Security Solution for ARP Cache Poisoning Attacks in Large Data Centre Networks

Prabadevi, B.; Jeyanthi, N.

doi:10.1515/cait-2017-0042

Abstract

The bridge protocol (Address Resolution Protocol) ARP, integrating Ethernet (Layer 2) and IP protocol (Layer 3) plays a vital role in TCP/IP communication since ARP packet is the first packet generated during any TCP/IP communications and they are the first traffic from the host. In the large data center, as the size of the broadcast domain (i.e., number of hosts on the network) increases consequently the broadcast traffic from the communication protocols like ARP also increases. This paper addresses the problem faced by Layer 2 protocols like insecured communication, scalability issues and VM migration issues. The proposed system addresses these issues by introducing two new types of messaging with traditional ARP and also combat the ARP Cache poisoning attacks like host impersonation, MITM, Distributed DoS by making ARP stateful. The components of the proposed methodology first start the process by decoding the packets, updates the invalid entry made by the user with Timestamp feature and messages being introduced. The system has been implemented and compared with various existing solutions.

References

1. Laney, D. 3D Data Management: Controlling Data Volume, Velocity and Variety. - Gartner. Issued: 6 February 2001, accessed December 2015. http://blogs.gartner.com/doug-laney/files/2012/01/ad949-3D-Data-Management-Controlling-Data-Volume-Velocity-and-Variety.pdf
Search in Google Scholar Back to article
2. Damiani, E., C. A. Ardagn, F. Zavatarelli, E. Rekleitis, L. Marino s. Big Data Threat Landscape and Good Practice Guide. European Union Agency for Network and Information Security (ENISA), January 2016.
Search in Google Scholar Back to article
3. Jeyanthi, N., N. S. N. Iyengar, C. S. N. Iyenga r. Escape-on-Sight: An Efficient and Scalable Mechanism for Escaping DDo S Attacks in Cloud Computing Environment. - Cybernetics and Information Technologies, Vol. 13, 2013, No 1, pp. 46-60.10.2478/cait-2013-0005
Search in Google Scholar Back to article
4. Thandeeswaran, R., S. Subhashini, N. Jeyanthi, M. A. S. Durai. Secured Multi-Cloud Virtual Infrastructure with Improved Performance. - Cybernetics and Information Technologies, Vol. 12, 2012, No 2, pp. 11-22.10.2478/cait-2012-0009
Open DOI Search in Google Scholar Back to article
5. Narten, T., M. Karir, I. Foo. Address Resolution Problems in Large Data Center Networks.No RFC 6820, 2013. 10.17487/rfc6820
Search in Google Scholar Back to article
6. Prabadevi, B., N. Jeyanthi. A Framework to Mitigate ARP Sniffing Attacks by Cache Poisoning. - International Journal of Advanced Intelligence Paradigms, 2016 (in Press).
Search in Google Scholar Back to article
7. Jeyanthi, N., M. P. C. Kumar. A Virtual Firewall Mechanism Using Army Nodes to Protect Cloud Infrastructure from DDo S Attacks. - Cybernetics and Information Technologies, Vol. 14, 2014, No 3, pp. 71-85.10.2478/cait-2014-0034
Open DOI Search in Google Scholar Back to article
8. Jeyanthi, N., R. Thandeeswaran, J. Vinithra. RQA Based Approach to Detect and Prevent DDo S Attacks in Vo IP Networks. - Cybernetics and Information Technologies, Vol. 14, 2014, No 1, pp. 11-24.10.2478/cait-2014-0002
Search in Google Scholar Back to article
9. Dineen, T. Broadcast Storm Mitigation on Ethernet Networks. - Industrial Commuication, Schneider Electric Industries SAS. White paper. http://tinyurl.com/jq9l3n6.
Search in Google Scholar Back to article
10. Greenberg, A., J. R. Hamilton, N. Jain, S. Kandula, C. Kim, P. Lahiri, D. A. Maltz, P. Patel, S. Sengupta. VL2: A Scalable and Flexible Data Center Network. - ACM SIGCOMM Computer Communication Review, Vol. 39, 2009, No 4.10.1145/1594977.1592576
Search in Google Scholar Back to article
11. Greenberg, A., P. Lahiri, D. A. Maltz, P. Patel, S. Sengupta. Towardsa Next Generation Data Center Architecture: Scalability and Commoditization. - In: Proc. of ACM Workshop on Programmable Routers for Extensible Services of Tomorrow, ACM, 2008, pp. 57-62.
Search in Google Scholar Back to article
