Anonymous-address-resolution model

Guang-jia SONG, Zhen-zhou JI

PDF(885 KB)
PDF(885 KB)
Front. Inform. Technol. Electron. Eng ›› 2016, Vol. 17 ›› Issue (10) : 1044-1055. DOI: 10.1631/FITEE.1500382
Article
Article

Anonymous-address-resolution model

Author information +
History +

Abstract

Address-resolution protocol (ARP) is an important protocol of data link layers that aims to obtain the corresponding relationship between Internet Protocol (IP) and Media Access Control (MAC) addresses. Traditional ARPs (address-resolution and neighbor-discovery protocols) do not consider the existence of malicious nodes, which reveals destination addresses in the resolution process. Thus, these traditional protocols allow malicious nodes to easily carry out attacks, such as man-in-the-middle attack and denial-of-service attack. To overcome these weaknesses, we propose an anonymous-address-resolution (AS-AR) protocol. AS-AR does not publicize the destination address in the address-resolution process and hides the IP and MAC addresses of the source node. The malicious node cannot obtain the addresses of the destination and the node which initiates the address resolution; thus, it cannot attack. Analyses and experiments show that AS-AR has a higher security level than existing security methods, such as secure-neighbor discovery.

Keywords

Network security / Address resolution / Neighbor discovery / Anonymous

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾
Guang-jia SONG, Zhen-zhou JI. Anonymous-address-resolution model. Front. Inform. Technol. Electron. Eng, 2016, 17(10): 1044‒1055 https://doi.org/10.1631/FITEE.1500382

