Roney Philip
CS298 Report SJSU
20
Issac, B. et al [2] proposes ‘Secure Unicast ARP by extending DHCP’ to
prevent ARP cache poisoning. In this solution, when Host A wants to
communicate with Host B, it first sends a secure unicast ARP request packet to a
DHCP+ server. A Secure Unicast ARP (S-UARP) request packet is a unicast
ARP request packet sent to a DHCP+ server. The DHCP+ server is an enhanced
DHCP server that understands Secure Unicast ARP packet formats. The DHCP+
server has information about the IP and MAC address mapping of all the hosts to
which it has leased an IP address. Hence it responds with the MAC address
mapped to the requested IP address in an encrypted format. It is a trusted party
and the messages are encrypted before transmission, with a secret key that has
been distributed to the client and the server by a Certification Authority. This
makes sure that Host A will not get an ARP packet, which could cause poisoning.
The drawback of this solution is that it requires modification to the ARP protocol,
which means that all the Hosts in a LAN that want to prevent ARP Cache
poisoning would have to modify their kernels to reflect the modified ARP protocol.
It would also require a DHCP+ server, which would understand the secure
unicast ARP packet and respond to it. Another modification that would be
required is to the DHCP relay agent, as it has to be able to identify an S-UARP
packet and forward it to the DHCP+ server.
Brushi et al [9] has proposed a Secure ARP (S-ARP), which uses
asymmetric key cryptography to authenticate the hosts in a LAN. A Certification
Authority assigns a private/public key pair to every host in the LAN. Each ARP
packet sent from a host is signed with the host’s private key. The receiving host
verifies the signature of the ARP packet using the sending host’s public key. To
include the signature of the sending host in the ARP packet, an additional header
is inserted at the end of the standard ARP protocol header. The solution in [9]
also requires modification to the ARP protocol as the sender needs to sign each
ARP message with his private key and the receiving host needs to verify the
signature with the sender’s public key. The author mentions in [9] that to get the
entire LAN completely secure, all the hosts should be S-ARP enabled. S-ARP
also introduces additional overhead and time for signature and verification by the