Skip to main content
SpringerLink
Log in

Securing ARP and DHCP for mitigating link layer attacks

  • Published:
Sādhanā Aims and scope Submit manuscript

Abstract

Network security has become a concern with the rapid growth and expansion of the Internet. While there are several ways to provide security for communications at the application, transport, or network layers, the data link layer security has not yet been adequately addressed. Dynamic Host Configuration Protocol (DHCP) and Address Resolution Protocol (ARP) are link layer protocols that are essential for network operation. They were designed without any security features. Therefore, they are vulnerable to a number of attacks such as the rogue DHCP server, DHCP starvation, host impersonation, man-in-the-middle, and denial of service attacks. Vulnerabilities in ARP and DHCP threaten the operation of any network. The existing solutions to secure ARP and DHCP could not mitigate DHCP starvation and host impersonation attacks. This work introduces a new solution to secure ARP and DHCP for preventing and mitigating these LAN attacks. The proposed solution provides integrity and authenticity for ARP and DHCP messages. Security properties and performance of the proposed schemes are investigated and compared to other related schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13

Similar content being viewed by others

References

  1. Altunbasak H C 2006 Layer 2 security inter-layering in networks. Thesis dissertation, Georgia Institute of Technology

  2. Droms R 1997 Dynamic host configuration protocol, RFC 2131

  3. Plummer D C 1982 An Ethernet address resolution protocol or converting network protocol addresses to 48 bit Ethernet address for transmission on Ethernet hardware, RFC 826

  4. Singh J, Kaur G and Malhotra J A 2015 Comprehensive survey of current trends and challenges to mitigate ARP attacks. In: International Conference on Electrical, Electronics, Signals, Communication and Optimization (EESCO), Visakhapatnam

  5. Yu Yao and Yao Y 2010 A switch-based ARP attack containment strategy. In: Second International Conference on Communication Systems, Networks and Applications (ICCSNA)

  6. Dessouky M M, Elkilany W and Alfishawy N 2010 A hardware approach for detecting the ARP attack. In: 7th International Conference on Informatics and Systems (INFOS)

  7. L. N. R. Group, arpwatch, the Ethernet monitor program; for keeping track of ethernet/ip address pairings, Last accessed September 17, 2016

  8. ARP-Guard, http://www.arp-guard.com, Accessed October 2016

  9. Puangpropitag S and Masusai N 2009 An efficient and feasible solution to ARP Spoof problem. In: 6th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, vol. 02, pp. 910–913

  10. Bhirud D S G and Katkar V 2011 Light weight approach for IP-ARP spoofing. In: The Second Asian Himalayas International Conference on Internet (AH-ICI), pp. 1–5

  11. Hou X, Jiang Z and Tian X 2010 The detection and prevention for ARP spoofing based on Snort. In: The International Conference on Computer Application and System Modeling (ICCASM), pp. 137–139

  12. Ortega A P, Marcos X E, Chiang L D and Abad C L 2009 Preventing ARP cache poisoning attacks: A proof of concept using OpenWrt. In: Latin American Network Operations and Management Symposium (LANOMS), pp. 1–9

  13. Qian A Z 2000 The automatic prevention and control research of ARP deception and implementation. In: World Congress on Computer Science and Information Engineering, pp. 555–558

  14. Boughrara A and Mammar S 2012 Implementation of a SNORT’s Output Plug-In in reaction to ARP Spoofing’s attack. In: 6th International Conference on Sciences of Electronics, Technologies of Information and Telecommunications (SETIT), pp. 643–647

  15. Md. Ataullah and N Chauhan 2012 ES-ARP: an efficient and secure address resolution protocol. In: Conference on Electrical, Electronics and Computer Science (SCEECS), Bhopal, pp. 1–5

  16. Cisco Systems, Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25) EW. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html. Accessed October 2016

  17. Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Configuring DHCP Snooping. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.pdf. Accessed September 2016

  18. Catalyst 6500 Release 12.2SX Software Configuration Guide, Dynamic ARP Inspection, http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/dynarp.html. Accessed September 2016