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]
AlSa’deh, A., Rafiee, H., Meinel, C., 2012. Stopping time condition for practical IPv6 cryptographically generated addresses. 26th IEEE Int. Conf. on Information Networking, p.257–162. http://dx.doi.org/10.1109/ICOIN.2012.6164388
[2]
Arkko, J., Kempf, J., Zill, B., , 2005. SEcure Neighbor Discovery (SEND). Internet Engineering Task Force. Available from http://tools.IETF.org/html/rfc3971.
[3]
Ataullah, M., Chauhan, N., 2012. ES-ARP: an efficient and secure address resolution protocol. IEEE Students’ Conf. on Electrical, Electronics & Computer Science, p.1–5. http://dx.doi.org/10.1109/SCEECS.2012.6184794
[4]
Barbhuiya, F.A., Biswas, S., Nandi, S., 2011. An active DES based IDS for ARP spoofing. IEEE Int. Conf. on Systems, Man & Cybernetics, p.2743–2748. http://dx.doi.org/10.1109/ICSMC.2011.6084088
[5]
Bruschi, D., Ornaghi, A., Rosti, E., 2003. S-ARP: a secure address resolution protocol. IEEE 19th Annual Computer Security Applications Conf., p.66–74. http://dx.doi.org/10.1109/CSAC.2003.1254311
[6]
Fall, K.R., Stevens, W.R., 2011. TCP/IP Illustrated, Volume I: the Protocols. Addison-Wesley, London.
[7]
Garcia-Martine, A., Bagnulo, M., 2012. An integrated approach to prevent address spoofing in IPv6 links. IEEE Commun. Lett., 16(11):1900–1902. http://dx.doi.org/10.1109/LCOMM.2012.100812.121517
[8]
Gouda, M.G., Huang, C.T., 2003. A secure address resolution protocol. Comput. Netw., 41(1):57–71. http://dx.doi.org/10.1016/S1389-1286(02)00326-2
[9]
Goyal, V., Tripathy, R., 2005. An efficient solution to the ARP cache poisoning problem. LNCS, 3574:40–51. http://dx.doi.org/10.1007/11506157_4
[10]
Hou, Y., Wang, Z., Wang, Y., , 2012. Routing attack in the ND and SEND mixed environment. 4th IEEE Int. Conf. on Multimedia Information Networking and Security, p.959–962. http://dx.doi.org/10.1109/MINES.2012.196
[11]
Issac, B., Mohammed, L.A., 2005. Secure unicast address resolution protocol (S-UARP) by extending DHCP. 13th IEEE Int. Conf. on Networks, p.1–6. http://dx.doi.org/10.1109/ICON.2005.1635503
[12]
Kumar, N., Bansal, G., Biswas, S., , 2013. Host based IDS for NDP related attacks: NS and NA spoofing. Annual IEEE India Conf., p.1–6. http://dx.doi.org/10.1109/INDCON.2013.6726054
[13]
Li, J., Wu, J., Xu, K., , 2012. A hierarchical interdomain authenticated source address validation solution. Chin. J. Comput., 35(1):85–100 (in Chinese). http://dx.doi.org/10.3724/SP.J.1016.2012.00085
[14]
Nam, S.Y., Kim, D., Kim, J., 2010. Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun. Lett., 14(2):187–189. http://dx.doi.org/10.1109/LCOMM.2010.02.092108
[15]
Narten, T., Nordmark, E., Simpson, W., , 2007. Neighbor Discovery for IP Version 6 (IPv6). Internet Engineering Task Force. Available fromhttp://tools.IETF. org/html/rfc4861.
[16]
Oh, H., Chae, K., 2007. An efficient security management in IPv6 network via MCGA. 9th Int. Conf. on Advanced Communication Technology, p.1179–1181. http://dx.doi.org/10.1109/ICACT.2007.358569
[17]
Oh, M., Kim, Y.G., Hong, S., , 2012. ASA: agent-based secure ARP cache management. IET Commun., 6(7): 685–693. http://dx.doi.org/10.1049/iet-com.2011.0566
[18]
Plummer, D.C., 1982. An Ethernet Address Resolution Protocol—or—Converting Network Protocol Addresses to 48.Bit Ethernet Address for Transmission on Ethernet Hardware. Internet Engineering Task Force. Available from http://tools.IETF.org/html/rfc826.
[19]
Rafiee, H., AlSa’deh, A., Meinel, C., 2011. WinsSEND: Windows SEcure Neighbor Discovery. 4th Int. Conf. on Security of Information and Networks, p.243–246. http://dx.doi.org/10.1145/2070425.2070469
[20]
Rehman, S.U., Manickam, S., 2015. Integrated framework to detect and mitigate denial of service (DoS) attacks on duplicate address detection process in IPv6 link local communication. Int. J. Secur. Appl., 9(11):77–86. http://dx.doi.org/10.14257/ijsia.2015.9.11.08
[21]
Stinson, D.R., 2005. Cryptography: Theory and Practice. CRC Press.
[22]
Su, G., Wang, W., Gong, X., , 2010. A quick CGA generation method. 2nd IEEE Int. Conf. on Future Computer and Communication, p.769–773. http://dx.doi.org/10.1109/ICFCC.2010.5497324
[23]
van Heuse, M., 2016. THC IPv6. Available from https://www.thc.org/thc-ipv6.
[24]
Wang, X., Yu, H., 2005. How to break MD5 and other hash functions. Int. Conf. on Theory & Applications of Cryptographic Techniques, p.19–35. http://dx.doi.org/10.1007/11426639_2
[25]
Wang, X., Lai, X., Feng, D., , 2005. Cryptanalysis of the hash functions MD4 and RIPEMD. LNCS, 3494:1–18. http://dx.doi.org/10.1007/11426639_1
[26]
Wu, J., Ren, G., Li, X., 2007. Source address validation: architecture and protocol design. IEEE Int. Conf. on Network Protocols, p.276–283. http://dx.doi.org/10.1109/ICNP.2007.4375858
[27]
Wu, J., Bi, J., Li, X., , 2008. A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience. Internet Engineering TaskForce. Available from https://datatracker.ietf.org/doc/rfc5210/?include_text=1.
[28]
Xiao, P., Bi, J., 2013. OpenFlow based intra-AS source address validation. J. Chin. Comput. Syst., 34(9):1999–2003 (in Chinese). http://dx.doi.org/10.3969/j.issn.1000-1220.2013.09.007

RIGHTS & PERMISSIONS

2016 Zhejiang University and Springer-Verlag Berlin Heidelberg
PDF(885 KB)

Accesses

Citations

Detail
Sections
Recommended

/