Read Paper (in PDF)
Wesam Lootah
Systems and Internet Infrastructure Security (SIIS) Lab, Department of Computer Science and Engineering, Penn State University
USA
William Enck
Systems and Internet Infrastructure Security (SIIS) Lab, Department of Computer Science and Engineering, Penn State University
USA
Patrick McDaniel
Systems and Internet Infrastructure Security (SIIS) Lab, Department of Computer Science and Engineering, Penn State University
USA
IP networks fundamentally rely on the Address Resolution Protocol (ARP)
for proper operation. Unfortunately, vulnerabilities in the ARP
protocol enable a raft of IP-based impersonation, man-in-the-middle, or
DoS attacks. Proposed countermeasures have yet to simultaneously
address backward compatibility and cost requirements. This paper
introduces the {\it Ticket-Based Address Resolution Protocol} (TARP).
TARP implements security by distributing centrally issued secure MAC/IP
address mapping attestations through existing ARP messages. We detail
the TARP protocol and its implementation within the Linux operating
system. Our experimental analysis shows that TARP improves the costs of
implementing ARP security by as much as two orders of magnitude over
existing protocols. We conclude by exploring a range of operational
issues associated with deploying and administering ARP security.
Keywords: ARP, network security, protocol security