  19. Gouda M and Huang C 2003 A secure address resolution protocol. Comput. Netw. 41: 860–921

    Article  MATH  Google Scholar 

  20. Bruschi D, Ornaghi A and Rosti E 2003 S-ARP: a secure address resolution protocol. In: Proceedings of 19th Annual Computer Security Applications Conference, pp. 66–74

  21. Jerschow Y I, Lochert C, Scheuermann B and Mauve M 2008 CLL: a cryptographic link layer for local area networks, security and cryptography for networks. In: Lecture Notes in Computer Science, vol. 5229, pp. 21–38

  22. Lootah W, Enck W and McDaniel P 2007 TARP: ticket-based address resolution protocol. Comput. Netw. 51: 4322–4337

    Article  Google Scholar 

  23. Droms R and Arbaugh W 2001 Authentication for DHCP messages, RFC 3118

  24. Stevens M M J 2007 On collisions for MD5. Master Thesis, Eindhoven University of Technology

  25. Xu Y, Manning S and Wong M 2011 An authentication method based on certificate for DHCP. DHC Internet Draft

  26. Glazer G, Hussey C and Shea R 2003 Certificate-based authentication for DHCP. http://www.cs.ucla.edu/~chussey/proj/dhcp_cert/cbda.pdf. Accessed 20 Oct 2016

  27. Duangphasuk S, Kungpisdan S and Hankla S 2011 Design and implementation of improved security protocols for DHCP using digital certificates. 2011 In: ICON, Singapore

  28. De Graaf K, Liddy J, Raison P, Scano J C and Wadhwa S 2011 Dynamic Host Configuration Protocol (DHCP) authentication using challenge handshake authentication protocol (CHAP) challenge. United States Patent Application Publication

  29. K Hornstein, T Lemon, B Adoba and J Trostle 2001 DHCP Authentication Via Kerberos V. In: IETF DHC Working Group

  30. Ricciardi F 2007 Kerberos Protocol Tutorial. National Institute of Nuclear Physics Computing and Network Services, LECCE, Italy

  31. Dinu D D and Togan M 2014 DHCP server authentication using digital certificates. In: The 10th International Conference on COMMUNICATIONS (COMM2014), Bucharest, May

  32. Dinu D D and Togan M 2015 DHCPAuth—a DHCP message authentication module. In: 2015 IEEE 10th Jubilee International Symposium on Applied Computational Intelligence and Informatics, Timisoara, pp. 405–410

  33. Kent S and Seo K 2005 Security architecture for the internet protocol. RFC 4301

  34. Dierks T and Rescorla E 2006 The Transport Layer Security (TLS) Protocol Version RFC 4346

  35. Song D 2016 dsniff: a collection of tools for network auditing and penetration testing. http://www.monkey.org/dugsong/dsniff. Accessed November 2016

  36. Ellison C and Schneier B 2000 Top 10 PKI risks. Comput. Secur. J. 16(1): 1–7

    Google Scholar 

  37. Jonczy J, Wuthrich M and Haenni R 2006 A probabilistic trust model for GnuPG. In: 23rd Chaos Communication Congress, Berlin

  38. Simpson W 1996 PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994

  39. Aboba B, Blunk L, Vollbrecht J, Carlson J and Levkowetz H 2004 Extensible Authentication Protocol (EAP), RFC 3748

  40. Agrawal M and Mishra P 2012 A comparative survey on symmetric key encryption techniques. Int. J. Comput. Sci. Eng. 4: 877–882

    Google Scholar 

  41. Mahajan P and Sachdeva A 2015 A study of encryption algorithms AES, DES, and RSA for security. Glob. J. Comput. Sci. Technol. 13(15): 12–21

Download references

Author information

Authors and Affiliations

  1. Faculty of Computers and Information Technology, University of Tabuk, Tabuk, Saudi Arabia

    Osama S Younes

  2. Faculty of Computers and Information, Menoufia University, Menoufia, Egypt

    Osama S Younes

Authors
  1. Osama S Younes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Osama S Younes.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Younes, O.S. Securing ARP and DHCP for mitigating link layer attacks. Sādhanā 42, 2041–2053 (2017). https://doi.org/10.1007/s12046-017-0749-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12046-017-0749-y

Keywords

Search

Navigation