Full Text:   <2386>

Summary:  <1741>

CLC number: TP393.1

On-line Access: 2016-10-08

Received: 2015-11-03

Revision Accepted: 2016-05-11

Crosschecked: 2016-09-08

Cited: 0

Clicked: 6473

Citations:  Bibtex RefMan EndNote GB/T7714

 ORCID:

Guang-jia Song

http://orcid.org/0000-0001-6429-2426

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2016 Vol.17 No.10 P.1044-1055

http://doi.org/10.1631/FITEE.1500382


Anonymous-address-resolution model


Author(s):  Guang-jia Song, Zhen-zhou Ji

Affiliation(s):  School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China

Corresponding email(s):   tysong@aliyun.com

Key Words:  Network security, Address resolution, Neighbor discovery, Anonymous


Guang-jia Song, Zhen-zhou Ji. Anonymous-address-resolution model[J]. Frontiers of Information Technology & Electronic Engineering, 2016, 17(10): 1044-1055.

@article{title="Anonymous-address-resolution model",
author="Guang-jia Song, Zhen-zhou Ji",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="17",
number="10",
pages="1044-1055",
year="2016",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.1500382"
}

%0 Journal Article
%T Anonymous-address-resolution model
%A Guang-jia Song
%A Zhen-zhou Ji
%J Frontiers of Information Technology & Electronic Engineering
%V 17
%N 10
%P 1044-1055
%@ 2095-9184
%D 2016
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1500382

TY - JOUR
T1 - Anonymous-address-resolution model
A1 - Guang-jia Song
A1 - Zhen-zhou Ji
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 17
IS - 10
SP - 1044
EP - 1055
%@ 2095-9184
Y1 - 2016
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1500382


Abstract: 
Address-resolution protocol (ARP) is an important protocol of data link layers that aims to obtain the corresponding relationship between Internet Protocol (IP) and Media Access Control (MAC) addresses. Traditional ARPs (address-resolution and neighbor-discovery protocols) do not consider the existence of malicious nodes, which reveals destination addresses in the resolution process. Thus, these traditional protocols allow malicious nodes to easily carry out attacks, such as man-in-the-middle attack and denial-of-service attack. To overcome these weaknesses, we propose an anonymous-address-resolution (AS-AR) protocol. AS-AR does not publicize the destination address in the address-resolution process and hides the IP and MAC addresses of the source node. The malicious node cannot obtain the addresses of the destination and the node which initiates the address resolution; thus, it cannot attack. Analyses and experiments show that AS-AR has a higher security level than existing security methods, such as secure-neighbor discovery.

匿名地址解析模型

目的:针对地址解析过程中由信息泄露导致的攻击问题,就如何实现解析过程中地址信息隐藏进行了研究。
创新点:本文提出了一种新的解析模型,新模型不公开地址解析的目的地址,而且对节点自身的IP地址与MAC地址都进行隐藏,实现了匿名地址解析。
方法:首先,根据匿名地址解析过程,源节点将地址解析的目的地址(IPX)视为自身与目标节点之间共同秘密,可利用IPX作为公钥对解析目的地址以及自身的地址信息进行加密,然后发送解析请求;其次,只有特定的节点才可以还原出解析请求并发送应答;再次,源节点收到解析应答并进行验证,验证通过后即完成地址解析过程;最后,将匿名地址解析与安全邻居发现及其他几种典型方案进行了对比。
结论:针对地址解析协议的面临的安全威胁,提出了匿名地址解析过程,实现了不公开解析目的地址、隐藏节点自身地址信息的目的。

关键词:网络安全;地址解析;邻居发现;匿名

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

[1]AlSa‚deh, A., Rafiee, H., Meinel, C., 2012. Stopping time condition for practical IPv6 cryptographically generated addresses. 26th IEEE Int. Conf. on Information Networking, p.257-162.[doi:10.1109/ICOIN.2012.6164388]

[2]Arkko, J., Kempf, J., Zill, B., et al., 2005. SEcure Neighbor Discovery (SEND). Internet Engineering Task Force.Available from http://tools.IETF.org/html/rfc3971.

[3]Ataullah, M., Chauhan, N., 2012. ES-ARP: an efficient and secure address resolution protocol. IEEE Students‚ Conf. on Electrical, Electronics & Computer Science, p.1-5.[doi:10.1109/SCEECS.2012.6184794]

[4]Barbhuiya, F.A., Biswas, S., Nandi, S., 2011. An active DES based IDS for ARP spoofing. IEEE Int. Conf. on Systems, Man & Cybernetics, p.2743-2748. ewline[doi:10.1109/ICSMC.2011.6084088]

[5]Bruschi, D., Ornaghi, A., Rosti, E., 2003. S-ARP: a secure address resolution protocol. IEEE 19th Annual Computer Security Applications Conf., p.66-74.[doi:10.1109/CSAC.2003.1254311]

[6]Fall, K.R., Stevens, W.R., 2011. TCP/IP Illustrated, Volume I: the Protocols. Addison-Wesley, London.

