A Precise Model to Secure Systems on Ethernet Against Man-In-The-Middle Attack

摘要

Internet protocol (IP) is a part of the Transmission Control Protocol (TCP)/IP suite that operates below the network layer of the Open Systems Interconnection (OSI) reference model and is employed as an interface between the network and data link layer. The address resolution protocol (ARP) is a protocol used by IP for mapping an IP address to the corresponding media access control address that is a hardware address harnessed to identify the source and destination of each frame sent on the Ethernet. The man-in-the-middle (MITM) attack is a kind of the Ethernet attack that can be carried out depending on ARP cache-memory poisoning to intercept communications between two systems on Ethernet, and it could, without difficulty, be applied when the attacker is in control of a router along normal point of traffic. To secure systems on Ethernet as well as to prevent ARP cache-memory poisoning, it is necessary to have a good prevention model of MITM attacks. In this article, using the client/server-based intrusion detection system (CSIDS), a precise model to prevent ARP poisoning attacks is proposed and implemented. Our analysis is adequately characterized by implementing a real-time analysis for the received ARP packets, and in the case of detection of a suspicious ARP packet, a resolution message will be exchanged between system parts on the same network. To evaluate the ability of detection and prevention of CSIDS, we design and implement a novel protocol. At the same time, we compare the performance between CSIDS with the standard operations of ARP. Our experimental results reveal that our methodology completely protects hosts against cache poisoning attacks. We further show the effectiveness of our technique in identifying the abnormal ARP packets.