12. Mysore, N., R. A. Pamboris, N. Farrington, N. Huang, P. Miri, S. Radhakrishnan, V. Subramanya, A. Vahdat. Portland: A Scalable Fault- Tolerant Layer 2 Data Center Network Fabric. - ACM, SIGCOMM Computer Communication Review, Vol. 39, 2009, No 4, pp. 39-50.10.1145/1594977.1592575
Search in Google Scholar Back to article
13. Joe, T., R. Perlma n. Transparent Interconnection of Lots of Links (TRILL): Problem and Applicability Statement. No RFC 5556, 2009.
Search in Google Scholar Back to article
14. Kim, M. C. C., J. Rexfor d. Floodless in SEATTLE: A Scalable Ethernet Architecture for Large Enterprises. - In: Proc. of ACM SIGCOMM Conference on Data communication (SIGCOMM’08), 2008.
Search in Google Scholar Back to article
15. Umar, K., M. K. Gardner, E. J. Brown, W.-C. Feng. Seamless Migration of Virtual Machines Across Networks. - In: 22nd International Conference on Computer Communication and Networks (ICCCN’13), IEEE, 2013, pp. 1-7.
Search in Google Scholar Back to article
16. Mauricio, A., M. Portolan i. Data-Center Network Architecture. U.S. Patent 7,643,468, Issued 5 January 2010.
Search in Google Scholar Back to article
17. Prabadevi, B., N. Jeyanthi. A Mitigation System for ARP Cache Poisoning Attacks. - In: ICC-ACM 2nd International Conference on Internet of Things Data, and Cloud Computing, Churchill, 2017 (Accepted).10.1145/3018896.3018915
Search in Google Scholar Back to article
18. Khandelwal, A., N. Jain, S. Kamara. Attacking Data Center Networks from the Inside. EECS. https://people.eecs.berkeley.edu/~anuragk/papers/dcn.pdf
Search in Google Scholar Back to article
19. Ma, H., H. Ding, Y. Yang, Z. Mi, J. Y. Yang, Z. Xiong. Bayes-Based ARP Attack Detection Algorithm for Cloud Centers. - Tsinghua Science and Technology, Vol. 21, 2016, No 1, pp. 17-28.10.1109/TST.2016.7399280
Search in Google Scholar Back to article
20. Lootah, W., W. Enck, P. Mc Daniel. Tarp: Ticket-Based Address Resolution Protocol. - Computer Networks, Vol. 51, 2007, No 15, pp. 4322-4337.10.1016/j.comnet.2007.05.007
Search in Google Scholar Back to article
21. Dessouky, M. M., W., Elkilany, N. Alfishaw y. A Hardware Approach for Detecting the ARP Attack, in Informatics and Systems (INFOS). - In: Proc. of 7th International Conference on Informatics and Systems, Cairo, Egypt, 2010, pp. 1-8.10.21608/mjeer.2010.66506
Search in Google Scholar Back to article
22. Bruschi, D., A. Ornaghi, E. Rosti. S-Arp: A Secure Address Resolution Protocol. - In: Proc. of 19th Annual, Computer Security Applications Conference, 2003, pp. 66-74.
Search in Google Scholar Back to article
23. Nam, S. Y., D. Kim, J. Kim. Enhanced Arp: Preventing Arp Poisoning-Based Man-in-the- Middle Attacks. - Communications Letters, IEEE, Vol. 14, 2010, No 2, pp. 187-189.10.1109/LCOMM.2010.02.092108
Open DOI Search in Google Scholar Back to article
24. Kumar, S., S. Tapasw i. A Centralized Detection and Prevention Technique Against Arp Poisoning. - In: International Conference on Cyber Security, Cyber Warfare and Digital Forensic (Cyber Sec’12), Kuala Lumpur, Malaysia, 2012, pp. 259-264.10.1109/CyberSec.2012.6246087
Search in Google Scholar Back to article
25. Neminath, H., S. Biswas, S. Roopa, R. Ratti, S. Nandi, F. Barbhuiya, A. Sur, V. Ramachandran. A DES Approach to Intrusion Detection System for Arp Spoofing Attacks. - In: 18th Mediterranean Conference on Control & Automation (MED’10), Marrakech, Morocco, 2010, pp. 695-700.10.1109/MED.2010.5547790
Search in Google Scholar Back to article
26. Barbhuiya, F., S. Biswas, N. Hubballi, S. Nandi. A Host Based DES Approach for Detecting Arp Spoofing, Computational Intelligence in Cyber Security (CICS). - In: IEEE Symposium on, Paris, France, 2011, pp. 114-121.10.1109/CICYBS.2011.5949401
Search in Google Scholar Back to article
27. Al-Hemairy, M., S. Amin, Z. Trabelsi. Towards More Sophisticated ARP Spoofing Detection/Prevention Systems in LAN Networks. - In: Proc. of 2009 International Conference on the Current Trends in Information Technology (CTIT’09), 2009.10.1109/CTIT.2009.5423112
Search in Google Scholar Back to article
28. Dangol, S., S. Selvakumar, M. Brindh a. Genuine ARP (GARP). - ACM SIGSOFT Softw. Eng. Notes, Vol. 36, 2011, No 4, p. 1.10.1145/1988997.1989013
Search in Google Scholar Back to article