[7]Garcia-Martine, A., Bagnulo, M., 2012. An integrated approach to prevent address spoofing in IPv6 links. IEEE Commun. Lett., 16(11):1900-1902.

[8]Gouda, M.G., Huang, C.T., 2003. A secure address resolution protocol. Comput. Netw., 41(1):57-71.[doi:10.1016/S1389-1286(02)00326-2]

[9]Goyal, V., Tripathy, R., 2005. An efficient solution to the ARP cache poisoning problem. LNCS, 3574:40-51.[doi:10.1007/11506157_4]

[10]Hou, Y., Wang, Z., Wang, Y., et al., 2012. Routing attack in the ND and SEND mixed environment. 4th IEEE Int. Conf. on Multimedia Information Networking and Security, p.959-962.[doi:10.1109/MINES.2012.196]

[11]Issac, B., Mohammed, L.A., 2005. Secure unicast address resolution protocol (S-UARP) by extending DHCP. 13th IEEE Int. Conf. on Networks, p.1-6.[doi:10.1109/ICON.2005.1635503]

[12]Kumar, N., Bansal, G., Biswas, S., et al., 2013. Host based IDS for NDP related attacks: NS and NA spoofing. Annual IEEE India Conf., p.1-6.[doi:10.1109/INDCON.2013.6726054]

[13]Li, J., Wu, J., Xu, K., et al., 2012. A hierarchical inter-domain authenticated source address validation solution. Chin. J. Comput., 35(1):85-100 (in Chinese).[doi:10.3724/SP.J.1016.2012.00085]

[14]Nam, S.Y., Kim, D., Kim, J., 2010. Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun. Lett., 14(2):187-189.[doi:10.1109/LCOMM.2010.02.092108]

[15]Narten, T., Nordmark, E., Simpson, W., et al., 2007. Neighbor Discovery for IP Version 6 (IPv6). Internet Engineering Task Force.Available from http://tools.IETF.org/html/rfc4861.

[16]Oh, H., Chae, K., 2007. An efficient security management in IPv6 network via MCGA. 9th Int. Conf. on Advanced Communication Technology, p.1179-1181.

[17]Oh, M., Kim, Y.G., Hong, S., et al., 2012. ASA: agent-based secure ARP cache management. IET Commun., 6(7): 685-693.[doi:10.1049/iet-com.2011.0566]

[18]Plummer, D.C., 1982. An Ethernet Address Resolution Protocol—or—Converting Network Protocol Addresses to48.BitEthernet Address for Transmission on Ethernet Hardware. Internet Engineering Task Force.Available from http://tools.IETF.org/html/rfc826.

[19]Rafiee, H., AlSa‚deh, A., Meinel, C., 2011. WinsSEND: Windows SEcure Neighbor Discovery. 4th Int. Conf. on Security of Information and Networks, p.243-246.[doi:10.1145/2070425.2070469]

[20]Rehman, S.U., Manickam, S., 2015. Integrated framework to detect and mitigate denial of service (DoS)attacks on duplicate address detection process in IPv6 link local communication. Int. J. Secur. Appl., 9(11):77-86.

[21]Stinson, D.R., 2005. Cryptography: Theory and Practice. CRC Press.

[22]Su, G., Wang, W., Gong, X., et al., 2010. A quick CGA generation method. 2nd IEEE Int. Conf. on Future Computer and Communication, p.769-773.[doi:10.1109/ICFCC.2010.5497324]

[23]van Heuse, M., 2016. THC IPv6. Available from https://www.thc.org/thc-ipv6.

[24]Wang, X., Yu, H., 2005. How to break MD5 and other hash functions. Int. Conf. on Theory & Applications of Cryptographic Techniques, p.19-35.

[25]Wang, X., Lai, X., Feng, D., et al., 2005. Cryptanalysis of the hash functions MD4 and RIPEMD. LNCS, 3494:1-18.[doi:10.1007/11426639_1]

[26]Wu, J., Ren, G., Li, X., 2007. Source address validation: architecture and protocol design. IEEE Int. Conf. on Network Protocols, p.276-283.[doi:10.1109/ICNP.2007.4375858]

[27]Wu, J., Bi, J., Li, X., et al., 2008. A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience.Internet Engineering Task Force.Available fromhttps://datatracker.ietf.org/doc/rfc5210/?include_text=1

[28]Xiao, P., Bi, J., 2013. OpenFlow based intra-AS source address validation. J. Chin. Comput. Syst., 34(9):1999-2003 (in Chinese).[doi:10.3969/j.issn.1000-1220.2013.09.007]

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE