Review of Security Research on Address Resolution Protocols

Song Guangjia, Ji Zhenzhou
2015 International Journal of Security and Its Applications  
Address resolution protocols (ARPs includes ARP, NDP, SEND, etc.) play an important role in network communication; the security of the ARPs is the premise and guarantee of network security. ARPs consists of three phases: acquisition of the mapping of the target address; duplicate address detection; data structure maintenance. In this paper, we analyze the existing ARPs according to these three phases, analyze security threats and the corresponding attack methods; classify and describe the
more » ... describe the existing studies on ARPs security. Our analysis shows that the main factors that restrict the development of ARPs are the contradiction between efficiency and cost and the lack of theoretical support in protocol design. Finally, the development of ARPs is prospected. At the onset, security research focused on ARP security; however, with the promotion and deployment of IPv6, research was directed to the study of NDP, focusing mainly on attack behavior detection, cache inspection and protection, and encrypted communications and protocol improvement. In practical application, switches can use IP-MAC binding to prevent ARP spoofing, but this method needs manual maintenance, which is unsuitable for widerange, dynamic networks. The VLAN division can be adopted to divide large a LAN into several small LANs logically, reduce broadcast range, and limit the damage of an ARP attack; however, it changed the logical structure of the network. Given that algorithm p can determine the legitimacy of each mapping w = , an arbitrary w = is selected as input. If the output of algorithm p is false, then w is illegal; if the output is true, then w is legal. The following are performed. First, host Z is randomly selected in the network. The IP address of host Z should not be in conflict with other nodes. Then, its mapping is recorded as w′ = , w′ is the input for algorithm p, and the output is observed. If the output is F, then this output is clearly false because w′ is a mapping owned by a real host. If the output of the algorithm p is T, then host Z is completely discarded. Then, mapping w′ no longer exists in the network (because the MAC address is unrepeatable), that is, w′ is illegal. Given that p is an algorithm, only a fixed result can be an output for a fixed input w; the output can be inconsistent with a fact at any time. Thus, the algorithm p that can determine whether an arbitrary w is legal does not exist. This conclusion shows that any system that attempts to determine address mapping is imperfect. Conversely, if the address resolution is a decidable problem, the ARP is not needed. The host only needs to decide on all the possible ws one by one to find the MAC address of the target host. Application of Game Theory and Mechanism Design: Game theory has been widely applied to network security. Such applications include optimal defense of firewall and IDS, security assessments, information security technology, network attack prediction, optimal active defense, and intrusion response [42] [43] [44] [45] . By constructing a game model, according to the offensive and defensive strategies of both sides, we can determine the utility matrix to quantify the utility of both offensive and defensive strategies. After which, we can determine the Nash equilibrium and then improve the system based on the optimal strategy. Mechanism design theory focuses on how to design the rules of the game to achieve the purpose of the designer, which is to maximize the utility of the designer or as fair as possible for each participant. The definitions of incentive compatibility and participation constraint in network attacks are as follows: (Incentive Compatibility, IC): For the attacker, the expected utility of not attacking (normal participation) is higher than attacking. (Participation Constraint, IR): For the attacker, the expected utility of attacking is higher than the maximum expected utility of not attacking (reservation utility).
doi:10.14257/ijsia.2015.9.12.35 fatcat:5ct25tsv5fbq7duxmnvsqjevdm