec) by extension of our previous work. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.
AB - The basis for all IPv4 network communication is the address resolution protocol (ARP), which maps an IP address to a device's media access control identifier. ARP has long been recognized as vulnerable to spoofing and other attacks, and past proposals to secure the protocol have often involved in modifying the basic protocol. Similarly, neighbor discovery protocol (NDP) is the basis for all IPv6 network communication, yet suffers from the same vulnerabilities as ARP. This paper introduces arpsec, a secure ARP/RARP protocol suite which a) does not require protocol modification, b) enables continual verification of the identity of the target (respondent) machine by introducing an address binding repository derived using a formal logic that bases additions to a host's ARP cache on a set of operational rules and properties, c) utilizes the trusted platform module (TPM), a commodity component now present in the vast majority of modern computers, to augment the logic-prover-derived assurance when needed, with TPM-facilitated attestations of system state achieved at viably low-processing cost, and d) supports IPv6 NDP (ndpsec) by extension of our previous work. Using commodity TPMs as our attestation base, we show that arpsec incurs an overhead ranging from 7% to 15.4% over the standard Linux ARP implementation, a comparable overhead against the standard Linux NDP implementation, and provides a first step towards a formally secure and trustworthy networking stack for both IPv4 and IPv6.
UR - http://www.scopus.com/inward/record.url?scp=85028825115&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85028825115&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2017.2695983
DO - 10.1109/TIFS.2017.2695983
M3 - Article
AN - SCOPUS:85028825115
VL - 12
SP - 2131
EP - 2143
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
SN - 1556-6013
IS - 9
M1 - 7904631
ER -